GhidraMCP (Reverse Engineering)

Name: GhidraMCP (Reverse Engineering) Review
Item: GhidraMCP (Reverse Engineering)
Rating: 2.8
Author: Aaron Matthews

Connector Security Usable

MCP server for NSA's Ghidra reverse engineering framework. AI-powered binary analysis, decompilation, and cross-reference navigation.

Analyze binary files with AI-assisted decompilation
Navigate cross-references and function calls in compiled code
Identify potential vulnerabilities in compiled software

8,320 starsApache-2.0 (commercial OK)FreeDeveloper setup

Fair rating — This tool is functional but has notable gaps. Review the evaluation notes below before deploying.

Why it matters

5.4K+ stars. AI-assisted reverse engineering for security teams. Multiple enhanced forks with 100-194 tools.

Best for

Security researchers and malware analysts who want AI-assisted binary analysis and vulnerability research.

Works in

Claude Code Claude Cowork Claude Chat

Source

https://github.com/LaurieWired/GhidraMCP

By LaurieWired

How to Get It

Option 1: Claude Desktop AppOpen the Customize panel in the sidebar → browse connectors → search and add. Works in Claude Code, Claude Cowork, and Claude Chat.

CostFree

Trust Signals Reviewed

Stars8,320Contributors10Last updated2025-06-23LicenseApache-2.0 (OK for commercial use)Known CVEsNone foundSources: GitHub Advisory Database + OSV.dev · Scanned 2026-04-11 · scanner v1

Data & Access

Data processingPrompts sent to Anthropic API. Enterprise/Team plans exclude training.

Community Pulse Active

Discussed on Hacker News, Reddit

MCP server for Ghidra — Hacker News · 356 pts
Show HN: Ghidra MCP Server – 110 tools for AI-assisted reverse engineering — Hacker News · 298 pts
Debugger Ghidra Class — Hacker News · 199 pts

23 mentions across 2 sources

Reviewer notes

Reviewed review. These are observations, not a security certification.

Open source. Requires Ghidra installation.

2026-05-10: Practical use case is cutting down the time a skilled analyst spends on the mechanical parts of RE work—renaming symbols, tracing cross-references, mapping call graphs—by letting an LLM handle navigation and summarization while you focus on the interesting logic. The honest tradeoff: decompilation quality is still Ghidra's ceiling, and on heavily optimized or obfuscated binaries that ceiling is low; AI-generated summaries can look confident while missing the one context-specific behavior that actually matters. Best treated as a force-multiplier for analysts who already know what they're looking for, not a shortcut around that knowledge. The active fork ecosystem (some variants ship 100+ tools) means you should evaluate which fork matches your architecture coverage before committing.

How to evaluate tools before deploying →

Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.

Evaluation Scores

Evaluation

Ease of Use

3/5

Versatility

2/5

Reliability

3/5

Security

3/5

Overall score2.75 / 5.00 UsableEvaluatedApr 2026

← Back to Claude Tool Reviews