Cette page est affichée en anglais. Une traduction française est en cours.
ScriptsMay 4, 2026·3 min de lecture

Ghidra — NSA Open-Source Reverse Engineering Framework

A software reverse engineering suite developed by the NSA, providing disassembly, decompilation, and analysis tools for security researchers.

Script Depot
Script Depot · Community

Introduction

Ghidra is a software reverse engineering framework developed by the NSA and released as open source in 2019. It provides a full-featured suite of tools for analyzing compiled code across dozens of processor architectures, making it accessible to security researchers, malware analysts, and software auditors.

What Ghidra Does

  • Disassembles binaries for x86, ARM, MIPS, PowerPC, and 30+ other architectures
  • Decompiles machine code into readable C-like pseudocode
  • Supports collaborative multi-user reverse engineering via shared projects
  • Provides a scripting API in Java and Python (Jython) for automation
  • Analyzes firmware, malware, and proprietary file formats

Architecture Overview

Ghidra is built in Java with a modular plugin architecture. The core consists of a processor-specification language (Sleigh) that defines instruction semantics, enabling the same decompiler to work across all supported architectures. Analysis runs in a pipeline of analyzers that annotate the program database with cross-references, data types, and function signatures.

Self-Hosting & Configuration

  • Download release ZIPs from the official GitHub releases page
  • Requires JDK 17 or later on Windows, macOS, or Linux
  • Configure memory allocation in support/launch.properties
  • Set up a Ghidra Server for team collaboration with shared repositories
  • Extend with custom analyzer plugins placed in the Extensions directory

Key Features

  • Built-in decompiler that produces readable pseudocode across architectures
  • Version tracking to diff two binaries and identify patch changes
  • Extensible via headless analyzer mode for batch processing
  • Function ID database for automatic library function recognition
  • DWARF and PDB debug symbol ingestion

Comparison with Similar Tools

  • IDA Pro — commercial industry standard with faster UI, but costs thousands per license
  • Binary Ninja — modern commercial alternative with cleaner API but smaller architecture support
  • radare2/Cutter — open-source CLI-first framework, steeper learning curve
  • Hopper — lightweight macOS disassembler for quick triage, less powerful decompiler

FAQ

Q: Is Ghidra truly free for commercial use? A: Yes. Ghidra is released under the Apache 2.0 license and can be used for any purpose including commercial work.

Q: How does the decompiler compare to IDA's Hex-Rays? A: Ghidra's decompiler handles most architectures well. Hex-Rays may produce cleaner output for x86/ARM, but Ghidra covers more platforms out of the box.

Q: Can I automate analysis without the GUI? A: Yes. Ghidra provides a headless analyzer that runs scripts from the command line for batch processing.

Q: Does Ghidra support debugging? A: Ghidra 10.x added a debugger module supporting GDB and WinDbg backends for live debugging sessions.

Sources

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Pocket ID — Self-Hosted OIDC Provider with Passkey Authentication

A simple self-hosted OpenID Connect provider that lets users authenticate to services using passkeys and biometrics instead of passwords.

Script Depot

Feishin — Modern Self-Hosted Music Player

A modern, feature-rich music player client for self-hosted music servers like Navidrome and Jellyfin with album art, lyrics, and gapless playback.

Script Depot

Romm — Self-Hosted ROM Collection Manager & Player

A self-hosted ROM library manager with metadata scraping, in-browser emulation, and multi-platform support for retro gaming collections.

Script Depot
Accueil🔍Rechercher👤Moi