nationalsecurityagency/ghidra

Ghidra is a free, open-source software reverse engineering framework created and maintained by the US National Security Agency. Reverse engineering in this context means taking a compiled program, a binary file that a computer can run, and analyzing it to understand what it does, even without access to the original source code. This is a common need in cybersecurity work: malware analysts examining suspicious programs, security researchers looking for vulnerabilities, and developers trying to understand how a piece of proprietary software behaves. The tool provides a graphical desktop application where you can load a compiled binary and see it broken down into human-readable assembly language (a low-level representation of machine instructions) and even partially reconstructed higher-level code through its decompiler feature. The decompiler tries to infer what the original code logic might have looked like, making it much faster to understand a program than reading raw assembly alone. Ghidra also supports graphing the control flow of a program (showing how different parts of the code connect and branch), searching for patterns, and writing custom analysis scripts in Java or Python to automate tedious tasks. It supports a wide range of processor architectures and executable file formats across Windows, macOS, and Linux. You can use it interactively through its graphical interface or run it in automated mode for batch analysis. You would reach for Ghidra when analyzing malware, doing security vulnerability research on closed-source software, participating in capture-the-flag security competitions, or studying how a compiled program works at a deep technical level. It competes with commercial tools like IDA Pro, offering similar capabilities at no cost. The project is written in Java and requires Java 21 to run. Extensions and scripts can be written in Java or Python.