Ghidra
Ghidra is a software reverse engineering framework developed by the NSA that provides tools for analyzing compiled code across Windows, macOS, and Linux platforms. It supports disassembly, decompilation, graphing, scripting, and more for interactive and automated analysis.
Description
Ghidra is a full-featured software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. It includes a suite of high-end analysis tools enabling users to dissect compiled code on various platforms including Windows, macOS, and Linux. Key capabilities encompass disassembly, assembly, decompilation, graphing, and scripting, complemented by hundreds of additional features. The tool supports a broad range of processor instruction sets and executable formats, operating in both user-interactive and automated modes.
Users can extend Ghidra by developing custom components and scripts using Java or Python. In support of NSA's Cybersecurity mission, it addresses scaling and teaming challenges in complex SRE efforts, offering a customizable and extensible research platform. Ghidra has been applied to analyze malicious code, providing deep insights for SRE analysts investigating potential vulnerabilities in networks and systems.
How It Works
Ghidra operates as a comprehensive SRE framework with tools for disassembly, decompilation, graphing, and scripting to analyze compiled binaries. It processes a wide variety of processor instruction sets and executable formats, supporting both interactive user sessions and automated batch modes. Extensions and custom scripts in Java or Python enable tailored analysis workflows for scaling complex reverse engineering tasks.
Installation
sudo apt install ghidraFlags
Examples
ghidra -hghidraghidra <path-to-binary>ghidra -scriptPath <script> -postScript <script>ghidra -import <file>ghidra -analyze