Ghidra
FeaturedApache-2.0🔬 Digital Forensics · Java
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. It includes a full-featured suite of high-end software analysis tools for analyzing compiled code across a variety of platforms. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide range of processor instruction sets and executable formats, and users can extend it through plugins and scripts written in Java or Python.
Installation
download
$ wget https://github.com/NationalSecurityAgency/ghidra/releases/latest -O ghidra.zip && unzip ghidra.zipbrew (macOS)
$ brew install --cask ghidraUse Cases
- Binary reverse engineering and malware analysis
- Decompilation of compiled executables
- Firmware analysis and embedded systems research
- Vulnerability research in compiled software
- Collaborative reverse engineering projects
- CTF competitions and security research
Tags
Details
- Category
- 🔬 Digital Forensics
- Language
- Java
- Repository
- NationalSecurityAgency/ghidra
- License
- Apache-2.0
- Platforms
- 🐧linux🍎macos🪟windows
Links
Used in 2 Workflows
Community Reviews
Alternatives & Comparisons
Radare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare Ghidra vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare Ghidra vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare Ghidra vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare Ghidra vs ILSpyx64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Compare Ghidra vs x64dbgDetect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
Compare Ghidra vs Detect It Easyangr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Compare Ghidra vs angrRetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Compare Ghidra vs RetDecRizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Compare Ghidra vs RizinMore in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.
Plaso (log2timeline)
PythonSuper timeline creation engine. Extracts timestamps from multiple forensic artifact sources into a single timeline.