MCP4Ghidra

MCP4Ghidra is built/forked from @bethington's GhidraMCP (forked form LaurieWired) and also exposes Ghidra analysis and editing capabilities through MCP. This version actually supports the interactive GUI and just like @bethington's also adds automation workflows.

A production MCP server/extension pair for Ghidra with 179 MCP tools.

Scope

• 179 MCP tools covering analysis and write operations.
• Batch/atomic operations to reduce call overhead and partial writes.
• Cross-binary matching and documentation propagation.
• Ghidra Server + headless workflow support.
• GUI and non-GUI execution paths.

Features

Core MCP Integration

• Full MCP Compatibility — Complete implementation of Model Context Protocol
• 179 MCP Tools — Comprehensive API surface covering every aspect of binary analysis
• Production-Ready Reliability — Atomic transactions, batch operations, configurable timeouts
• Real-time Analysis — Live integration with Ghidra's analysis engine

Binary Analysis Capabilities

• Function Analysis — Decompilation, call graphs, cross-references, completeness scoring
• Data Structure Discovery — Struct/union/enum creation with field analysis and naming suggestions
• String Extraction — Regex search, quality filtering, and string-anchored function discovery
• Import/Export Analysis — Symbol tables, external locations, ordinal import resolution
• Memory & Data Inspection — Raw memory reads, byte pattern search, array boundary detection
• Cross-Binary Documentation — Function hash matching and documentation propagation across versions

AI-Powered Reverse Engineering Workflows

• Function Documentation Workflow V5 — 7-step process for complete function documentation with Hungarian notation, type auditing, and automated verification scoring
• Batch Documentation — Parallel subagent dispatch for documenting multiple functions simultaneously
• Orphaned Code Discovery — Automated scanner finds undiscovered functions in gaps between known code
• Data Type Investigation — Systematic workflows for structure discovery and field analysis
• Cross-Version Matching — Hash-based function matching across different binary versions

Development & Automation

• Ghidra Script Management — Create, run, update, and delete Ghidra scripts entirely via MCP
• Multi-Program Support — Switch between and compare multiple open programs
• Batch Operations — Bulk renaming, commenting, typing, and label management (93% fewer API calls)
• Headless Server — Full analysis without Ghidra GUI — Docker and CI/CD ready
• Project & Version Control — Create projects, manage files, Ghidra Server integration
• Analysis Control — List, configure, and trigger Ghidra analyzers programmatically

Quick Start

Prerequisites

• Java 21 LTS (OpenJDK recommended)
• Apache Maven 3.9+
• Ghidra 12.0.3 (or compatible version)
• Python 3.8+ with pip

Installation

Recommended for Windows: use mcp4ghidra-setup.ps1 as the primary entry point. It handles prerequisite setup + build + deployment in one command.

Important: -SetupDeps installs Maven/Ghidra JAR dependencies only. -Deploy is the end-user command and (by default) also ensures Python requirements before build/deploy.

1. Clone the repository:

   git clone https://github.com/bethington/ghidra-mcp.git
   cd ghidra-mcp
   

2. Recommended: run environment preflight first:

   .\mcp4ghidra-setup.ps1 -Preflight -GhidraPath "C:\ghidra_12.0.3_PUBLIC"
   

3. Build and deploy to Ghidra (single command):

   .\mcp4ghidra-setup.ps1 -Deploy -GhidraPath "C:\ghidra_12.0.3_PUBLIC"
   

4. Optional strict/manual mode (advanced):

   # Skip automatic prerequisite setup
   .\mcp4ghidra-setup.ps1 -Deploy -NoAutoPrereqs -GhidraPath "C:\ghidra_12.0.3_PUBLIC"
   

5. Show script help:

   .\mcp4ghidra-setup.ps1 -Help
   # or
   Get-Help .\mcp4ghidra-setup.ps1 -Detailed
   

6. Optional build-only mode (advanced/troubleshooting):

   # Preferred: script-managed build-only
   .\mcp4ghidra-setup.ps1 -BuildOnly
   

   # Manual Maven build (requires Ghidra deps already installed in local .m2)
   mvn clean package assembly:single -DskipTests
   

Installation (macOS/Linux)

Use mcp4ghidra-setup.sh as the primary entry point on macOS/Linux. It handles prerequisite setup, Maven dependency installation, building, and deployment.

1. Clone the repository:

   git clone https://github.com/eKsiSLe/MCP4Ghidra.git
   cd MCP4Ghidra
   

2. Install system prerequisites (if not already installed):

   # macOS (Homebrew)
   brew install openjdk@21 maven python curl jq unzip
   

   # Linux (Ubuntu/Debian)
   sudo apt update && sudo apt install -y openjdk-21-jdk maven python3 python3-pip curl jq unzip
   

3. Run environment preflight:

   ./mcp4ghidra-setup.sh --preflight --ghidra-path ~/ghidra_12.0.3_PUBLIC
   

4. Build and deploy to Ghidra (single command):

   ./mcp4ghidra-setup.sh --deploy --ghidra-path ~/ghidra_12.0.3_PUBLIC
   

   This will:

   • Install Ghidra JAR dependencies into your local ~/.m2/repository
   • Build the extension ZIP with Maven
   • Extract the extension to ~/.config/ghidra/ghidra_<version>_PUBLIC/Extensions/
   • Update preferences with LastExtensionImportDirectory
   • Install Python requirements

5. Optional: setup only Maven dependencies:

   ./mcp4ghidra-setup.sh --setup-deps --ghidra-path ~/ghidra_12.0.3_PUBLIC
   

   Compatibility note: --prerequisites is accepted as an alias and maps to --setup-deps.

6. Show script help:

   ./mcp4ghidra-setup.sh --help
   

macOS/Linux paths: The extension is installed to $HOME/.config/ghidra/ghidra_<version>_PUBLIC/Extensions/. Ghidra config files are in $HOME/.config/ghidra/ghidra_<version>_PUBLIC/.

Additional helper scripts (Linux equivalents of the PowerShell utilities):

• functions-extract.sh — Extract functions via Ghidra REST API (uses curl/jq)
• functions-process.sh — Parallel function processing with AI CLI

Basic Usage

Option 1: Stdio Transport (Recommended for AI tools)

python3 bridge_mcp_ghidra.py

Option 2: SSE Transport (Web/HTTP clients)

python3 bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081

Windows PowerShell equivalents:

py -3 bridge_mcp_ghidra.py
py -3 bridge_mcp_ghidra.py --transport sse --mcp-host 127.0.0.1 --mcp-port 8081

MCP client config templates:

• mcp-config.json for macOS/Linux (python3)
• mcp-config.windows.json for Windows (py -3)

In Ghidra

1. Start Ghidra and open a CodeBrowser window
2. In CodeBrowser, enable the plugin via File > Configure > Configure All Plugins > MCP4Ghidra
3. Optional: configure custom port via CodeBrowser > Edit > Tool Options > MCP4Ghidra HTTP Server
4. Start the server via Tools > MCP4Ghidra > Start MCP Server
5. The server runs on http://127.0.0.1:8089/ by default

Important deployment note:

• The setup script deploys only the extension ZIP and cleans stale GhidraMCP folders/ZIPs in both install-level and %APPDATA%\ghidra\...\Extensions\Ghidra paths.
• This avoids mixed ZIP/JAR states that cause missing menus or "cannot overwrite" errors in Ghidra.
• The deploy flow now validates ZIP contents before install (GhidraMCP/extension.properties, GhidraMCP/Module.manifest, GhidraMCP/lib/*.jar).

Verify It's Working

# Quick health check
curl http://127.0.0.1:8089/health
# Expected: {"status":"ok","endpoints":147}

# Get version info
curl http://127.0.0.1:8089/get_version

❓ Troubleshooting

"MCP4Ghidra" menu not appearing in Tools

Cause: Plugin not enabled or installed incorrectly.

Solution:

1. Verify extension is installed: File > Install Extensions — MCP4Ghidra should be listed
2. Enable the plugin: File > Configure > Configure All Plugins > MCP4Ghidra (check the box)
3. Restart Ghidra after installation/enabling

Server not responding / Connection refused

Cause: Server not started or wrong port.

Solution:

1. Ensure you started the server: Tools > MCP4Ghidra > Start MCP Server
2. Check configured port: Edit > Tool Options > MCP4Ghidra HTTP Server
3. Check if port is in use:

   # Linux/macOS
   lsof -i :8089
   # Windows
   netstat -ano | findstr :8089
   

4. Look for errors in Ghidra console: Window > Console

500 Internal Server Errors

Cause: Server-side exception, often due to missing program data.

Solution:

1. Ensure a binary is loaded in CodeBrowser
2. Run auto-analysis first: Analysis > Auto Analyze
3. Check Ghidra console (Window > Console) for Java exceptions
4. Some operations require fully analyzed binaries

404 Not Found Errors

Cause: Endpoint doesn't exist or wrong URL.

Solution:

1. Verify endpoint exists: curl http://127.0.0.1:8089/get_version
2. Check for typos in endpoint name
3. Ensure you're using correct HTTP method (GET vs POST)

Extension not appearing in Install Extensions

Cause: JAR file in wrong location.

Solution:

1. Manual install location: ~/.ghidra/ghidra_12.0.3_PUBLIC/Extensions/<extension-folder>/lib/
2. Or use: File > Install Extensions > Add and select the ZIP file
3. Ensure JAR/ZIP was built for your Ghidra version

Build fails with "Ghidra dependencies not found"

Cause: Ghidra JARs not installed in local Maven repository.

Solution:

# Windows (recommended)
.\mcp4ghidra-setup.ps1 -SetupDeps -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# Or manual install (see install-ghidra-deps.sh)

📊 Production Performance

• MCP Tools: 179 tools fully implemented
• Speed: Sub-second response for most operations
• Efficiency: 93% reduction in API calls via batch operations
• Reliability: Atomic transactions with all-or-nothing semantics
• AI Workflows: Proven documentation prompts refined across hundreds of real functions
• Deployment: Automated version-aware deployment script

🛠️ API Reference

Core Operations

• check_connection - Verify MCP connectivity
• get_metadata - Program metadata and info
• get_version - Server version information
• get_function_count - Return total function count for a program
• get_entry_points - Binary entry points discovery
• get_current_address - Get cursor address (GUI only)
• get_current_function - Get function at cursor (GUI only)
• get_current_selection - Get current selection context (address + function)
• read_memory - Read raw bytes from memory
• save_program - Save the current program
• exit_ghidra - Save and exit Ghidra gracefully

Function Analysis

• list_functions - List all functions (paginated)
• list_functions_enhanced - List with isThunk/isExternal flags
• list_classes - List namespace/class names (paginated)
• search_functions_enhanced - Advanced function search with filters
• decompile_function - Decompile function to C pseudocode
• force_decompile - Force fresh decompilation (bypass cache)
• batch_decompile - Batch decompile multiple functions
• get_function_callers - Get function callers
• get_function_callees - Get function callees
• get_function_call_graph - Function relationship graph
• get_full_call_graph - Complete call graph for program
• get_function_signature - Get function prototype string
• get_function_hash - SHA-256 hash of normalized function opcodes
• get_bulk_function_hashes - Paginated bulk hashing with filter
• get_function_jump_targets - Get jump target addresses from disassembly
• get_function_metrics - Get complexity metrics for a function
• get_function_xrefs - Get function cross-references
• analyze_function_complete - Comprehensive function analysis
• analyze_function_completeness - Documentation completeness score
• find_similar_functions_fuzzy - Fuzzy similarity matching
• bulk_fuzzy_match - Bulk fuzzy match across all functions
• diff_functions - Diff two functions side by side
• validate_function_prototype - Validate a function prototype string
• can_rename_at_address - Check if address can be renamed
• delete_function - Delete function at address

Memory & Data

• list_segments - Memory segments and layout
• list_data_items - List defined data labels and values (paginated)
• list_data_items_by_xrefs - Data items sorted by xref count
• get_function_by_address - Function at address
• disassemble_function - Disassembly listing
• disassemble_bytes - Raw byte disassembly
• get_xrefs_to - Cross-references to address
• get_xrefs_from - Cross-references from address
• get_bulk_xrefs - Bulk cross-reference lookup
• analyze_data_region - Analyze memory region structure
• inspect_memory_content - View raw memory content
• detect_array_bounds - Detect array boundaries
• search_byte_patterns - Search for byte patterns
• create_memory_block - Create a new memory block

Cross-Binary Documentation

• get_function_documentation - Export complete function documentation
• apply_function_documentation - Import documentation to target function
• compare_programs_documentation - Compare documentation between programs
• build_function_hash_index - Build persistent JSON index
• lookup_function_by_hash - Find matching functions in index
• propagate_documentation - Apply docs to all matching instances

Data Types & Structures

• list_data_types - Available data types
• search_data_types - Search for data types
• get_data_type_size - Get byte size of a data type
• get_valid_data_types - Get list of valid Ghidra builtin types
• get_struct_layout - Get detailed field layout of a structure
• validate_data_type - Validate data type syntax
• validate_data_type_exists - Check if a data type exists
• create_struct - Create custom structure
• add_struct_field - Add field to structure
• modify_struct_field - Modify existing field
• remove_struct_field - Remove field from structure
• create_enum - Create enumeration
• get_enum_values - Get enumeration values
• create_array_type - Create array data type
• create_typedef - Create typedef alias
• create_union - Create union data type
• create_pointer_type - Create pointer data type
• clone_data_type - Clone a data type with a new name
• apply_data_type - Apply type to address
• delete_data_type - Delete a data type
• consolidate_duplicate_types - Merge duplicate types
• suggest_field_names - AI-assisted field name suggestions for a structure
• create_data_type_category - Create a category folder in the type manager
• move_data_type_to_category - Move a type to a different category
• list_data_type_categories - List all data type categories
• import_data_types - Import types from a GDT/header file

Symbols & Labels

• list_imports - Imported symbols and libraries
• list_exports - Exported symbols and functions
• list_external_locations - External location references
• get_external_location - Specific external location detail
• list_strings - Extracted strings with analysis
• search_memory_strings - Search strings by regex/substring pattern
• list_namespaces - Available namespaces
• list_globals - Global variables
• create_label - Create label at address
• batch_create_labels - Bulk label creation
• delete_label - Delete label at address
• batch_delete_labels - Bulk label deletion
• rename_label - Rename existing label
• rename_or_label - Rename or create label

Renaming & Documentation

• rename_function - Rename function by name
• rename_function_by_address - Rename function by address
• rename_data - Rename data item
• rename_variables - Rename function variables
• rename_global_variable - Rename global variable
• rename_external_location - Rename external reference
• batch_rename_function_components - Bulk renaming
• set_decompiler_comment - Set decompiler comment
• set_disassembly_comment - Set disassembly comment
• set_plate_comment - Set function plate comment
• get_plate_comment - Get function plate comment
• batch_set_comments - Bulk comment setting
• clear_function_comments - Clear all comments for a function
• list_bookmarks - List all bookmarks
• set_bookmark - Create or update a bookmark
• delete_bookmark - Delete a bookmark

Type System

• set_function_prototype - Set function signature
• set_local_variable_type - Set variable type
• set_parameter_type - Set parameter type
• batch_set_variable_types - Bulk type setting
• set_variable_storage - Control variable storage location
• set_function_no_return - Mark function as non-returning
• clear_instruction_flow_override - Clear flow override on instruction
• list_calling_conventions - Available calling conventions
• get_function_variables - Get all function variables
• get_function_labels - Get labels in function

Ghidra Script Management

• list_scripts - List available scripts
• run_script - Run a script
• list_ghidra_scripts - List custom Ghidra scripts
• save_ghidra_script - Save new script
• get_ghidra_script - Get script contents
• run_ghidra_script - Execute Ghidra script by name
• run_script_inline - Execute inline script code
• update_ghidra_script - Update existing script
• delete_ghidra_script - Delete script

Multi-Program Support

• list_open_programs - List all open programs
• get_current_program_info - Current program details
• switch_program - Switch active program
• list_project_files - List project files
• open_program - Open program from project

Project Lifecycle

• create_project - Create a new Ghidra project
• open_project - Open an existing project
• close_project - Close the current project
• delete_project - Delete a project
• list_projects - List Ghidra projects in a directory

Project Organization

• create_folder - Create a folder in the project tree
• move_file - Move a domain file to another folder
• move_folder - Move a folder to another location
• delete_file - Delete a domain file from the project

Analysis Tools

• find_next_undefined_function - Find undefined functions
• find_undocumented_by_string - Find functions by string reference
• batch_string_anchor_report - String anchor analysis
• get_assembly_context - Get assembly context
• analyze_struct_field_usage - Analyze structure field access
• get_field_access_context - Get field access patterns
• create_function - Create function at address
• analyze_control_flow - Cyclomatic complexity and loop detection
• analyze_call_graph - Build function call graph
• analyze_api_call_chains - Detect API call threat patterns
• detect_malware_behaviors - Detect malware behavior categories
• find_anti_analysis_techniques - Find anti-analysis techniques
• find_dead_code - Detect unreachable code
• extract_iocs_with_context - Extract IOCs from strings
• apply_data_classification - Apply data classification to addresses

Analysis Control

• list_analyzers - List all available Ghidra analyzers
• configure_analyzer - Enable/disable or configure an analyzer
• run_analysis - Trigger Ghidra auto-analysis programmatically

Server Connection (Ghidra Server)

• connect_server - Connect to a Ghidra Server
• disconnect_server - Disconnect from Ghidra Server
• server_status - Check server connection status
• list_repositories - List repositories on the server
• create_repository - Create a new repository
• list_repository_files - List files in a server repository folder
• get_repository_file - Get metadata for a file in a server repository

Version Control

• checkout_file - Check out a file from version control
• checkin_file - Check in a file with a comment
• undo_checkout - Undo a checkout without committing
• add_to_version_control - Add a file to version control

Version History

• get_version_history - Get full version history for a file
• get_checkouts - Get active checkout status

Admin

• terminate_checkout - Forcibly terminate a user's checkout
• list_server_users - List all users on the Ghidra Server
• set_user_permissions - Set a user's repository access level

See CHANGELOG.md for version history.

🏗️ Architecture

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   AI/Automation │◄──►│   MCP Bridge    │◄──►│  Ghidra Plugin  │
│     Tools       │    │ (bridge_mcp_    │    │ (GhidraMCP.jar) │
│  (AI, etc.) │    │  ghidra.py)     │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘
        │                       │                       │
   MCP Protocol            HTTP REST              Ghidra API
   (stdio/SSE)          (localhost:8089)      (Program, Listing)

Components

• bridge_mcp_ghidra.py — Python MCP server that translates MCP protocol to HTTP calls (179 tools)
• GhidraMCP.jar — Ghidra plugin that exposes analysis capabilities via HTTP (147 GUI endpoints)
• MCP4GhidraHeadlessServer — Standalone headless server — 172 endpoints, no GUI required
• ghidra_scripts/ — Collection of automation scripts for common tasks

🔧 Development

Building from Source

# Recommended: one command does setup + build + deploy
.\mcp4ghidra-setup.ps1 -Deploy -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# Optional: build only (no deploy)
.\mcp4ghidra-setup.ps1 -BuildOnly

# Version bump (updates all 7 project files atomically)
.\bump-version.ps1 -New X.Y.Z

Script Command Reference

Primary actions (choose one):

• -Deploy (default): auto-setup prereqs, build, deploy
• -SetupDeps: install Ghidra JARs into local .m2 (Maven deps only; no Python package install)
• -BuildOnly: build artifacts only
• -Clean: remove build/cache artifacts and local Ghidra dependency folders in .m2 for the active Ghidra version
• -Preflight: validate tools, paths, required Ghidra jars, and write access without making changes

Useful options:

• -GhidraPath "C:\ghidra_12.0.3_PUBLIC"
• -GhidraVersion "12.0.3"
• -StrictPreflight
• -NoAutoPrereqs
• -SkipBuild
• -SkipRestart
• -DryRun
• -Force
• -Verbose
• -Help

Quick examples:

# Standard deploy (recommended)
.\mcp4ghidra-setup.ps1 -Deploy -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# First-time dependency setup only
.\mcp4ghidra-setup.ps1 -SetupDeps -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# Build only
.\mcp4ghidra-setup.ps1 -BuildOnly

# Preflight checks only
.\mcp4ghidra-setup.ps1 -Preflight -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# Strict preflight (fails on warnings)
.\mcp4ghidra-setup.ps1 -Preflight -StrictPreflight -GhidraPath "C:\ghidra_12.0.3_PUBLIC"

# Show command help
.\mcp4ghidra-setup.ps1 -Help

Project Structure

ghidra-mcp/
├── bridge_mcp_ghidra.py     # MCP server (Python, 179 tools)
├── src/main/java/           # Ghidra plugin + headless server (Java)
│   └── com/xebyte/
│       ├── MCP4GhidraPlugin.java         # GUI plugin (147 endpoints)
│       ├── headless/                    # Headless server (172 endpoints)
│       └── core/                        # Shared abstractions
├── ghidra_scripts/          # Automation scripts
├── tests/                   # Python unit tests + endpoint catalog
│   ├── unit/               # Catalog consistency, schema, tool function tests
│   └── endpoints.json      # Endpoint specification (179 entries)
├── docs/                    # Documentation
│   ├── prompts/            # AI workflow prompts
│   ├── releases/           # Version release notes
│   └── project-management/ # Project docs
└── .github/workflows/      # CI/CD pipelines

Library Dependencies

Ghidra JARs must be installed into your local Maven repository (~/.m2/repository) before compilation. This is a one-time setup per machine, and again when your Ghidra version changes. -Deploy now installs these automatically by default.

The tool enforces version consistency between:

• pom.xml (ghidra.version)
• -GhidraVersion (if provided)
• -GhidraPath version segment (e.g., ghidra_12.0.3_PUBLIC)

If these do not match, deployment fails fast with a clear error.

Troubleshooting: Version Mismatch

If you see a version mismatch error, align all three values:

1. pom.xml → ghidra.version
2. -GhidraVersion (if used)
3. -GhidraPath version segment (ghidra_X.Y.Z_PUBLIC)

Then rerun:

.\mcp4ghidra-setup.ps1 -Deploy -GhidraPath "C:\ghidra_12.0.3_PUBLIC" -GhidraVersion "12.0.3"

# Windows
.\mcp4ghidra-setup.ps1 -SetupDeps -GhidraPath "C:\path\to\ghidra_12.0.3_PUBLIC"

# Optional version override
.\mcp4ghidra-setup.ps1 -SetupDeps -GhidraPath "C:\path\to\ghidra_12.0.3_PUBLIC" -GhidraVersion "12.0.3"

Required Libraries (15 JARs, ~38MB):

Note: Libraries are NOT included in the repository (see .gitignore). You must install them from your Ghidra installation before building.

Script roles:

• mcp4ghidra-setup.ps1: unified automation script (-SetupDeps, -BuildOnly, -Deploy, -Clean)
• default -Deploy behavior: auto-setup prerequisites, then build and deploy
• use -NoAutoPrereqs for strict/manual prerequisite management

Development Features

• Automated Deployment: Version-aware deployment script
• Batch Operations: Reduces API calls by 93%
• Atomic Transactions: All-or-nothing semantics
• Comprehensive Logging: Debug and trace capabilities

📚 Documentation

Core Documentation

• Documentation Index - Complete documentation navigation
• Project Structure - Project organization guide
• Naming Conventions - Code naming standards
• Hungarian Notation - Variable naming guide

AI Workflow Prompts

• Function Documentation V5 — Primary workflow: 7-step process with Hungarian notation, type auditing, and verification scoring
• Batch Documentation V5 — Parallel subagent dispatch for multi-function processing
• Orphaned Code Discovery — Automated scanner for undiscovered functions
• Data Type Investigation — Systematic structure discovery
• Cross-Version Matching — Hash-based function matching
• Quick Start Prompt — Simplified beginner workflow
• All Prompts — Complete prompt index

Release History

• Complete Changelog - All version release notes
• Release Notes - Detailed release documentation

🐳 Headless Server (Docker)

GhidraMCP includes a headless server mode for automated analysis without the Ghidra GUI.

Quick Start with Docker

# Build and run
docker-compose up -d ghidra-mcp

# Test connection
curl http://localhost:8089/check_connection
# Connection OK - GhidraMCP Headless Server v3.0.1

Headless API Workflow

# 1. Load a binary
curl -X POST -d "file=/data/program.exe" http://localhost:8089/load_program

# 2. Run auto-analysis (identifies functions, strings, data types)
curl -X POST http://localhost:8089/run_analysis

# 3. List discovered functions
curl "http://localhost:8089/list_functions?limit=20"

# 4. Decompile a function
curl "http://localhost:8089/decompile_function?address=0x401000"

# 5. Get metadata
curl http://localhost:8089/get_metadata

Key Headless Endpoints

Configuration

Environment variables for Docker:

• GHIDRA_MCP_PORT - Server port (default: 8089)
• GHIDRA_MCP_BIND_ADDRESS - Bind address (default: 0.0.0.0 in Docker)
• JAVA_OPTS - JVM options (default: -Xmx4g -XX:+UseG1GC)

🤝 Contributing

See CONTRIBUTING.md for detailed contribution guidelines.

Quick Start

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Build and test your changes (mvn clean package assembly:single -DskipTests)
4. Update documentation as needed
5. Commit your changes (git commit -m 'Add amazing feature')
6. Push to the branch (git push origin feature/amazing-feature)
7. Open a Pull Request

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

🏆 Production Status

See CHANGELOG.md for version history and release notes.

🙏 Acknowledgments

• @bethington for making a great plugin that works with tons of patience, but whose installation (and guide) are surprisingly broken.
• Ghidra Team - For the incredible reverse engineering platform
• Model Context Protocol - For the standardized AI integration framework
• Contributors - For testing, feedback, and improvements