aicoolies logo

GhidraMCP

MCP server for AI-powered reverse engineering

Share
open-sourceOpen Source
Visit Website →

GhidraMCP is an MCP server that enables LLMs to autonomously perform reverse engineering tasks through NSA's Ghidra disassembly framework. It exposes binary analysis capabilities like decompilation, function listing, cross-references, and symbol analysis as MCP tools, letting AI assistants generate malware reports and analyze compiled binaries.

GhidraMCP bridges the gap between AI assistants and binary analysis by exposing Ghidra's powerful reverse engineering capabilities through the Model Context Protocol. Security researchers and developers can connect their AI assistant to GhidraMCP and ask natural language questions about compiled binaries — 'What does this function do?', 'Find all calls to this API', 'Generate a security report for this binary' — while the MCP server translates those requests into Ghidra operations and returns structured results.

The server exposes key Ghidra operations as MCP tools: listing functions with their addresses and signatures, decompiling functions to pseudo-C code, analyzing cross-references between functions, examining data sections, and navigating symbol tables. This enables AI assistants to perform multi-step reverse engineering workflows autonomously — starting from an entry point, following call chains, identifying suspicious patterns, and synthesizing findings into structured reports without manual intervention.

With 7,900+ GitHub stars, GhidraMCP has attracted significant attention from the security research community. It's particularly valuable for malware analysis, vulnerability research, and binary auditing tasks where AI's ability to rapidly process and summarize large amounts of disassembly output can dramatically accelerate human analysts' workflows. The MCP interface means it works with Claude Desktop, Cursor, and any other MCP-compatible client without custom integration work.

Pricing

Free and open-source (Ghidra is free from NSA)

Platforms

Ghidra plugin, MCP Server, Claude Desktop, Cursor

Categories

Tags

Use Cases

Alternatives

Snyk logo

Snyk

Developer-first security platform

Snyk is the leading developer security platform providing continuous scanning for vulnerabilities in code (SAST), open-source dependencies (SCA), container images, and infrastructure as code. Integrates directly into IDEs, Git repositories, CI/CD pipelines, and container registries. Features AI-powered fix suggestions, license compliance checking, and real-time vulnerability database. Free for individual developers with paid plans for teams. Supports 30+ programming languages.

freemium
Aikido Security logo

Aikido Security

Unified code-to-cloud security platform for developers

Aikido Security is an all-in-one AppSec platform unifying SAST, DAST, SCA, CSPM, secrets detection, container scanning, IaC analysis, and runtime protection in a single developer-friendly dashboard. Cuts false positive noise by 95% through reachability analysis that evaluates vulnerabilities in actual deployment context. Features AI AutoFix for one-click remediation, CI/CD gating, and AI-powered pentesting agents. Trusted by 50,000+ organizations. Supports 50+ programming languages.

freemium
Falco logo

Falco

Cloud native runtime security for Kubernetes

Falco is a CNCF graduated open-source runtime security tool that detects unexpected behavior and threats across containers, Kubernetes, and cloud workloads in real time. Originally created by Sysdig, Falco monitors Linux kernel syscalls using eBPF and applies customizable detection rules to alert on malicious activity like container escapes, cryptojacking, unauthorized file access, and anomalous network connections. It supports 50+ alert output channels including SIEM integration.

open-sourceOpen Source

Related Tools

Hermes Agent logo

Hermes Agent

Top Pick

Open-source AI agent framework with persistent memory, reusable skills, tools, and messaging gateways

Hermes Agent is an open-source AI agent framework with persistent memory, reusable skills, 40+ tools, cron jobs, and messaging gateways.

open-sourceOpen Source

Safari MCP Server

Apple's Safari-native MCP server for web debugging agents

Safari MCP Server is Apple's safaridriver-based MCP server in Safari Technology Preview, giving compatible coding agents local access to Safari page content, console logs, network requests, screenshots, JavaScript evaluation, interactions, viewport controls, and accessibility/performance checks.

freeTelemetry

Headroom

Context compression for LLM apps and coding agents

Headroom is an Apache-2.0 context compression layer for LLM apps and coding agents. It compresses tool output, logs, files, RAG chunks, and agent history through a local library, proxy, wrapper, or MCP server, with retrieval hooks for bringing originals back when needed. Treat its savings numbers as Headroom-reported benchmarks, not independent aicoolies measurements.

open-sourceOpen SourceTelemetry

Codebase Memory MCP

Codebase knowledge graph MCP server for AI coding agents

Codebase Memory MCP is an MIT-licensed MCP server that turns a repository into a persistent code knowledge graph for AI coding agents. It gives Claude Code, Cursor, Codex-style agents, and other MCP clients structural queries for functions, classes, call chains, routes, and architecture, helping them explore large projects without repeatedly rereading files or relying only on broad search.

open-sourceOpen SourceTelemetry
BeeAI Framework logo

BeeAI Framework

Python and TypeScript framework for production multi-agent systems

BeeAI Framework is an Apache-2.0 toolkit for building production-ready AI agents and multi-agent systems in Python and TypeScript. Its docs cover agents, tools, RAG, memory, workflows, backend providers, serving, and A2A/MCP integration surfaces, making it a vendor-neutral option for teams comparing LangGraph, CrewAI, Mastra, and related agent runtimes.

open-sourceOpen SourceTelemetry

Supabase MCP

MCP server for connecting AI assistants to Supabase projects

Supabase MCP is Supabase's Apache-2.0 server for connecting AI assistants to Supabase projects. It can expose database, configuration, and project-management workflows to MCP clients such as Cursor, Claude, and Windsurf, while the official docs emphasize permission and security review before production use, SQL changes, or high-privilege database access.

open-sourceOpen SourceTelemetry