GhidraMCP enables AI assistants to interact with Ghidra's binary analysis capabilities through a WebSocket server interface. The implementation provides tools for retrieving decompiled code, analyzing functions, exploring imports/exports, and performing security analysis of binaries, with a focus on natural language queries about program behavior. Built with Java and integrated directly into Ghidra's plugin architecture, it features automatic server startup, concurrent client handling, and contextual binary analysis - making it particularly valuable for reverse engineers who want to leverage AI assistance while working with complex binaries.
아직 리뷰가 없습니다. 첫 번째 리뷰를 작성해 보세요!
대화에 참여하려면 로그인하세요
Highlight AIList all functions with entry points, sizes, return types.
List all classes / namespaces.
List imported symbols and external dependencies.
List exported symbols.
List all namespaces.
List defined data (globals, constants, arrays, structs).
List strings with optional substring filter.
Search functions by name substring.
Detailed info for a function at an address.
Address currently selected in Ghidra.
Function at the current cursor position.
Decompile by name to C pseudocode.
Decompile by address to C pseudocode.
Raw disassembly listing for a function.
Cross-references TO an address.
Cross-references FROM an address.
All xrefs (callers + callees) for a function.
Program metadata (arch, compiler, format, etc.).
Memory layout with segment permissions.
Parameters and locals for a function.
Rename a function by name.
Rename a function by address.
Rename a data label.
Rename a local variable.
Set a decompiler-view comment.
Set a disassembly-view comment.
Set full function prototype.
Change a variable's data type.
Add a bookmark.
Remove a bookmark.
Set a named constant on a scalar operand.
Create a structure data type.
Create an enum data type.
Apply a data type at an address.
Set namespace or class for a function.
Set calling convention for a function.
Set the image base address.
Modify memory block permissions.
Patch raw bytes at an address.
Get basic blocks for a function.
Extract API call sequences for security analysis.
Find user-input entry points.
Hierarchical call graph.
Detect crypto implementations.
Locate obfuscated strings.
Search for byte patterns.
Emulate a function.
Extract indicators of compromise.
Detect dynamic API resolution.
Detect anti-analysis techniques.
Add an external function reference.
PE header details.
ELF header details.
Create a memory block.
Detect binary security mitigations.
Find format-string vulnerabilities.
Find ROP gadgets.
Detect control-flow flattening.
Mark code coverage regions.
List bookmarks (optionally by address).
List all equates.
Health-check the connection.
Scan ports 8765-8774 for running Ghidra instances.
Get full details of a structure (fields, offsets, types).
List all defined structures with pagination.
Add, insert, delete, replace, or clear fields in a structure.
Rename an existing structure.
Delete a structure data type.
Start async decompilation of a large function (returns task ID).
Poll for an async decompilation result by task ID.
