Skip to content

biniamf/ai-reverse-engineering

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
demo
demo
 
 
webui
webui
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

AI-Assisted Reverse Engineering with Ghidra

This tool gives security researchers an AI chat interface that can drive Ghidra through MCP, letting them ask high-level questions about a binary instead of digging manually. The agentic workflow automatically performs the required reverse-engineering steps inside Ghidra to produce answers.

Uses a headless Ghidra analysis results exposed as REST API

docker run --rm -p 9090:9090 -v $(pwd)/data:/data/ghidra_projects biniamfd/ghidra-headless-rest:latest

Headless Ghidra endpoints (at GHIDRA_API_BASE = http://localhost:9090)

Endpoint Method Description Parameters Returns
/tools/analyze POST Upload a base64-encoded binary and start headless Ghidra analysis. file_b64 (string, required) – Base64-encoded binary
filename (string, required) – Original filename		 job_id (string) – Analysis job identifier
/tools/status POST Get status for an existing analysis job. job_id (string, required) – Analysis job identifier job_id (string)
status (string)queued | running | completed | failed
/tools/list_functions POST Retrieve the list of discovered functions for a job. job_id (string, required) – Analysis job identifier functions (array) – List of { name: string, address: string }
/tools/decompile_function POST Get decompiled pseudocode for a function at a given address. job_id (string, required) – Analysis job identifier
addr (string, required) – Function address (hex string)		 address (string)
pseudocode (string) – Decompiled C-like code
/tools/get_xrefs POST Get callers and callees for a function (cross-references). job_id (string, required) – Analysis job identifier
addr (string, required) – Function address		 address (string)
callers (string[])
callees (string[])
/tools/list_imports POST List imported libraries and symbols for the binary. job_id (string, required) – Analysis job identifier imports (array) – List of { library: string, symbol: string }
/tools/list_strings POST Return printable strings extracted from the binary. job_id (string, required) – Analysis job identifier
min_length (integer, optional) – Minimum string length		 strings (string[])
/tools/query_artifacts POST Natural-language-style query over artifacts. job_id (string, required) – Analysis job identifier
query (string, required) – Query text		 results (array) – Matching functions / snippets

Architecture

image

Setup

  • Pull the Docker image and run it
  • Set your OpenAI compatible API base URL
  • API key
  • model name
python webui/app.py

Then access the service at http://localhost:5000

demo2.mp4

About

AI-Assisted Reverse Engineering with Ghidra

Topics

reverse-engineering ai-agents ghidra

Resources

Readme
Activity

Stars

53 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages