GhidraMCP enables AI assistants to interact with Ghidra's binary analysis capabilities through a WebSocket server interface. The implementation provides tools for retrieving decompiled code, analyzing functions, exploring imports/exports, and performing security analysis of binaries, with a focus on natural language queries about program behavior. Built with Java and integrated directly into Ghidra's plugin architecture, it features automatic server startup, concurrent client handling, and contextual binary analysis - making it particularly valuable for reverse engineers who want to leverage AI assistance while working with complex binaries.
Aún no hay reseñas. ¡Sé el primero en reseñar!
Inicia sesión para unirte a la conversación
Highlight AIRetrieve detailed information about a function at a specific address. Parameters: address (string), decompile (optional boolean)
Ask natural language questions about the loaded binary. Parameters: question (string)
List all imported functions in the binary.
List all exported functions in the binary.
Get the memory layout of the binary.
Connect to a specific Ghidra instance. Parameters: host (string), port (integer)
Rename a function by its current name. Parameters: current_name (string), new_name (string)
Rename a data label at a specific address. Parameters: address (string), new_name (string)
Extract API calls from a function for security analysis. Parameters: address (string)
Find potential sources of user input in the binary.
Generate a hierarchical representation of function calls. Parameters: address (string), max_depth (optional integer)
Detect cryptographic implementations in the binary.
Locate potentially obfuscated strings.