mcghidra/docker/entrypoint.sh

#!/bin/bash
# GhydraMCP Docker Entrypoint
# Starts Ghidra in headless mode with HTTP API server

set -e

GHYDRA_MODE=${GHYDRA_MODE:-headless}
GHYDRA_PORT=${GHYDRA_PORT:-8192}
GHYDRA_MAXMEM=${GHYDRA_MAXMEM:-2G}
GHIDRA_HOME=${GHIDRA_HOME:-/opt/ghidra}
# User scripts directory - Python scripts don't need OSGi bundle registration
SCRIPT_DIR=${SCRIPT_DIR:-/home/ghidra/ghidra_scripts}

# Project settings
PROJECT_DIR=${PROJECT_DIR:-/projects}
PROJECT_NAME=${PROJECT_NAME:-GhydraMCP}

echo "=============================================="
echo "  GhydraMCP Docker Container"
echo "=============================================="
echo "  Mode:    ${GHYDRA_MODE}"
echo "  Port:    ${GHYDRA_PORT}"
echo "  Memory:  ${GHYDRA_MAXMEM}"
echo "  Project: ${PROJECT_DIR}/${PROJECT_NAME}"
echo "=============================================="

# Ensure directories exist
mkdir -p "${PROJECT_DIR}"

# Handle different modes
case "${GHYDRA_MODE}" in
    headless)
        # Headless mode: Import a binary and start HTTP server

        if [ $# -eq 0 ]; then
            echo ""
            echo "Usage: docker run ghydramcp:latest [binary_path] [options]"
            echo ""
            echo "Examples:"
            echo "  # Analyze a binary mounted at /binaries/sample.exe"
            echo "  docker run -p 8192:8192 -v ./samples:/binaries ghydramcp /binaries/sample.exe"
            echo ""
            echo "  # With custom project name"
            echo "  docker run -p 8192:8192 -v ./samples:/binaries -e PROJECT_NAME=malware ghydramcp /binaries/sample.exe"
            echo ""
            echo "Environment variables:"
            echo "  GHYDRA_PORT    - HTTP API port (default: 8192)"
            echo "  GHYDRA_MAXMEM  - Max JVM heap (default: 2G)"
            echo "  PROJECT_NAME   - Ghidra project name (default: GhydraMCP)"
            echo "  PROJECT_DIR    - Project directory (default: /projects)"
            echo ""
            echo "Starting in wait mode..."
            echo "Container will stay running for debugging or manual operation."
            echo "You can exec into this container to run analyzeHeadless manually."
            echo ""

            # Keep container alive for debugging/manual operation
            tail -f /dev/null
        else
            BINARY_PATH="$1"
            shift

            if [ ! -f "${BINARY_PATH}" ]; then
                echo "ERROR: Binary not found: ${BINARY_PATH}"
                echo "Make sure to mount the binary directory with -v /host/path:/binaries"
                exit 1
            fi

            BINARY_NAME=$(basename "${BINARY_PATH}")
            echo "Importing and analyzing: ${BINARY_NAME}"
            echo ""

            # Build the analyzeHeadless command
            ANALYZE_CMD="${GHIDRA_HOME}/support/analyzeHeadless"
            ANALYZE_ARGS=(
                "${PROJECT_DIR}"
                "${PROJECT_NAME}"
                -import "${BINARY_PATH}"
                -max-cpu 2
                -scriptPath "${SCRIPT_DIR}"
                -postScript "GhydraMCPServer.py" "${GHYDRA_PORT}"
            )

            # Add any extra arguments passed
            ANALYZE_ARGS+=("$@")

            echo "Running: ${ANALYZE_CMD} ${ANALYZE_ARGS[*]}"
            echo ""

            exec "${ANALYZE_CMD}" "${ANALYZE_ARGS[@]}"
        fi
        ;;

    server)
        # Server mode: Open existing project with HTTP server
        echo "Starting GhydraMCP server on existing project..."

        if [ $# -eq 0 ]; then
            echo "Usage: docker run -e GHYDRA_MODE=server ghydramcp [program_name]"
            echo ""
            echo "  program_name: Name of program in the project to open"
            exit 1
        fi

        PROGRAM_NAME="$1"
        shift

        exec "${GHIDRA_HOME}/support/analyzeHeadless" \
            "${PROJECT_DIR}" "${PROJECT_NAME}" \
            -process "${PROGRAM_NAME}" \
            -noanalysis \
            -scriptPath "${SCRIPT_DIR}" \
            -postScript "GhydraMCPServer.py" "${GHYDRA_PORT}" \
            "$@"
        ;;

    analyze)
        # Analyze mode: Import and analyze, then exit (no HTTP server)
        if [ $# -eq 0 ]; then
            echo "Usage: docker run -e GHYDRA_MODE=analyze ghydramcp [binary_path]"
            exit 1
        fi

        BINARY_PATH="$1"
        shift

        echo "Analyzing binary: ${BINARY_PATH}"
        exec "${GHIDRA_HOME}/support/analyzeHeadless" \
            "${PROJECT_DIR}" "${PROJECT_NAME}" \
            -import "${BINARY_PATH}" \
            -max-cpu 2 \
            "$@"
        ;;

    shell)
        # Interactive shell
        exec /bin/bash
        ;;

    *)
        echo "Unknown mode: ${GHYDRA_MODE}"
        echo "Valid modes: headless, server, analyze, shell"
        exit 1
        ;;
esac