github.com/NationalSecurityAgency/ghidra

Ghidra is a software reverse engineering (SRE) framework

Open this visualization on its own page →

Contributors

130

Lines of Code

30,704

From

2019-03-01

To

2020-12-22

About NationalSecurityAgency/ghidra

Ghidra is a comprehensive software reverse engineering framework created and maintained by the National Security Agency's Research Directorate. It provides a full suite of high-end analysis tools that enable users to examine compiled code across multiple platforms including Windows, macOS, and Linux. The framework supports disassembly, assembly, decompilation, graphing, and scripting capabilities along with hundreds of additional features, and it can handle a wide variety of processor instruction sets and executable formats.

The tool was built to address scaling and collaboration challenges in complex reverse engineering efforts and to serve as a customizable, extensible research platform. Ghidra can operate in both interactive user mode and automated modes, making it suitable for both manual analysis and programmatic workflows. The framework was developed to help NSA cybersecurity teams analyze malicious code and generate insights for security analysts investigating potential vulnerabilities in networks and systems.

Ghidra supports extensibility through user-developed components and scripts written in Java or Python. Users can create custom scripts and extensions using the GhidraDev plugin for Eclipse, or leverage Visual Studio Code integration for script editing. The project is written in Java and requires JDK 21 64-bit to run. The codebase is designed to be developed in Eclipse, which has been customized to support the Ghidra development process, though pre-built releases are available for direct installation without building from source.

Share this video