Ghidra
Free reverse engineering tool developed by the National Security Agency
From Wikipedia, the free encyclopedia
Ghidra (/ˈɡiːdrə/[3] GEE-druh[4]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at the RSA Conference in March 2019; the source code was published one month later on GitHub.[5] Ghidra is seen by many security researchers as a competitor to IDA Pro.[6] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.[7]
| Ghidra | |
|---|---|
| |
 Disassembly of a file in Ghidra | |
| Original author | NSA |
| Initial release | March 5, 2019 |
| Stable release | 12.0.4[1]
/ March 4, 2026 |
| Written in | Java, C++ |
| License | Apache License 2.0 / Public domain[2] |
| Website | ghidra-sre |
| Repository | github |
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython),[8][9] though this feature is extensible and support for other programming languages is available via community plugins.[10] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework.[11]
History
Ghidra's existence was originally revealed to the public via Vault 7 in March 2017,[12] but the software itself remained unavailable until its declassification and official release two years later.[5] Some comments in its source code indicate that it existed as early as 1999.[13]
| Version | Year | Major features |
|---|---|---|
| 1.0 | 2003 | Proof of concept |
| 2.0 | 2004 | Database, docking windows |
| 3.0 | 2006 | SLEIGH, decompiler, version control |
| 4.0 | 2007 | Scripting, version tracking |
| 5.0 | 2010 | File system browser |
| 6.0 | 2014 | First unclassified version |
| 9.0 | 2019 | First public release |
| 9.2 | 2020 | Graph visualization, new PDB parser |
| 10.0 | 2021 | Debugger |
| 11.0 | 2023 | Rust and Go binaries support, BSim |
| 11.1 | 2024 | Swift and DWARF 5 support, Mach-O improvements |
In June 2019, coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite.[17]
Ghidra can be used as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, Linux programs via GDB and macOS programs via LLDB.[18]
.svg){kind=logo}