GhidraMCP enables AI assistants to interact with Ghidra's binary analysis capabilities through a WebSocket server interface. The implementation provides tools for retrieving decompiled code, analyzing functions, exploring imports/exports, and performing security analysis of binaries, with a focus on natural language queries about program behavior. Built with Java and integrated directly into Ghidra's plugin architecture, it features automatic server startup, concurrent client handling, and contextual binary analysis - making it particularly valuable for reverse engineers who want to leverage AI assistance while working with complex binaries.
Nessuna recensione ancora. Sii il primo a recensire!
Accedi per unirti alla conversazione
Highlight AIRetrieve detailed information about a function at a specific address. Parameters: address (string), decompile (optional boolean)
Ask natural language questions about the loaded binary. Parameters: question (string)
List all imported functions in the binary.
List all exported functions in the binary.
Get the memory layout of the binary.
Connect to a specific Ghidra instance. Parameters: host (string), port (integer)
Rename a function by its current name. Parameters: current_name (string), new_name (string)
Rename a data label at a specific address. Parameters: address (string), new_name (string)
Extract API calls from a function for security analysis. Parameters: address (string)
Find potential sources of user input in the binary.
Generate a hierarchical representation of function calls. Parameters: address (string), max_depth (optional integer)
Detect cryptographic implementations in the binary.
Locate potentially obfuscated strings.