Ghidra is a software reverse engineering framework created and maintained by the National Security Agency's Research Directorate. Written primarily in Java, it provides a comprehensive suite of analysis tools for examining compiled code across Windows, macOS, and Linux platforms. The framework supports disassembly, assembly, decompilation, graphing, and scripting capabilities, along with hundreds of additional features. It handles a wide variety of processor instruction sets and executable formats and can operate in both interactive and automated modes, with extensibility through custom components and scripts written in Java or Python.
The framework was developed to address scaling and teaming challenges in complex reverse engineering efforts and to serve as a customizable research platform. NSA has deployed Ghidra's capabilities to analyze malicious code and generate insights for security analysts investigating potential vulnerabilities in networks and systems. The tool is designed to support the agency's cybersecurity mission by enabling deep analysis of compiled binaries and threat detection workflows.
According to GitGenius activity tracking across 2007 items, the repository maintains a median issue and pull request response latency of 15 hours, though the mean extends to 6296.4 hours, indicating some longer-term items in the backlog. The most frequently applied issue labels are Status: Internal with 787 occurrences, Status: Triage with 393 occurrences, and Feature: Decompiler with 266 occurrences, reflecting active development focused on decompilation capabilities and internal triage processes. The primary contributors tracked by GitGenius are ryanmkurtz with 5449 events, dragonmacher with 957 events, and GhidorahRex with 669 events, demonstrating concentrated development leadership.
The repository shows cross-project influence with overlapping contributors shared with microsoft/vscode, rust-lang/rust, and microsoft/typescript, suggesting integration with broader development tooling ecosystems. Installation requires JDK 21 for official releases, which are distributed as multi-platform zip files. Building from source requires JDK 25, Gradle 9.1.0 or higher, Python 3.9 to 3.14, and platform-specific compilers and build tools. Development is recommended through Eclipse IDE with customized integration, while users can extend Ghidra through the GhidraDev Eclipse plugin or Visual Studio Code integration for script development.
The framework includes security advisories documenting known vulnerabilities in certain versions, requiring users to review these before deployment. Users can contribute improvements through the project's contributor guide, and the codebase supports both interactive analysis through the CodeBrowser interface and programmatic automation through scripting capabilities.