What is Ghidra?
Ghidra is a free, open-source reverse engineering framework developed and released by the NSA. It provides a full suite of tools for analyzing compiled binaries — including a disassembler, decompiler, call graph analyzer, and scripting engine. Security researchers use it to examine malware, find vulnerabilities in closed-source software, and solve binary exploitation challenges in CTFs.
⚠ Legal Notice
Only use on systems you own or have explicit written permission to test. Unauthorized use violates Pakistan's PECA 2016 and international cybercrime laws.
Installation
# Update packages sudo apt update # Install Ghidra (requires Java 17+) sudo apt install ghidra -y # OR download manually from NSA's GitHub # https://github.com/NationalSecurityAgency/ghidra/releases # Ensure Java is installed sudo apt install openjdk-17-jdk -y # Launch Ghidra (GUI) ghidra # Headless analysis (CLI — no GUI required) analyzeHeadless /tmp/myproject MyProject \ -import /path/to/binary \ -postScript PrintStringsScript.java
Basic Workflow (GUI)
# 1. Launch Ghidra ghidra # 2. Create a new project: # File → New Project → Non-Shared Project # 3. Import a binary: # File → Import File → select your binary (ELF, PE, .so, etc.) # 4. Auto-analyze the binary: # Double-click the imported file → click "Yes" to analyze # 5. Key windows to use: # - CodeBrowser: disassembly + decompiler side-by-side # - Symbol Tree: functions, exports, imports # - Decompiler: auto-generated C-like pseudocode # - References: cross-references to any function or string
Key Features
- Decompiler — converts assembly back to readable C-like pseudocode
- Multi-architecture support — x86, x64, ARM, MIPS, PowerPC, and more
- Scripting — automate analysis with Java or Python (via Jython)
- Collaboration — shared project server for team-based reversing
- Version tracking — diff two versions of the same binary
- Plugin ecosystem — extend via community and custom plugins
Common Use Cases
- Malware analysis and reverse engineering
- CTF (Capture The Flag) binary exploitation challenges
- Vulnerability research on closed-source binaries
- Firmware analysis for embedded devices
Further Reading
Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs. Always read the official documentation before using in a live engagement.