Awesome
Awesome Ghidra
<img src="./icon-ghidra.png" align="right" width="300">
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
Ghidra Scripts/Plugins/Extension
-
ghidra_script by Allsafe - Ghidra scripts for malware analysis
-
headless_scripts - Headless Scripts for Ghidra's Headless Analyzer written in Python
-
LazyGhidra - Make your Ghidra Lazy!
-
py-findcrypt-ghidra - FindCrypt for Ghidra written in Python. All constants are referenced from findcrypt.
-
FindCrypt-Ghidra - IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database
-
ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers.
-
ghidra_scripts by ghidraninja - Scripts for the Ghidra software reverse engineering suite.
-
gotools - Plugin for Ghidra to assist reversing Golang binaries
-
ghidra_bridge - Python 3 bridge to Ghidra's Python scripting
-
ipyghidra - IPython Extension that extends
ghidra_bridge
for an improved interactive experience in the IPython console -
GhidraPAL - Ghidra Program Analysis Library
-
pcode-emulator - A PCode Emulator for Ghidra.
-
ghidra-data - Supporting Data Archives for Ghidra
-
JNI Helper - Find JNI function signatures in APK and apply to Ghidra.
-
Daenerys - A framework for interoperability between IDA and Ghidra
-
OOAnalyzer Plugin for Ghidra - OOAnalyzer is a tool for the analysis and recovery of object oriented constructs.
-
Ghidra Patch Diff Correlator Project - This project tries to provide additional Ghidra Version Tracking Correlators suitable for patch diffing.
-
ghidra-fidb-repo - Ghidra Function ID dataset repository
-
ghidra_scripts by 0x6d696368 - Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.
-
ghidra-jython-kernel - Jupyter Kernel for Ghidra's Jython
-
Kotlin Jupyter Kernel - Embeds the Kotlin kernel into the CodeBrowser or other tools, for a full-fledged Kotlin REPL or Jupyter Notebook alongside a GUI session, including
current*
variables, autocompletions based on static type inference and more. -
pwndra - A collection of pwn/CTF related utilities for Ghidra
-
vtgrepghidra - VT-GHIDRA Plugin
-
VTgrepGHIDRA - vtgrep plugin for Ghidra
-
Color the Executed Instructions - Color the Executed Instructions
-
ReplaceFuncNameFromLog - ReplaceFuncNameFromLog
-
ghidraquark - A Ghidra plugin that provides powerful overview for Android Apps.
-
Ghidra-evm - Ghidra-evm is a ghidra module (processor module, custom loader and plugin(s)) that disassembles Ethereum VM (EVM) bytecode and generates a control-flow graph (CFG) of a smart contract.
-
efiSeek for Ghidra - The analyzer automates the process of researching EFI files.
-
CapaExplorer - Capa analysis importer for Ghidra.
-
ghidra_scripts by Dump-GUY - tiny_tracer_tag_annotate and CAPA_Importer.
-
Intezer Analyze Ghidra Plugin - Ghidra plugin for Intezer.
Materials
-
リバースエンジニアリングツールGhidra実践ガイド -セキュリティコンテスト入門からマルウェア解析まで- (Compass Booksシリーズ) - The Practical guide book to Ghidra written in Japanese
-
ghidra/GhidraDocs/GhidraClass/ - Official material by National Security Agency
-
Ghidra - Journey from Classified NSA Tool to Open Source - Black Hat USA 2019 Briefing by National Security Agency
-
INFILTRATE2019 - INFILTRATE 2019 Demo Materials
-
Extending Ghidra - Mike Bell: Extending Ghidra: from Script to Plugins and Beyond
-
An Introduction To Code Analysis With Ghidra - This article describes an approach for using Ghidra to perform malicious code analysis
-
Saintcon2019GhidraTalk - Talk about PCode emulator at Saintcon 2019 by @kc0bfv
-
Youtube playlist by 0x6d696368 - Youtube playlist with short Ghidra tips and tricks
-
Ghidra Code Analysis with Anuj Soni - Ghidra lecture by SANS Digital Forensics and Incident Response channel
-
The Ghidra Book by Chris Eagle and Kara Nance - "The definitive guide to Ghidra" by the author of the IDA Pro Book
Others
-
r2ghidra-dec - Deep ghidra decompiler integration for radare2
-
Ghidraaas - simple web server that exposes Ghidra analysis through REST APIs
-
Ghidra Server - Ghidra-Server.org provides a collaboration server on the internet for the software reverse engineering (SRE) global community using the open source software (OSS) project Ghidra's server feature.