← All open source projects

Ghidra

NationalSecurityAgency/ghidra

Ghidra is a reverse-engineering framework for binary analysis, disassembly, decompilation, scripts, and extensions.

GitHub · 69,918 stars Project website
Forks 7,663
Author NationalSecurityAgency
Language Java
License Apache-2.0
Synced 2026-06-20

What it is

Ghidra is a framework for software reverse engineering. It helps inspect compiled code: load binaries, view disassembly, use a decompiler, write scripts, and extend analysis.

The project was published on GitHub in 2019. It is created and maintained by the National Security Agency Research Directorate, written in Java, and released under Apache-2.0.

What is inside

Inside are tools for software analysis: format loaders, decompiler, views for functions and symbols, scripting, and extension support. This is not a small library but a full environment for security specialists.

Typical analysis flow

The diagram shows how Ghidra turns a binary into several views that can be inspected and extended with scripts.

Language: Plain text 
binary file -> loader -> disassembly -> decompiler -> symbols -> scripts and extensions

How people use it

Ghidra is used for malware research, old binary analysis, vulnerability research, and recovering program logic when source code is unavailable. In legitimate work it requires the same care as any security tool.

Its strength is depth and extensibility. A user can move from a whole-file overview to a specific function and then automate repeated work with scripts.

Project details

Ghidra is valuable because it combines several analysis layers in one environment. A specialist can start from a binary overview, then move to functions, strings, symbols, decompilation, and custom scripts for repeated work.

The project also matters as an open alternative to commercial reverse-engineering tools. For labs and independent researchers, it lowers the entry barrier in a field where strong tools were often expensive and closed.

In real work, Ghidra is rarely used alone. Its output is compared with debuggers, sandboxes, format documentation, and platform knowledge. The tool helps reveal code, but the human still makes the conclusions.

Strengths and limitations

The limitation is the entry barrier. To benefit from it, users need to understand CPU architectures, executable formats, function calls, and legal boundaries.

Ghidra matters in the catalog as a mature example of serious open-source security tooling: it is not only popular, it is used in professional software analysis.

Context