Ghidra (GhidraMCP)
Lets agents decompile and analyze binaries in the Ghidra reverse-engineering suite.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Ghidra (GhidraMCP), derived from its capabilities.
AIVSS 9.2 ยท Critical
View MAESTRO 7-layer threat model โOverview
GhidraMCP exposes the NSA-originated Ghidra reverse-engineering platform over MCP, letting an agent decompile functions, rename symbols, and analyze binaries programmatically. It drives a running Ghidra instance's analysis engine. Feeding an agent decompiled output from untrusted binaries is a real prompt-injection channel, and it operates on potentially malicious sample files.
Key features
- Automated binary decompilation
- Symbol/function analysis
- Drives live Ghidra instance
- RE workflow automation
Use cases
- AI-assisted reverse engineering
- Malware triage
- Firmware/binary analysis