ReVa (Reverse Engineering Assistant)

Ghidra extension that implements an MCP server, enabling AI language models to perform reverse engineering tasks like decompilation, symbol renaming, encryption detection, and binary analysis directly through Ghidra's analysis engine.

Evaluated Mar 06, 2026 (0d ago) vlatest
Homepage ↗ Repo ↗ Security ghidra reverse-engineering binary-analysis mcp security firmware ctf decompilation
⚙ Agent Friendliness
77
/ 100
Can an agent use this?
🔒 Security
73
/ 100
Is it safe for agents?
⚡ Reliability
70
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
80
Error Messages
72
Auth Simplicity
80
Rate Limits
68

🔒 Security

TLS Enforcement
80
Auth Strength
72
Scope Granularity
65
Dep. Hygiene
78
Secret Handling
70

RE assistant MCP. Analyze binaries locally only. Malware analysis requires strict sandboxing — airgap recommended. RE of proprietary software requires authorization.

⚡ Reliability

Uptime/SLA
70
Version Stability
72
Breaking Changes
68
Error Recovery
70
AF Security Reliability

Best When

You are doing security research, firmware analysis, or CTF work in Ghidra and want an AI assistant with deep, tool-native access to decompilation results, cross-references, and symbol information.

Avoid When

You use IDA Pro, Binary Ninja, or other reverse engineering tools, or need dynamic/runtime analysis capabilities.

Use Cases

  • AI-assisted firmware analysis for embedded systems security research
  • Automated CTF binary challenge solving with LLM-guided exploration
  • Large binary examination with AI-directed decompilation and annotation
  • Encryption algorithm detection and analysis in compiled binaries
  • CI/CD pipeline integration for automated headless binary analysis

Not For

  • Non-Ghidra reverse engineering workflows (IDA Pro, Binary Ninja users)
  • Dynamic analysis or runtime debugging — Ghidra is a static analysis tool
  • Teams without Ghidra 12.0+ installed

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

No authentication documented. Runs locally on port 8080. Access control relies on network-level isolation (localhost only by default).

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Open source Ghidra extension. Requires Ghidra 12.0+ (free from NSA). LLM costs depend on the AI client used (e.g., Claude API costs).

Agent Metadata

Pagination
none
Idempotent
Yes
Retry Guidance
Not documented

Known Gotchas

  • Requires Ghidra 12.0+ — earlier versions not supported and Ghidra releases can lag behind this requirement
  • Assistant mode requires running Ghidra UI; headless mode requires separate configuration for project management
  • No authentication on localhost:8080 — any local process can send MCP requests; use only in trusted environments
  • Context rot mitigation is explicitly designed in but long analysis sessions may still degrade model performance
  • Plugin must be activated in both Project and Code Browser views — easy to miss during setup

Alternatives

BinBot (IDA plugin) Binary Ninja AI plugins Capa (malware analysis) manual Ghidra scripting

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for ReVa (Reverse Engineering Assistant).

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered