Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/allsafecybersecurity/awesome-ghidra
A curated list of awesome Ghidra materials
https://github.com/allsafecybersecurity/awesome-ghidra
List: awesome-ghidra
awesome-list ghidra
Last synced: about 1 month ago
JSON representation
A curated list of awesome Ghidra materials
- Host: GitHub
- URL: https://github.com/allsafecybersecurity/awesome-ghidra
- Owner: AllsafeCyberSecurity
- Created: 2019-12-15T02:39:08.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2021-11-03T12:47:46.000Z (almost 3 years ago)
- Last Synced: 2024-05-20T04:00:48.365Z (4 months ago)
- Topics: awesome-list, ghidra
- Homepage:
- Size: 213 KB
- Stars: 1,079
- Watchers: 53
- Forks: 69
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **83**星
- ultimate-awesome - awesome-ghidra - A curated list of awesome Ghidra materials. (Other Lists / PowerShell Lists)
README
# Awesome Ghidra 
[
](https://github.com/NationalSecurityAgency/ghidra)
> [Ghidra](https://github.com/NationalSecurityAgency/ghidra) is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
## Ghidra Scripts/Plugins/Extension
* [ghidra_script by Allsafe](https://github.com/AllsafeCyberSecurity/ghidra_scripts) - Ghidra scripts for malware analysis
* [headless_scripts](https://github.com/AllsafeCyberSecurity/headless_scripts) - Headless Scripts for Ghidra's Headless Analyzer written in Python
* [LazyGhidra](https://github.com/AllsafeCyberSecurity/LazyGhidra) - Make your Ghidra Lazy!
* [py-findcrypt-ghidra](https://github.com/AllsafeCyberSecurity/py-findcrypt-ghidra) - FindCrypt for Ghidra written in Python. All constants are referenced from [findcrypt](https://github.com/you0708/ida/tree/master/idapython_tools/findcrypt).
* [FindCrypt-Ghidra](https://github.com/d3v1l401/FindCrypt-Ghidra) - IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database
* [ret-sync](https://github.com/bootleg/ret-sync) - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers.
* [ghidra_scripts by ghidraninja](https://github.com/ghidraninja/ghidra_scripts) - Scripts for the Ghidra software reverse engineering suite.
* [gotools](https://github.com/felberj/gotools) - Plugin for Ghidra to assist reversing Golang binaries
* [ghidra_bridge](https://github.com/justfoxing/ghidra_bridge) - Python 3 bridge to Ghidra's Python scripting
* [ipyghidra](https://github.com/fmagin/ipyghidra) - IPython Extension that extends `ghidra_bridge` for an improved interactive experience in the IPython console
* [GhidraPAL](https://github.com/RolfRolles/GhidraPAL) - Ghidra Program Analysis Library
* [pcode-emulator](https://github.com/kc0bfv/pcode-emulator) - A PCode Emulator for Ghidra.
* [ghidra-data](https://github.com/0x6d696368/ghidra-data) - Supporting Data Archives for Ghidra
* [JNI Helper](https://github.com/evilpan/jni_helper) - Find JNI function signatures in APK and apply to Ghidra.
* [Daenerys](https://github.com/daenerys-sre/source) - A framework for interoperability between IDA and Ghidra
* [OOAnalyzer Plugin for Ghidra](https://github.com/cmu-sei/pharos/tree/master/tools/ooanalyzer/ghidra/OOAnalyzerPlugin) - OOAnalyzer is a tool for the analysis and recovery of object oriented constructs.
* [Ghidra Patch Diff Correlator Project](https://github.com/threatrack/ghidra-patchdiff-correlator) - This project tries to provide additional Ghidra Version Tracking Correlators suitable for patch diffing.
* [ghidra-fidb-repo](https://github.com/threatrack/ghidra-fidb-repo) - Ghidra Function ID dataset repository
* [ghidra_scripts by 0x6d696368](https://github.com/0x6d696368/ghidra_scripts) - Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.
* [ghidra-jython-kernel](https://github.com/AllsafeCyberSecurity/ghidra-jython-kernel) - Jupyter Kernel for Ghidra's Jython
* [Kotlin Jupyter Kernel](https://github.com/GhidraJupyter/ghidra-jupyter-kotlin) - Embeds the [Kotlin kernel](https://github.com/Kotlin/kotlin-jupyter) into the CodeBrowser or other tools, for a full-fledged Kotlin REPL or Jupyter Notebook alongside a GUI session, including `current*` variables, autocompletions based on static type inference and more.
* [pwndra](https://github.com/0xb0bb/pwndra) - A collection of pwn/CTF related utilities for Ghidra
* [vtgrepghidra](https://github.com/Sentinel-One/VTgrepGHIDRA) - VT-GHIDRA Plugin
* [VTgrepGHIDRA](https://github.com/kasif-dekel/random-stuff/blob/master/VTgrepGHIDRA.JAVA) - vtgrep plugin for Ghidra
* [Color the Executed Instructions](https://github.com/alephsecurity/general-research-tools/tree/master/ghidra_scripts/ColorInstructions) - Color the Executed Instructions
* [ReplaceFuncNameFromLog](https://github.com/alephsecurity/general-research-tools/tree/master/ghidra_scripts/ReplaceFuncNameFromLog) - ReplaceFuncNameFromLog
* [ghidraquark](https://github.com/quark-engine/ghidraquark) - A Ghidra plugin that provides powerful overview for Android Apps.
* [Ghidra-evm](https://github.com/adelapie/ghidra-evm) - Ghidra-evm is a ghidra module (processor module, custom loader and plugin(s)) that disassembles Ethereum VM (EVM) bytecode and generates a control-flow graph (CFG) of a smart contract.
* [efiSeek for Ghidra](https://github.com/DSecurity/efiSeek) - The analyzer automates the process of researching EFI files.
* [CapaExplorer](https://github.com/reb311ion/CapaExplorer) - Capa analysis importer for Ghidra.
* [ghidra_scripts by Dump-GUY](https://github.com/Dump-GUY/ghidra_scripts) - tiny_tracer_tag_annotate and CAPA_Importer.
* [Intezer Analyze Ghidra Plugin](https://github.com/intezer/analyze-community-ghidra-plugin) - Ghidra plugin for Intezer.
## Materials
* [リバースエンジニアリングツールGhidra実践ガイド -セキュリティコンテスト入門からマルウェア解析まで- (Compass Booksシリーズ)](https://www.amazon.co.jp/dp/4839973776/) - The Practical guide book to Ghidra written in Japanese
* [ghidra/GhidraDocs/GhidraClass/](https://github.com/NationalSecurityAgency/ghidra/tree/master/GhidraDocs/GhidraClass) - Official material by National Security Agency
* [Ghidra - Journey from Classified NSA Tool to Open Source](https://www.youtube.com/watch?v=kx2xp7IQNSc) - Black Hat USA 2019 Briefing by National Security Agency
* [INFILTRATE2019](https://github.com/0xAlexei/INFILTRATE2019) - INFILTRATE 2019 Demo Materials
* [Extending Ghidra](https://vimeo.com/377180466) - Mike Bell: Extending Ghidra: from Script to Plugins and Beyond
* [An Introduction To Code Analysis With Ghidra](https://threatvector.cylance.com/en_us/home/an-introduction-to-code-analysis-with-ghidra.html) - This article describes an approach for using Ghidra to perform malicious code analysis
* [Saintcon2019GhidraTalk](https://github.com/kc0bfv/Saintcon2019GhidraTalk) - Talk about PCode emulator at Saintcon 2019 by @kc0bfv
* [Youtube playlist by 0x6d696368](https://www.youtube.com/playlist?list=PLXqdTlog3E_8Ucym6klVOY9RmjdIy3cbm) - Youtube playlist with short Ghidra tips and tricks
* [Ghidra Code Analysis with Anuj Soni](https://www.youtube.com/watch?v=NCO9F7U3d6c) - Ghidra lecture by
SANS Digital Forensics and Incident Response channel
* [The Ghidra Book by Chris Eagle and Kara Nance](https://nostarch.com/GhidraBook) - "The definitive guide to Ghidra" by the author of the [IDA Pro Book](https://nostarch.com/idapro2.htm)
## Others
* [r2ghidra-dec](https://github.com/radareorg/r2ghidra-dec) - Deep ghidra decompiler integration for radare2
* [Ghidraaas](https://github.com/Cisco-Talos/Ghidraaas) - simple web server that exposes Ghidra analysis through REST APIs
* [Ghidra Server](https://www.ghidra-server.org/) - Ghidra-Server.org provides a collaboration server on the internet for the software reverse engineering (SRE) global community using the open source software (OSS) project Ghidra's server feature.