Ghidra (GhidraMCP)
Lets agents decompile and analyze binaries in the Ghidra reverse-engineering suite.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Ghidra (GhidraMCP), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
GhidraMCP exposes the NSA-originated Ghidra reverse-engineering platform over MCP, letting an agent decompile functions, rename symbols, and analyze binaries programmatically. It drives a running Ghidra instance's analysis engine. Feeding an agent decompiled output from untrusted binaries is a real prompt-injection channel, and it operates on potentially malicious sample files.
Key features
- Automated binary decompilation
- Symbol/function analysis
- Drives live Ghidra instance
- RE workflow automation
Use cases
- AI-assisted reverse engineering
- Malware triage
- Firmware/binary analysis