https://github.com/byt3n33dl3/gxc-ghidra
Software for Reverse Engineering (SRE) suite of tools Developed by NSA Research Directorate in support of the Cybersecurity processes.
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (17.5%) to scientific vocabulary
Keywords
Repository
Software for Reverse Engineering (SRE) suite of tools Developed by NSA Research Directorate in support of the Cybersecurity processes.
Basic Info
- Host: GitHub
- Owner: byt3n33dl3
- License: gpl-3.0
- Language: C
- Default Branch: main
- Homepage: https://www.nsa.gov
- Size: 87.6 MB
Statistics
- Stars: 15
- Watchers: 1
- Forks: 0
- Open Issues: 1
- Releases: 4
Topics
Metadata Files
README.md
National Security Agency
Ghidra is a Software Reverse EngineeringGhidra
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.
In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
The Expand Update
gxc-Ghidra is a complete rewrite of the NSA Ghidra. It provides a set of libraries, tools and plugins to ease reverse engineering tasks. Distributed mostly under LGPLv3, and Apache 2.0 each plugin can have different licenses (see ghidra -L, rasm2 -L, ...).
The NSA Ghidra project started as a simple command-line hexadecimal editor focused on forensics. Today, ghidra is a featureful low-level command-line tool with support for scripting with the embedded Javascript interpreter or via ghidrapipe.
ghidra can edit files on local hard drives, view kernel memory, and debug programs locally or via a remote gdb or windbg servers. ghidra's wide architecture support allows you to analyze, emulate, debug, modify, and disassemble any binary.
If you are a U.S. citizen interested in projects like this, to develop Ghidra and other cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a career with us.
Security Warning
WARNING: There are known security vulnerabilities within certain versions of Ghidra. Before proceeding, please read through Ghidra's Security Advisories for a better understanding of how you might be impacted.
Install
To install an official pre-built multi-platform Ghidra release:
* Install JDK 21 64-bit
* Download a Ghidra release file
- NOTE: The official multi-platform release file is named
ghidra_<version>_<release>_<date>.zip which can be found under the "Assets" drop-down.
Downloading either of the files named "Source Code" is not correct for this step.
* Extract the Ghidra release file
* Launch Ghidra: ./ghidraRun (or ghidraRun.bat for Windows)
For additional information and troubleshooting tips about installing and running a Ghidra release,
please refer to the Installation Guide which can be found in a Ghidra release
at docs/InstallationGuide.html.
Build
To create the latest development build for your platform from this source repository:
Install build tools:
- JDK 21 64-bit
- Gradle 8.5+ (or provided Gradle wrapper if Internet connection is available)
- Python3 (version 3.9 to 3.13) with bundled pip
- make, gcc, and g++ (Linux or macOS-only)
- Microsoft Visual Studio 2017+ or Microsoft C++ Build Tools with the
following components installed (Windows-only):
- MSVC
- Windows SDK
- C++ ATL
Download and extract the source:
Download from GitHub
unzip ghidra-master
cd ghidra-master
NOTE: Instead of downloading the compressed source, you may instead want to clone the GitHub repository:
sh
git clone https://github.com/byt3n33dl3/gxc-Ghidra.git
Download additional build dependencies into source repository:
NOTE: If an Internet connection is available and you did not install Gradle, the following
gradle commands may be replaced with ./gradle(.bat).
gradle -I gradle/support/fetchDependencies.gradle
Create development build:
gradle buildGhidra
The compressed development build will be located at build/dist/.
For more detailed information on building Ghidra, please read the Developer Guide.
For issues building, please check the Known Issues section for possible solutions.
Developer
User Scripts and Extensions
Ghidra installations support users writing custom scripts and extensions via the GhidraDev plugin
for Eclipse. The plugin and its corresponding instructions can be found within a Ghidra release at
Extensions/Eclipse/GhidraDev/ or at this link. Alternatively, Visual Studio Code may
be used to edit scripts by clicking the Visual Studio Code icon in the Script Manager.
Fully-featured Visual Studio Code projects can be created from a Ghidra CodeBrowser window at
Tools and Create VSCode Module project.
NOTE: Both the GhidraDev plugin for Eclipse and Visual Studio Code integrations only support developing against fully built Ghidra installations which can be downloaded from the Releases page.
Advanced Development
To develop the Ghidra tool itself, it is highly recommended to use Eclipse, which the Ghidra development process has been highly customized for.
Install build and development tools:
- Follow the above build instructions so the build completes without errors
- Install Eclipse IDE for Java Developers
Prepare the development environment:
gradle prepdev eclipse buildNatives
Import Ghidra projects into Eclipse:
- File to Import...
- General Existing Projects into Workspace
- Select root directory to be your downloaded or cloned ghidra source repository
- Check Search for nested projects
- Click Finish
When Eclipse finishes building the projects, Ghidra can be launched and debugged with the provided Ghidra Eclipse run configuration.
For more detailed information on developing Ghidra, please read the Developer Guide.
Popular Plugins:
Using the ghidrapm tool you can browse and install many plugins and tools that use radare2.
- esilsolve: The symbolic execution plugin, based on esil and z3
- iaito: The official Qt graphical interface
- keystone Assembler instructions using the Keystone library
- decai Decompiler based on AI
- ghidraai Run a Language Model in localhost with Llama inside ghidra!
- ghidradec: A decompiler based on ghidra written in JS, accessed with the
pddcommand - ghidradiaphora: Diaphora's binary diffing engine on top of radare2
- ghidrafrida: The frida io plugin. Start ghidra with
ghidra frida://0to use it - ghidraghidra: The standalone native ghidra decompiler accessible with
pdg - ghidrapapi High level api on top of ghidrapipe
- ghidrapipe Script radare2 from any programming language
- ghidrapoke Integration with GNU or Poke for extended binary parsing capabilities
- goresym: Import GoReSym symbol as flags
- ghidrayara Run Yara from ghidra or use ghidra primitives from Yara
- radius2: A fast symbolic execution engine based on boolector and esil
- ghidrasarif import, extend, export SARIF documents
Operating Systems
Windows (since XP), Linux, Darwin, GNU/Hurd, Apple's such as: Mac, i, iPad, watch, iOS, Android, Wasmer, [Dragonfly, Net, Free, Open] BSD, Z/OS, QNX, SerenityOS, Solaris, AIX, Haiku, Vinix, FirefoxOS.
Architectures
i386, x86-64, Alpha, ARM, AVR, BPF, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, S390, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810, PDP11, m680x, V850, CRIS, XAP (CSR), PIC, LM32, 8051, 6502, i4004, i8080, Propeller, EVM, OR1K Tricore, CHIP-8, LH5801, T8200, GameBoy, SNES, SPC700, MSP430, Xtensa, xcore, NIOS II, Java, Dalvik, Pickle, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x, c55+, c64x), Hexagon, Brainfuck, Malbolge, whitespace, DCPU16, LANAI, lm32, MCORE, mcs96, RSP, SuperH-4, VAX, KVX, Am29000, LOONGARCH, JDH8, s390x, STM8.
File Formats
ELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, XCOFF, OMF, TE, XBE, SEP64, BIOS or UEFI, Dyldcache, DEX, ART, Java class, Android boot image, Plan9 executables, Amiga HUNK, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), PDP11, XTAC, CGC, WASM (WebAssembly binary), Commodore VICE emulator, QNX, WAD, OFF, TIC-80, GB/GBA, NDS and N3DS, and mount several filesystems like NTFS, FAT, HFS+, EXT.
National Security Agency
Ghidra Contributors and StoryContribute
If you would like to contribute bug fixes, improvements, and new features back to Ghidra, please take a look at our Contributor Guide to see how you can participate in this open source project.
Ghidra Contributors
Virtual hug to everyone who Contributed, Moreover the rest of the team was under National Security Agency account.
Owner
- Name: Sulaiman
- Login: byt3n33dl3
- Kind: user
- Location: Error 403: Not on earth
- Website: https://byt3n33dl3.substack.com/
- Twitter: byt3n33dl3
- Repositories: 91
- Profile: https://github.com/byt3n33dl3
I N F R A X 8 6
GitHub Events
Total
- Issues event: 1
- Watch event: 2
- Push event: 16
Last Year
- Issues event: 1
- Watch event: 2
- Push event: 16
Issues and Pull Requests
Last synced: 10 months ago
All Time
- Total issues: 0
- Total pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Total issue authors: 0
- Total pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- chf0x (1)
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- debian 11 build
- ubuntu latest build
- ubuntu latest build
- debian 11 build
- ubuntu latest build
- ubuntu latest build
- base ==4.*
- bytestring >=0.9.1
- transformers <0.6
- com.google.protobuf:protobuf-java 3.21.8 api
- com.google.auto.service:auto-service-annotations $autoServiceVersion api
- com.h2database:h2 2.2.220 api
- commons-logging:commons-logging 1.2 api
- org.apache.commons:commons-dbcp2 2.9.0 api
- org.apache.commons:commons-pool2 2.11.1 api
- org.postgresql:postgresql 42.7.3 api
- biz.aQute.bnd:biz.aQute.bnd.util 7.0.0 api
- biz.aQute.bnd:biz.aQute.bndlib 7.0.0 api
- com.github.rotty3000:phidias 0.3.7 api
- org.apache.felix:org.apache.felix.framework 7.0.5 api
- org.osgi:org.osgi.util.promise 1.3.0 api
- org.slf4j:slf4j-api 1.7.25 api
- junit:junit 4.12 compileOnly
- org.apache.logging.log4j:log4j-slf4j-impl 2.17.1 runtimeOnly
- org.slf4j:slf4j-nop 1.7.25 runtimeOnly
- de.femtopedia.dex2jar:dex-ir 2.4.24 api
- de.femtopedia.dex2jar:dex-reader 2.4.24 api
- de.femtopedia.dex2jar:dex-reader-api 2.4.24 api
- de.femtopedia.dex2jar:dex-translator 2.4.24 api
- net.sf.sevenzipjbinding:sevenzipjbinding 16.02-2.01 api
- org.ow2.asm:asm 9.7.1 api
- org.ow2.asm:asm-analysis 9.7.1 api
- org.ow2.asm:asm-commons 9.7.1 api
- org.ow2.asm:asm-tree 9.7.1 api
- org.ow2.asm:asm-util 9.7.1 api
- org.smali:baksmali 2.5.2 api
- org.smali:dexlib2 2.5.2 api
- org.smali:util 2.5.2 api
- net.sf.sevenzipjbinding:sevenzipjbinding-all-platforms 16.02-2.01 runtimeOnly
- msv:isorelax 20050913 api
- msv:msv 20050913 api
- msv:xsdlib 20050913 api
- org.antlr:antlr-runtime 3.5.2 api
- msv:relaxngDatatype 20050913 runtimeOnly
- com.google.code.gson:gson 2.9.0 api
- org.commonmark:commonmark 0.23.0 implementation
- org.commonmark:commonmark-ext-footnotes 0.23.0 implementation
- org.commonmark:commonmark-ext-heading-anchor 0.23.0 implementation
- junit:junit 4.13.2 test
- junit:junit 4.13.2 test
- junit:junit 4.13.2 test
- wasm-pack ^0.10.1