Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/galoget/ghidra-headless-scripts
Ghidra Headless Scripts for Automated Analysis (Decompilation and Disassembly)
https://github.com/galoget/ghidra-headless-scripts
Last synced: about 1 month ago
JSON representation
Ghidra Headless Scripts for Automated Analysis (Decompilation and Disassembly)
- Host: GitHub
- URL: https://github.com/galoget/ghidra-headless-scripts
- Owner: galoget
- Created: 2022-10-10T21:23:51.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2022-11-03T00:05:50.000Z (about 2 years ago)
- Last Synced: 2024-08-03T01:26:13.276Z (4 months ago)
- Language: Python
- Homepage:
- Size: 13.7 KB
- Stars: 58
- Watchers: 2
- Forks: 19
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-rainmana - galoget/ghidra-headless-scripts - Ghidra Headless Scripts for Automated Analysis (Decompilation and Disassembly) (Python)
README
# Ghidra - Headless Scripts (Python)
Headless Scripts for Ghidra's Headless Analyzer written in Python 2 for Automated Analysis (Decompilation and Disassembly).
## Legend
Before jumping into the commands, it is important to explain what are the arguments passed to `analyzeHeadless`:
| Argument | Type| Description |
|-|-|-|
| `` | Mandatory | Path where the new Ghidra Project will be created. |
| `` | Mandatory | Name of the new Project to create in the previous path. |
| `-import ` | Mandatory | Path to the binary that you want to analyze with Ghidra. Here you can use `-import` or `-process` depending on your needs. For more information, check [Ghidra Documentation](https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/RuntimeScripts/Common/support/analyzeHeadlessREADME.html). |
| `-scriptPath ` | Mandatory | Path to your scripts folder. |
| `-postScript ` | Mandatory | Filename of the script you want to execute with Ghidra's Headless Analyzer. |
| `[OUTPUT_FILENAME]` | Optional | Filename of the output file that will be generated by Headless Scripts. If this argument is not passed, `decompiler.py` and `disassembler.py` will create a file with the following structure: `_decompiled.c` and `.asm` respectively. For `decompile_simple.py` the output filename will always be `decompiled_output.c`|
## Decompile Simple
`decompile_simple.py` decompiles all the functions recognized by Ghidra, and writes them into an output file (Pseudo C). It does exactly the same as `decompiler.py` but with a simplified code, recommended for beginners.
### Usage:
```shell
$ analyzeHeadless -import -scriptPath -postScript
```
### Example:
```
$ analyzeHeadless /home/galoget/ HeadlessAnalysis -import /home/galoget/malware-sample.exe -scriptPath /home/galoget/ghidra-headless-scripts/ -postscript decompile_simple.py
```
By default the script will create an output file in the path where the command was executed, the output file will be named: `output_malware.c`
## Decompiler
`decompiler.py` decompiles all the functions recognized by Ghidra, and writes them into an output file (Pseudo C).
### Usage:
```shell
$ analyzeHeadless -process -scriptPath -postScript
```
### Example:
```
$ analyzeHeadless /home/galoget/ HeadlessAnalysis -import /home/galoget/malware-sample.exe -scriptPath /home/galoget/ghidra-headless-scripts/ -postscript decompiler.py decompiled_malware_sample.c
```
## Disassembler
`disassembler.py` disassembles all the functions recognized by Ghidra, and writes them into an output file (ASM).
### Usage:
```shell
$ analyzeHeadless -process -scriptPath -postScript
```
### Example:
```
$ analyzeHeadless /home/galoget/ HeadlessAnalysis -import /home/galoget/malware-sample.exe -scriptPath /home/galoget/ghidra-headless-scripts/ -postscript disassembler.py.py disass_malware_sample.asm
```