Model Context Protocol moderate risk

Ghidramcp

ghidraMCP is a Model Context Protocol server that exposes Ghidra's reverse engineering tools to LLMs for autonomous binary analysis and modification.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwriteexec

Quickstart

Config

{
  "mcpServers": {
    "ghidra": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/bridge_mcp_ghidra.py",
        "--ghidra-server",
        "http://127.0.0.1:8080/"
      ]
    }
  }
}

Exposed MCP Tools (3)

safe

Decompile and analyze binaries in Ghidra

Decompiles and analyzes binary files using Ghidra's capabilities.

Primarily a read operation, though analysis can trigger further actions.

moderate

Automatically rename methods and data

Automatically renames methods and data within Ghidra's project based on LLM suggestions.

Modifies the Ghidra project, but changes are typically reversible.

safe

List methods, classes, imports, and exports

Lists methods, classes, imports, and exports from the analyzed binary.

Read-only operation that retrieves information about the binary.

Safety Assessment

ghidraMCP's safety depends heavily on the configuration of both Ghidra and the MCP client. It is relatively safe when used in a controlled environment with limited network access and well-defined permissions. Risks increase when exposed to untrusted networks or when the MCP client has broad permissions within Ghidra.

Requires explicit user configuration to enable the Ghidra plugin.
Ghidra's access controls can limit the scope of operations.
MCP provides a layer of abstraction, potentially limiting direct system access.
Optional configuration of the port in Ghidra allows for network access control.

Exposes Ghidra's functionality, including decompilation and code modification, to LLMs.
Improperly configured MCP clients could potentially execute unintended actions.
The server can perform write operations, including renaming methods and data.
Reliance on Ghidra's security posture, which may have vulnerabilities.
Potential for information leakage if sensitive data is exposed through the MCP interface.