AI-Powered Binary Analysis Platform
Enterprise-grade reverse engineering with Ghidra, AI-driven insights, and seamless LLM integration.
git clone https://github.com/hexria/GhidraInsight.git
cd GhidraInsight
docker-compose up -d
open http://localhost:3000 # Dashboard opens automaticallychmod +x scripts/setup.sh
./scripts/setup.sh --mode=allpip install ghidrainsight
ghidrainsight analyze --file binary.elf --ai-powered- Automated Threat Detection: Cryptocurrency algorithms, vulnerable patterns, malicious code
- Taint Analysis: Complete data flow tracking from source to sink
- Control Flow Analysis: Anomaly detection and complexity metrics
- Symbol Recovery: Function name inference and type reconstruction
- Multi-LLM Support: Claude, GPT-4, Gemini, and more - choose the best model for your needs
- Context Optimization: Automatic context truncation for cheaper inference costs
- Function Name Generation: AI-powered function name generation from disassembly/pseudocode
- Automatic Comments: Intelligent comment generation for better code understanding
- Vulnerability Explanations: Natural language explanations of detected vulnerabilities
- Automated Vulnerability Scanning: CVSS scores with AI-powered remediation
- Pattern Recognition: ML-based anomaly and weakness detection
- Intelligent Code Summarization: Automatic function and module descriptions
- Web Dashboard: Intuitive React UI with real-time analysis
- Python SDK: Programmatic access with async support
- CLI Tools: Command-line interface for automation
- MCP Protocol: Seamless LLM integration (Claude, GPT-4, Gemini, and more)
- REST API: RESTful endpoints for custom integrations
- π¦ Local AI: Ollama and other local models support (NEW)
- Modular Design: Plug-and-play analysis modules
- Multi-Transport: HTTP, WebSocket, Server-Sent Events
- Scalable: Horizontal scaling with Docker orchestration
- Secure: JWT/OAuth authentication, rate limiting, audit logs
- Observable: Comprehensive logging and tracing
| Use Case | Recommended | Setup Time | Learn Curve |
|---|---|---|---|
| Interactive analysis + visualization | Web Dashboard | 1 min | Easy |
| CI/CD pipeline integration | Python SDK or CLI | 5 min | Medium |
| LLM assistant integration | MCP Protocol | 10 min | Medium |
| Custom automation scripts | Python SDK | 5 min | Medium |
| Quick one-off analysis | Docker + CLI | 2 min | Easy |
| Component | Minimum | Recommended |
|---|---|---|
| RAM | 4GB | 8GB+ |
| CPU | 2 cores | 4+ cores |
| Disk | 5GB | 20GB+ |
| Java | 11 | 17 LTS |
| Python | 3.9 | 3.11+ |
| Node.js | 18 | 20 LTS |
Option A: Docker (Recommended for Beginners)
β Single command setup
β No dependency conflicts
β Works on Windows, macOS, Linux
β Production-ready out of box
Requires: Docker Desktop (download)Option B: Manual (For Customization)
β Full control over components
β Easier debugging
β Smaller resource footprint
Requires: Java 11+, Python 3.9+, Node.js 18+, Ghidra 11+Option C: Python-Only (Lightweight)
β No GUI needed
β Perfect for servers
β Fastest setup
β Requires external Ghidra installationPrerequisites: Docker Desktop
# 1. Clone and navigate
git clone https://github.com/hexria/GhidraInsight.git
cd GhidraInsight
# 2. Start all services (one command!)
docker-compose up -d
# 3. Wait for services to start (~30 seconds)
docker-compose logs -f
# 4. Access the platform
echo "β
Dashboard: http://localhost:3000"
echo "β
API Server: http://localhost:8000"
echo "β
WebSocket: ws://localhost:8001"Stop services:
docker-compose downView logs:
docker-compose logs -f ghidra-plugin
docker-compose logs -f python-mcp
docker-compose logs -f web-dashboardTroubleshooting:
# Check service status
docker-compose ps
# Rebuild images
docker-compose build --no-cache
# Remove all containers and start fresh
docker-compose down -v && docker-compose up -d# Make script executable
chmod +x scripts/setup.sh
# Install everything with one command
./scripts/setup.sh --mode=all --python-version=3.11
# Start the platform
./scripts/startup.shFor specific components only:
./scripts/setup.sh --mode=python-only # Python MCP server only
./scripts/setup.sh --mode=java # Java plugin only
./scripts/setup.sh --mode=dashboard # Dashboard onlyVerify installation:
ghidrainsight --version
ghidrainsight statuscd ghidra-plugin
./gradlew build
# Install to Ghidra
cp build/libs/*.jar $GHIDRA_INSTALL_DIR/Extensions/Ghidra/plugins/
# Restart Ghidra and enable plugin in: Window β Plugin Managercd python-mcp
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -e .
ghidrainsight-server --host 0.0.0.0 --port 8000cd web-dashboard
npm install
npm run dev # Opens at http://localhost:5173# Install from PyPI (once released)
pip install ghidrainsight
# Verify installation
ghidrainsight --version
# Start server
ghidrainsight serve --port 8000Perfect for: Interactive analysis, visualization, learning
Access at http://localhost:3000 after docker-compose up
Usage Steps:
- Drop a Binary: Drag file into the upload area or click "Select File"
- Auto-Analysis: System automatically:
- Detects crypto algorithms
- Finds vulnerabilities
- Performs taint analysis
- Explore: Click on functions to see decompilation
- Ask AI: Use chat interface for natural language queries
- Export: Download JSON/PDF reports
Example AI Questions:
"What does function_0x401000 do?"
"Find all crypto operations"
"Show potential vulnerabilities"
"Analyze data flow from user input"
"Compare this with known malware patterns"
Perfect for: CI/CD integration, batch processing, custom workflows
from ghidrainsight.client import GhidraInsightClient
import asyncio
async def analyze_binary():
# Connect to server
client = GhidraInsightClient("http://localhost:8000")
# Analyze with all features
results = await client.analyze(
file_path="/path/to/binary.elf",
features=["crypto", "taint", "vulnerabilities"],
ai_powered=True # Enable AI analysis
)
# Access results
print(f"Vulnerabilities: {results.vulnerabilities}")
print(f"Crypto: {results.crypto_algos}")
print(f"AI Insights: {results.ai_summary}")
# Export report
await client.export_report(results, format="pdf")
asyncio.run(analyze_binary())Perfect for: One-off analysis, scripting, integration
# Analyze a binary
ghidrainsight analyze --file binary.elf
# Show all crypto algorithms
ghidrainsight analyze --file binary.elf --features crypto --verbose
# Taint analysis from specific source
ghidrainsight taint --file binary.elf --source user_input --sink system_call
# With AI insights
ghidrainsight analyze --file binary.elf --ai-summary --output report.json
# Check server status
ghidrainsight status
# View configuration
ghidrainsight config listPerfect for: AI assistants, automated security reviews
GhidraInsight supports multiple LLM providers with automatic context optimization:
# Setup Claude integration
export ANTHROPIC_API_KEY=your-key-here
ghidrainsight integrate --provider anthropic --api-key $ANTHROPIC_API_KEY
# Use Claude for analysis
ghidrainsight analyze --file binary.elf --ai-provider anthropic --ai-model claude-3-haiku# Setup OpenAI integration
export OPENAI_API_KEY=your-key-here
ghidrainsight integrate --provider openai --api-key $OPENAI_API_KEY
# Use GPT-4 for analysis
ghidrainsight analyze --file binary.elf --ai-provider openai --ai-model gpt-4# Setup Google Gemini integration
export GOOGLE_API_KEY=your-key-here
ghidrainsight integrate --provider google --api-key $GOOGLE_API_KEY
# Use Gemini for analysis
ghidrainsight analyze --file binary.elf --ai-provider google --ai-model gemini-proContext Optimization: Automatically enabled to reduce token usage and costs. Long contexts are intelligently truncated while preserving key information.
See examples/CLAUDE_INTEGRATION.md, examples/OPENAI_INTEGRATION.md, and docs/AI_INTEGRATIONS.md for detailed setup.
Perfect for: Third-party integrations, mobile apps, web services
# Analyze binary via HTTP
curl -X POST http://localhost:8000/api/analyze \
-H "Content-Type: application/json" \
-d '{
"file": "/path/to/binary.elf",
"features": ["crypto", "vulnerabilities"]
}'
# Get analysis results
curl http://localhost:8000/api/analysis/{analysis_id}
# List available functions
curl http://localhost:8000/api/functionsFull API docs at API_REFERENCE.md
- π First Analysis (5 min)
- π― Dashboard Tour (10 min) (Coming soon)
- π Understanding Analysis Results (Coming soon)
- ποΈ Architecture Deep Dive
- π Security & Authentication
- π οΈ Custom Analysis Module Development (Coming soon)
# Clone example binaries repository
git clone https://github.com/yourusername/ghidrainsight-examples.git
cd ghidrainsight-examples
# Run analysis on example files
ghidrainsight analyze --file binaries/crypto_sample.elf
ghidrainsight analyze --file binaries/vulnerable_c.elfβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Access Layers β
βββββββββββββββββ¬βββββββββββββββ¬βββββββββββββ¬βββββββββββββββ€
β Web Dashboard β Python SDK β CLI β LLM (MCP) β
β (React) β (Async) β (Click) β (Protocol) β
βββββββββ¬ββββββββ΄βββββββ¬ββββββββ΄βββββ¬ββββββββ΄βββββββ¬ββββββββ
β β β β
ββββββββββββββββ΄βββββββββββββ΄βββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β REST API / WebSocket β
β (Port 8000-8002) β
ββββββββββββββββ¬βββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β Python MCP Server β
β (ghidrainsight core) β
ββββββββββββββββ¬βββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β Analysis Engine β
β ββ Crypto Detection β
β ββ Taint Analysis β
β ββ Vulnerability Detect. β
β ββ Control Flow Analysis β
ββββββββββββββββ¬βββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β Ghidra Java Plugin β
β (Binary decompilation) β
βββββββββββββββββββββββββββββββ
| Component | Purpose | Technology |
|---|---|---|
| Web Dashboard | Interactive UI for analysis | React + TypeScript |
| Python MCP Server | Core analysis & API | Python 3.9+ async |
| Java Plugin | Ghidra integration | Java 11+, Guice DI |
| CLI Tools | Command-line interface | Python Click |
| REST API | HTTP endpoints | FastAPI/Spark |
Binary File β Ghidra Decompilation β Feature Extraction β
AI Analysis β Vulnerability Scoring β Results JSON β
Web UI / API Consumers
See ARCHITECTURE.md for detailed design documentation.
# All tests
./scripts/test-all.sh
# Java tests
cd ghidra-plugin && ./gradlew test
# Python tests
cd python-mcp && pytest --cov=ghidrainsight -v
# React tests
cd web-dashboard && npm test- Test Coverage: Target 80%+
- Code Quality: SpotBugs, Black, ESLint
- Type Checking: mypy for Python, tsc for TypeScript
- Security: Dependabot + SAST scanning
cd python-mcp
pytest --cov=ghidrainsight --cov-report=html
open htmlcov/index.htmlCurrent status: See QUALITY_REPORT.md
GitHub Actions automatically:
- β Runs all tests on push/PR
- π Checks code quality and security
- π¦ Publishes to PyPI and GitHub Releases
- π³ Builds & publishes Docker images
- π Deploys documentation
View pipeline: .github/workflows
# Option 1: API Key (Simple)
headers:
Authorization: "Bearer YOUR_API_KEY"
# Option 2: JWT (Recommended)
headers:
Authorization: "Bearer <jwt_token>"
# Option 3: OAuth 2.0 (Enterprise)
# Configure via .env or config.yaml
OAUTH_PROVIDER=google
OAUTH_CLIENT_ID=...# config.yaml
server:
host: 0.0.0.0
port: 8000
auth:
enabled: true
method: jwt
secret: ${GHIDRA_JWT_SECRET}
security:
rate_limit:
requests_per_minute: 60
cors:
allowed_origins:
- http://localhost:3000
- https://yourdomain.comπ Full security guide: SECURITY.md
| Document | Purpose | Audience |
|---|---|---|
| QUICKSTART.md | Get running in 5 minutes | New users |
| INSTALLATION.md | Detailed setup for all methods | Developers |
| API_REFERENCE.md | Complete API documentation | Integrators |
| ARCHITECTURE.md | System design & decisions | Contributors |
| SECURITY.md | Authentication & best practices | DevOps, Security teams |
| CONTRIBUTING.md | Development workflow | Contributors |
| CHANGELOG.md | Version history | Users |
| ROADMAP.md | Future plans | Project stakeholders |
View all docs locally:
cd docs
npm install && npm start
# Opens at http://localhost:3000I have a question
β GitHub Discussions
I found a bug
β GitHub Issues
I want to contribute
β CONTRIBUTING.md
I need enterprise support
β Email: pentestdatabase@gmail.com
- π¬ GitHub Discussions - Q&A
- π Issue Tracker - Bug reports
- π Full Documentation - Comprehensive guides
- β All Version 1.0 features
- β Binary instrumentation support
- β Dynamic analysis integration
- β Malware detection and classification
- β Blockchain smart contract analysis
- β Mobile binary analysis (APK/IPA)
- β GPU acceleration
- β Sub-second analysis
- β Streaming architecture
- β Enterprise authentication (SAML/LDAP)
- β Multi-tenancy support
- β GDPR compliance
- π Enhanced ML models for pattern detection
- π Firmware analysis support
- π IoT binary analysis
See ROADMAP.md for detailed plans and contribute ideas!
License: Apache License 2.0
See LICENSE file for details.
- NSA Ghidra - Binary analysis framework
- Anthropic MCP - LLM protocol
- Python Async - Async runtime
- Open source community
If GhidraInsight is helpful, please:
- β Star this repository
- π¦ Share on social media
- π¬ Discuss with colleagues
- π€ Contribute improvements
| Metric | Value |
|---|---|
| Lines of Code | ~7,000+ |
| Components | 3 (Java, Python, React) |
| API Endpoints | 20+ |
| Test Coverage | 85%+ |
| Supported Formats | ELF, PE, Mach-O, APK, IPA |
| LLM Integrations | Claude, GPT-4, Gemini, OpenAI (with context optimization) |
Developer: Ismail Tasdelen
Email: pentestdatabase@gmail.com
GitHub: https://github.com/hexria/GhidraInsight
Getting Started
- π Installation Guide
- β‘ Quick Start (5 min)
- π Full Documentation
Integration
- π€ Claude Setup
- π OpenAI Setup
- π‘ MCP Protocol
- π¦ Ollama (Local AI) Setup NEW
- π Local AI Models Guide NEW
Development
- π§ Architecture Guide
- π οΈ Contributing
- π§ͺ Testing Guide
Security
- π Security Policy
- π‘οΈ Authentication Guide
Made with β€οΈ for the reverse engineering community
Last Updated: January 6, 2026
Status: Production Ready v2.0
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=64&v=4){kind=small}