{"id":13725188,"url":"https://github.com/Cisco-Talos/Ghidraaas","last_synced_at":"2025-05-07T19:33:05.405Z","repository":{"id":35442874,"uuid":"206115839","full_name":"Cisco-Talos/Ghidraaas","owner":"Cisco-Talos","description":null,"archived":false,"fork":false,"pushed_at":"2023-05-01T20:38:05.000Z","size":29,"stargazers_count":219,"open_issues_count":6,"forks_count":32,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-11-14T04:12:00.469Z","etag":null,"topics":["ghidra","ghidra-plugins","ida"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cisco-Talos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-03T15:54:26.000Z","updated_at":"2024-10-20T21:25:41.000Z","dependencies_parsed_at":"2024-11-06T19:36:59.418Z","dependency_job_id":"b6f20832-3f02-4b58-a699-00dd36a472d6","html_url":"https://github.com/Cisco-Talos/Ghidraaas","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FGhidraaas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FGhidraaas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FGhidraaas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cisco-Talos%2FGhidraaas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cisco-Talos","download_url":"https://codeload.github.com/Cisco-Talos/Ghidraaas/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224645239,"owners_count":17346105,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ghidra","ghidra-plugins","ida"],"created_at":"2024-08-03T01:02:15.336Z","updated_at":"2024-11-14T15:30:50.984Z","avatar_url":"https://github.com/Cisco-Talos.png","language":"Python","funding_links":[],"categories":["Python","Others"],"sub_categories":[],"readme":"# Ghidraaas - Ghidra as a Service\n\nGhidraaas is a simple web server that exposes Ghidra analysis through REST APIs. The project includes three Ghidra plugins to analyze a sample, get the list of functions and to decompile a function.\n\nGhidraaas is also the backend of [GhIDA](https://github.com/Cisco-Talos/GhIDA), the IDA plugin that integrates the Ghidra decompiler in IDA Pro.\n\n\n## How does it work?\n\nGhidraaas uses Ghidra [Headless Analyzer](https://ghidra.re/ghidra_docs/analyzeHeadlessREADME.html) to analyze the submitted sample. Then, the Ghidra project (the `*.gpr` file and the `*.rep` folder) is kept on the server until the `analysis_terminated` API is called. Three Ghidra [Python plugins](ghidra_plugins) are called by the Headless Analyzer on the sample's project to extract the list of functions and to decompile the requested function.\n\n\n## Features\n\nGhidraaas implements generic APIs to analyze a sample, get the list of functions and the decompiled code of a function, but it also includes some specific APIs to interact with the GhIDA plugin.\n\nGhidraaas generic APIs:\n\n* `api/analyze_sample/` Submit a sample for the analysis \n\n* `api/get_functions_list/\u003csha256\u003e` Request the list of functions \n\n* `api/get_functions_list_detailed/\u003csha256\u003e` Request the list of functions with additional details\n\n* `api/get_decompiled_function/\u003csha256\u003e/\u003coffset\u003e` Request to decompile a function\n\n* `api/analysis_terminated/\u003csha256\u003e` Remove the `*.gpr` file and `*.rep` project folder related to the sample.\n\nGhIDA specific APIs:\n\n* `api/ida_plugin_checkin/` Sample check-in\n\n* `api/ida_plugin_get_decompiled_function/` Decompile function\n\n* `api/ida_plugin_checkout/` Sample check-out.\n\n\nAn example on how to use the APIs can be found in [test.py](tests/test.py).\n\n## Installation\n\n### Lazy installation with Docker\n\n[docker_config.json](config/docker_config.json) contains the configuration file of Ghidraaas (no changes are needed).\n\n* Build *ghidraaas*\n```\ndocker build -t ghidraaas .\n```\n\n* Run *ghidraaas* docker\n```\ndocker run -p 8080:8080 -t ghidraaas\n```\n\n* Test the APIs\n```\ncd tests\npython3 test.py\n```\n\n### Manual installation (no docker)\n* Create a Python3 virtual env\n```\npython3 -m virtualenv env\nsource env/bin/activate\n```\n\n* Install the required packages\n```\npip install -r requirements.txt\n```\n\n* Download and unzip the latest Ghidra release\n```\nwget -O ghidra.zip https://ghidra-sre.org/ghidra_9.1.2_PUBLIC_20200212.zip\nunzip ghidra.zip\nrm ghidra.zip\n```\n\n* Set the `ghidra_9.1.2_PUBLIC` folder path in `GHIDRA_PATH` of [config.json](config/config.json)\n\n* Launch the server\n```\ngunicorn -w 2 -t 300 -b 0.0.0.0:8080 flask_api:app\n```\n\n* Test the APIs. Open another terminal and type:\n```\ncd tests\npython3 test.py\n```\n\n## Bugs and suggestion\n\nIf you discover a bug, or you have any improvements or suggestions, please open an [issue](https://github.com/Cisco-Talos/Ghidraaas/issues/new).\n\nBe sure to include as many details as possible in order to reproduce the bug.\n\n\n## License\n\nGhidraaas is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n\nThe original `Dockerfile` and `launch.sh.patch` are from [bskaggs/ghidra-docker](https://github.com/bskaggs/ghidra-docker).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCisco-Talos%2FGhidraaas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCisco-Talos%2FGhidraaas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCisco-Talos%2FGhidraaas/lists"}