Ghidra: Software reverse engineering framework
NSA's open-source tool for analyzing compiled binaries.
Learn more about ghidra
Ghidra is a software reverse engineering framework written in Java that performs static analysis on compiled code. The tool operates through a modular architecture supporting multiple processor instruction sets and executable formats, with a graphical interface for interactive analysis and command-line interfaces for automation. Key capabilities include disassembly, assembly, decompilation to C-like pseudocode, control flow graphing, and data flow analysis across Windows, macOS, and Linux binaries. Organizations use Ghidra for vulnerability analysis, malware investigation, binary auditing, and security research on closed-source or legacy software.
Multi-Architecture Binary Support
Analyzes executables across x86, ARM, MIPS, PowerPC, and dozens of other processor architectures from a single interface. Handles Windows PE, Linux ELF, macOS Mach-O, and embedded firmware formats without external conversion tools.
Shared Project Repositories
Multi-user server enables teams to work on the same binary simultaneously with change tracking and merge capabilities. Coordinates reverse engineering efforts across distributed analysts without manual file synchronization.
Java and Python Scripting
Automate analysis workflows and build custom tools using full API access through Java or Python scripts. Extends core functionality with domain-specific analyzers, import/export handlers, and integration bridges to existing security toolchains.
from ghidra.program.model.listing import *
program = currentProgram
functionManager = program.getFunctionManager()
for function in functionManager.getFunctions(True):
print("Function: {} at {}".format(
function.getName(),
function.getEntryPoint()
))Release notes do not specify breaking changes, requirements, or bug fixes; only external documentation links and SHA-256 checksum provided.
- –Verify download integrity using SHA-256 hash 795a02076af16257bd6f3f4736c4fc152ce9ff1f95df35cd47e2adc086e037a6.
- –Consult linked WhatsNew.md and ChangeHistory.md in the repository for actual feature and fix details.
Release notes do not specify breaking changes, requirements, or bug fixes; only external documentation links provided.
- –Review the What's New and Change History documents on GitHub for detailed upgrade guidance.
- –Verify SHA-256 hash 59b657c39c2113d65e591c1087b77d85f6f7a11e97f2f4a0c9e7188510d07ea0 after download.
Release notes provide only external documentation links; no inline changelog, breaking changes, or requirements are specified in the provided text.
- –Review the linked WhatsNew.md and ChangeHistory.md documents on GitHub to identify breaking changes and upgrade steps.
- –Verify SHA-256 hash 8b2902bb3166901bc6297a06892eee077c08605be65abfe73ce7aaaafb651632 after download to ensure integrity.
See how people are using ghidra
Top in Security
Related Repositories
Discover similar tools and frameworks used by developers
openssl
C-based cryptographic library implementing TLS, DTLS, and QUIC protocols.
spiderfoot
Python reconnaissance framework with 200+ OSINT modules.
OSINT-Framework
Structured web catalog of free OSINT tools.
grype
Detect vulnerabilities in container images and filesystems.
subfinder
Passive subdomain discovery via DNS resolution and validation.