Ghidra Software Reverse Engineering Framework Logo

Ghidra Software Reverse Engineering Framework

0
Free
Visit Website

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

FEATURES

ALTERNATIVES

A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.

Hyara is a plugin that simplifies writing YARA rules with various convenient features.

A Python-based tool for detecting XSS vulnerabilities

OCyara performs OCR on image files and scans them for matches to Yara rules, supporting Debian-based Linux distros.

A framework for creating XNU based rootkits for OS X and iOS security research

A tool for finding and exploiting SQL injection vulnerabilities in web applications

Interactive malware hunting service with live access to the heart of an incident.

GuardDog is a CLI tool for identifying malicious PyPI and npm packages through heuristics and Semgrep rules.