Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
FEATURES
SIMILAR TOOLS
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A sandbox for quickly sandboxing known or unknown families of Android Malware
A program to manage yara ruleset in a database with support for different databases and configuration options.
A collaborative malware analysis framework with various features for automated analysis tasks.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
A tool designed to handle archive file data and augment Yara's capabilities.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Code to prevent a managed .NET debugger/profiler from working.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.