# GhidraMCP: Now AI Can Reverse Malware

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local…) can Reverse Engineer malware for you. With the right prompting, it automates a ton of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

Video Demo:

GitHub Repository:

https://github.com/LaurieWired/GhidraMCP

You Should Know:

1. Setting Up GhidraMCP

To integrate GhidraMCP with your Ghidra installation, follow these steps:

1. Clone the Repository:

git clone https://github.com/LaurieWired/GhidraMCP.git

2. Install Dependencies:

pip install -r requirements.txt

3. Run the MCP Server:

python mcp_server.py --model claude-3-opus --api-key YOUR_API_KEY

2. Automating Malware Analysis

Use GhidraMCP to automate:

Function Identification
String Decryption
Behavioral Analysis

Example prompt for malware analysis:

[plaintext]
Analyze the binary and list all suspicious API calls, imported functions, and potential persistence mechanisms.
[/plaintext]

3. Key Linux Commands for Malware Reverse Engineering

Extract Strings:
```
strings malware.bin > output.txt
```
Check File Type:
```
file suspicious_file
```

Disassemble with objdump:

objdump -d malware.bin > disassembly.asm

### 4. Windows Commands for Dynamic Analysis

Monitor Processes:
```
tasklist /v
```
Check Network Connections:
```
netstat -ano
```
Dump Memory:
```
procdump -ma malware.exe
```

## What Undercode Say:

GhidraMCP is a game-changer for reverse engineers, allowing AI-assisted analysis at scale. By leveraging LLMs like Claude or Gemini, tedious tasks such as function renaming, behavior summarization, and anomaly detection can now be automated.

For best results:

Fine-tune prompts for specific malware families.
Combine with dynamic analysis (Wireshark, ProcMon).
Use Ghidra scripting (Python) for deeper automation.

## Expected Output:

A streamlined malware analysis workflow where AI handles initial triage, allowing analysts to focus on critical findings.

References:

Reported By: Laurie Kirk – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

# ghidraMCP: Now AI Can Reverse Malware

Video Demo:

GitHub Repository:

You Should Know:

1. Setting Up GhidraMCP

1. Clone the Repository:

2. Install Dependencies:

3. Run the MCP Server:

2. Automating Malware Analysis

Use GhidraMCP to automate:

Example prompt for malware analysis:

3. Key Linux Commands for Malware Reverse Engineering

### 4. Windows Commands for Dynamic Analysis

## What Undercode Say:

For best results:

## Expected Output:

Further Reading:

References:

Join Our Cyber World:

Listen to this Post

Video Demo:

GitHub Repository:

You Should Know:

1. Setting Up GhidraMCP

1. Clone the Repository:

2. Install Dependencies:

3. Run the MCP Server:

2. Automating Malware Analysis

Use GhidraMCP to automate:

Example prompt for malware analysis:

3. Key Linux Commands for Malware Reverse Engineering

### **4. Windows Commands for Dynamic Analysis**

## **What Undercode Say:**

For best results:

## **Expected Output:**

**Further Reading:**

References:

Join Our Cyber World:

Related Posts:

### 4. Windows Commands for Dynamic Analysis

## What Undercode Say:

## Expected Output:

Further Reading: