Export Ghidra analysis for AI - No MCP

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gxenos from gravatar.com gxenos

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: gxenos
  • Tags ghidra , reverse-engineering , decompilation , ai
  • Requires: Python >=3.12
Report project as malware

Project description

GHIDRA-NO-MCP

Export Ghidra decompilation results as source files for use with AI IDEs.

Runs from cmd, uses pyghidra and headless mode and doesn't require the Ghidra GUI.

Just copy-paste the uvx command into the agent or skill.

Inspired by: https://github.com/P4nda0s/IDA-NO-MCP

Text, Source Code, and Shell are LLM's native languages.

Installation and Usage

Install with uv

uv tool install git+https://github.com/gxenos/GHIDRA-NO-MCP.git

Run from anywhere:

ghidra-no-mcp -g /path/to/GHIDRA /path/to/binary /output/dir

Run with uvx

uvx git+https://github.com/gxenos/GHIDRA-NO-MCP -g /path/to/GHIDRA /path/to/binary /output/dir

Or using environment variable:

GHIDRA_INSTALL_DIR=/path/to/GHIDRA uvx git+https://github.com/gxenos/GHIDRA-NO-MCP /path/to/binary /output/dir

Other Installation Methods

Local development

uv venv && uv pip install -e .

Examples

# Using environment variable
export GHIDRA_INSTALL_DIR=/opt/ghidra/ghidra_12.0.4_PUBLIC
uv run ghidra-no-mcp ./malware.exe ./analysis

# Using CLI argument
uv run ghidra-no-mcp -g /opt/ghidra ./malware.exe ./analysis

# With uvx
GHIDRA_INSTALL_DIR=/opt/ghidra uvx git+https://github.com/gxenos/GHIDRA-NO-MCP ./malware.exe ./analysis

Options

Option Description
-g, --ghidra-path Path to Ghidra installation
-v, --verbose Enable verbose logging

Output

Directory/File Description
call_graph.json Function call graph (nodes + edges), includes function names, addresses, caller/callee counts
decompile/ Decompiled C files (one per function), includes function name, address, callers, callees
strings.txt String table
imports.txt Import table
exports.txt Export table
memory/ Memory hexdumps, 1MB chunks
decompile_skipped.txt Skipped functions
decompile_failed.txt Failed functions

Each .c file includes metadata header:

/*
 * func-name: main
 * func-address: 0x401000
 * callers: 0x402000
 * callees: 0x404000
 */

The call_graph.json file contains the full call graph:

{
  "nodes": [
    {"address": "0x401000", "name": "main", "is_external": false, "caller_count": 0, "callee_count": 2},
    {"address": "0x402000", "name": "validate_input", "is_external": false, "caller_count": 1, "callee_count": 3}
  ],
  "edges": [
    {"caller": "0x401000", "caller_name": "main", "callee": "0x402000", "callee_name": "validate_input"}
  ],
  "stats": {"total_functions": 150, "total_calls": 342, "external_calls": 45}
}

Analysis

By default, the script runs Ghidra with the default analysis options.

Analysis Options

Option Description
--no-memory Skip memory hexdump export
--no-strings Skip string extraction
--no-imports Skip import table export
--no-exports Skip export table export
--decompiler-timeout Timeout per function in seconds (0 = unlimited, default: 0)
--max-payload Max decompiler payload size in MB (default: 100)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gxenos from gravatar.com gxenos

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: gxenos
  • Tags ghidra , reverse-engineering , decompilation , ai
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ghidra_no_mcp-0.1.0.tar.gz (8.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ghidra_no_mcp-0.1.0-py3-none-any.whl (8.1 kB view details)

Uploaded Python 3

File details

Details for the file ghidra_no_mcp-0.1.0.tar.gz.

File metadata

  • Download URL: ghidra_no_mcp-0.1.0.tar.gz
  • Upload date:
  • Size: 8.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.12 {"installer":{"name":"uv","version":"0.9.12"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ghidra_no_mcp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 a81c642e9ed914c7e18c0de6058f392970b2f18f4c8932b8826786e16dcabb4b
MD5 31115d523149b0e8065d84cd81efe6c0
BLAKE2b-256 006c5b4718c75fe7c470bacfdaba17172c1e540006758c096dbcf28ab9300cb1

See more details on using hashes here.

File details

Details for the file ghidra_no_mcp-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: ghidra_no_mcp-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 8.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.12 {"installer":{"name":"uv","version":"0.9.12"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for ghidra_no_mcp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 36da9ba516b4a5332cc28c5feafb3f49e31f97fe4dc5d32d062b82fc76adbd3c
MD5 bfac0a928011bc969b1c492389373e58
BLAKE2b-256 04c728b4a7b0cf2cf74bf51a6a851901233522d95edb1bdd04708335e03751d0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page