advanced-threat-research/GhidraScripts external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

advanced-threat-research/GhidraScripts

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/advanced-threat-research/GhidraScripts)

Close

advanced-threat-research / GhidraScriptsView on GitHubMore

• External links
• Readme badge

Scripts to run within Ghidra, maintained by the Trellix ARC team

☆128Jul 1, 2025Updated 10 months ago

Alternatives and similar repositories for GhidraScripts

Users that are interested in GhidraScripts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• advanced-threat-research / BSim

  View on GitHub
  BSim signatures and databases for Ghidra to recover function symbols with
  ☆15Jul 11, 2024Updated last year
• advanced-threat-research / FIDBs

  View on GitHub
  FunctionID databases for Ghidra to recover function symbols with from stripped binaries
  ☆15Jun 19, 2024Updated last year
• itwaseasy / ghidra-fid-generator

  View on GitHub
  ☆11Dec 31, 2023Updated 2 years ago
• d-we / binja-golang-symbol-restore

  View on GitHub
  Binary Ninja plugin for restoring function names from stripped Golang binaries
  ☆14Oct 19, 2020Updated 5 years ago
• flounderK / ghidra_scripts

  View on GitHub
  ☆13Jan 28, 2026Updated 3 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• qtc-de / rpv-web

  View on GitHub
  rpv-web is a browser based frontend for the rpv library
  ☆28Nov 21, 2025Updated 5 months ago
• mandiant / dncil

  View on GitHub
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
  ☆173Apr 27, 2026Updated last week
• mandiant / GoReSym

  View on GitHub
  Go symbol recovery tool
  ☆979Mar 6, 2026Updated 2 months ago
• clearbluejar / ghidriff

  View on GitHub
  Python Command-Line Ghidra Binary Diffing Engine
  ☆751Sep 25, 2025Updated 7 months ago
• airbus-cyber / ghidralligator

  View on GitHub
  ☆328Jun 20, 2024Updated last year
• cyberkaida / golang-ghidra

  View on GitHub
  A Ghidra extension for Golang analysis
  ☆32May 21, 2023Updated 2 years ago
• nccgroup / ghostrings

  View on GitHub
  Ghidra scripts for recovering string definitions in Go binaries
  ☆133Nov 25, 2025Updated 5 months ago
• quarkslab / qbindiff

  View on GitHub
  Quarkslab Bindiffer but not only !
  ☆225May 5, 2025Updated last year
• EgeBalci / syscall_api

  View on GitHub
  ☆38Jun 5, 2023Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆21Aug 25, 2024Updated last year
• 0x6d696368 / ghidra_scripts

  View on GitHub
  Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.
  ☆160Feb 22, 2020Updated 6 years ago
• gipi / ghidra_scripts

  View on GitHub
  ☆18Dec 13, 2022Updated 3 years ago
• diommsantos / QtREAnalyzer

  View on GitHub
  QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.
  ☆134Apr 27, 2025Updated last year
• msm-code / ghidralib

  View on GitHub
  A Pythonic Ghidra standard library
  ☆189Feb 6, 2026Updated 3 months ago
• getCUJO / ThreatIntel

  View on GitHub
  ☆210Feb 19, 2025Updated last year
• nccgroup / Cartographer

  View on GitHub
  Code Coverage Exploration Plugin for Ghidra
  ☆380Jul 19, 2024Updated last year
• bigsnarfdude / Malware-Probabilistic-Data-Structres

  View on GitHub
  NSRL BloomFilter, Mandiant BloomFilter, Hyperloglog Malware Data Structure
  ☆15Mar 14, 2014Updated 12 years ago
• malpedia / malpedia-flossed

  View on GitHub
  FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.
  ☆80Jan 6, 2026Updated 4 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• usualsuspect / yara_vt_mock

  View on GitHub
  Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing
  ☆24May 29, 2023Updated 2 years ago
• cispa / indirect-meltdown

  View on GitHub
  Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (…
  ☆22Sep 24, 2023Updated 2 years ago
• embee-research / CyberChef

  View on GitHub
  ☆16Mar 22, 2023Updated 3 years ago
• cmu-sei / kaiju

  View on GitHub
  CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- p…
  ☆140Mar 9, 2026Updated last month
• NyaMisty / ghidra_ida_til

  View on GitHub
  GDT (Ghidra Data Type) generated from IDA tils
  ☆22Mar 10, 2023Updated 3 years ago
• jpleasu / ghidraal

  View on GitHub
  A Ghidra extension for scripting with GraalVM languages, including Javascript, Python3, R, and Ruby.
  ☆63Apr 27, 2021Updated 5 years ago
• NextronSystems / gimphash

  View on GitHub
  Imphash-like calculation on Golang binaries
  ☆50Jul 2, 2022Updated 3 years ago
• binarly-io / ToolsAndPoCs

  View on GitHub
  BINARLY Research Tools and PoCs
  ☆39Sep 27, 2024Updated last year
• WithSecureLabs / GarbageMan

  View on GitHub
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆120Apr 8, 2023Updated 3 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• 8051Enthusiast / allyourbase

  View on GitHub
  Finds the base address of a firmware by comparing string addresses with target pointer addresses
  ☆54Mar 9, 2025Updated last year
• the2dl / chronicle_detection_public

  View on GitHub
  Public Chronicle Detection Rules
  ☆12Apr 25, 2023Updated 3 years ago
• VoidSec / VulnerableWindowsDrivers

  View on GitHub
  A collection of Vulnerable Windows Drivers
  ☆16Dec 4, 2021Updated 4 years ago
• kohnakagawa / gdt_helper

  View on GitHub
  Ghidra Data Type (GDT) Helper
  ☆54Dec 7, 2021Updated 4 years ago
• mandiant / Ghidrathon

  View on GitHub
  The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
  ☆786May 8, 2024Updated 2 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆296May 1, 2026Updated last week
• rbmm / SDD2

  View on GitHub
  Self delete DLL (2)
  ☆14Feb 15, 2024Updated 2 years ago