Ghidra
FeaturedApache-2.0🔬 Digital Forensics · Java
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. It includes a full-featured suite of high-end software analysis tools for analyzing compiled code across a variety of platforms. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide range of processor instruction sets and executable formats, and users can extend it through plugins and scripts written in Java or Python.
Installation
download
$ wget https://github.com/NationalSecurityAgency/ghidra/releases/latest -O ghidra.zip && unzip ghidra.zipbrew (macOS)
$ brew install --cask ghidraUse Cases
- Binary reverse engineering and malware analysis
- Decompilation of compiled executables
- Firmware analysis and embedded systems research
- Vulnerability research in compiled software
- Collaborative reverse engineering projects
- CTF competitions and security research
Tags
Details
- Category
- 🔬 Digital Forensics
- Language
- Java
- Repository
- NationalSecurityAgency/ghidra
- License
- Apache-2.0
Platforms
Links
Alternatives & Comparisons
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps — processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.
Plaso (log2timeline)
PythonSuper timeline creation engine. Extracts timestamps from multiple forensic artifact sources into a single timeline.