MCP-Ghidra5

MCP-Ghidra5 is a Python-based MCP server that integrates Ghidra with a multi-model AI layer to perform advanced reverse engineering analyses. It exposes a set of MCP tools that leverage both Ghidra's analysis capabilities and AI providers to analyze binaries, decompile functions, detect malware, and even generate PoCs or exploits with AI assistance. The server is designed to manage AI provider selection, failover between providers, and cost-aware model choices, giving you an automated and configurable workflow for reverse engineering tasks. To use it, start the MCP server in your MCP client environment (see installation notes) and invoke the available MCP tools like ghidra_binary_analysis, ghidra_function_analysis, ghidra_exploit_development, and various AI model management commands. You can also run multi-model queries through call_mcp_tool with a preferred provider or use the Tier 1 binary tools for lightweight analyses such as strings extraction, file metadata, and objdump-based disassembly with AI-assisted interpretation. The server supports local LLMs via Ollama, remote providers like OpenAI GPT-5/ GPT-4o, Claude, Gemini, Grok, DeepSeek, and Perplexity, and it can auto-switch providers to maximize uptime and minimize cost while preserving analysis context.

Prerequisites:

• Python 3.8+ with pip/pipx
• Linux environment (e.g., Ubuntu, Kali, RHEL)
• Ghidra installed and accessible
• OpenAI API key or credentials for other providers

Step-by-step installation:

1. Install Ghidra (mandatory):

   • Download from https://github.com/NationalSecurityAgency/ghidra/releases
   • Extract to a directory, e.g. /opt/ghidra/

2. Install MCP-Ghidra5 and dependencies:

   • Ensure you have Python 3.8+ and pip installed
   • Install required Python packages (if not bundled): pip3 install --user mcp aiohttp

3. Obtain and configure the MCP-Ghidra5 server:

   • Clone or download MCP-Ghidra5 from the repository
   • Navigate to the MCP-Ghidra5 directory
   • Create/update environment variables: export OPENAI_API_KEY="your-api-key-here" export GHIDRA_HEADLESS_PATH="/opt/ghidra/support/analyzeHeadless"

4. Run the server:

   • From the MCP-Ghidra5 directory: python3 ghidra_gpt5_mcp.py

5. Test installation:

   • Use the provided test or try a basic analysis call via your MCP client to verify responsiveness.

6. Optional: add to MCP client configuration using the generated connection settings from the server.

Environment and configuration tips:

• Ensure GHIDRA_HEADLESS_PATH points to the correct analyzeHeadless script provided by your Ghidra installation.
• Keep OPENAI_API_KEY and any other provider credentials secure; avoid hardcoding in shared scripts.
• The server supports automatic provider fallback. If a provider becomes unavailable or reaches a cost threshold, it will switch to another configured provider automatically.
• For offline analysis, enable Ollama-based local LLMs and verify the local LLM daemon is running before starting the MCP server.
• If you encounter issues with dependencies, consider isolating the environment with a virtual environment or using pipx for reproducible installs.
• Regularly update Ghidra and AI provider configurations to keep compatibility with file formats and decompilation features.