Ghidra Software Reverse Engineering Framework Logo

Ghidra Software Reverse Engineering Framework

0
Free
Visit Website

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

FEATURES

ALTERNATIVES

A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.

Malware sandbox for executing malicious files in an isolated environment with advanced features.

A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities

VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.

Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.

A collection of YARA rules for public use, built from intelligence profiles and file work.

A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.

A script to detect and remove Canary Tokens with simple signature-based detections.

PINNED