Ghidra (pronounced GEE-druh;[3] /ˈɡiːdrə/[4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub.[5] Ghidra is seen by many security researchers as a competitor to IDA Pro.[6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.[7]
Original author(s) | NSA |
---|---|
Initial release | March 5, 2019 |
Stable release | 11.0[1]
/ December 22, 2023 |
Repository | github |
Written in | Java, C++ |
License | Apache License 2.0 / Public domain[2] |
Website | ghidra-sre |
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython),[8][9] though this feature is extensible and support for other programming languages is available via community plugins.[10] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework.[11]
Ghidra's existence was originally revealed to the public via Vault 7 in March 2017,[12] but the software itself remained unavailable until its declassification and official release two years later.[5] Some comments in its source code indicates that it existed as early as 1999.[13]
In June 2019, Coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite.[14]
Ghidra can be used, officially,[15][16] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB.[17]
The following architectures or binary formats are supported:[18] [19]