advanced-threat-research/GhidraScripts external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

advanced-threat-research/GhidraScripts

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/advanced-threat-research/GhidraScripts)

Close

advanced-threat-research / GhidraScriptsView on GitHubMore

• External links
• Readme badge

Scripts to run within Ghidra, maintained by the Trellix ARC team

☆127Jul 1, 2025Updated 8 months ago

Alternatives and similar repositories for GhidraScripts

Users that are interested in GhidraScripts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• advanced-threat-research / BSim

  View on GitHub
  BSim signatures and databases for Ghidra to recover function symbols with
  ☆13Jul 11, 2024Updated last year
• advanced-threat-research / FIDBs

  View on GitHub
  FunctionID databases for Ghidra to recover function symbols with from stripped binaries
  ☆15Jun 19, 2024Updated last year
• itwaseasy / ghidra-fid-generator

  View on GitHub
  ☆11Dec 31, 2023Updated 2 years ago
• d-we / binja-golang-symbol-restore

  View on GitHub
  Binary Ninja plugin for restoring function names from stripped Golang binaries
  ☆14Oct 19, 2020Updated 5 years ago
• flounderK / ghidra_scripts

  View on GitHub
  ☆13Jan 28, 2026Updated 2 months ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• qtc-de / rpv-web

  View on GitHub
  rpv-web is a browser based frontend for the rpv library
  ☆27Nov 21, 2025Updated 4 months ago
• mandiant / dncil

  View on GitHub
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
  ☆171Updated this week
• mandiant / GoReSym

  View on GitHub
  Go symbol recovery tool
  ☆955Mar 6, 2026Updated 3 weeks ago
• clearbluejar / ghidriff

  View on GitHub
  Python Command-Line Ghidra Binary Diffing Engine
  ☆748Sep 25, 2025Updated 6 months ago
• airbus-cyber / ghidralligator

  View on GitHub
  ☆330Jun 20, 2024Updated last year
• cyberkaida / golang-ghidra

  View on GitHub
  A Ghidra extension for Golang analysis
  ☆31May 21, 2023Updated 2 years ago
• nccgroup / ghostrings

  View on GitHub
  Ghidra scripts for recovering string definitions in Go binaries
  ☆129Nov 25, 2025Updated 4 months ago
• quarkslab / qbindiff

  View on GitHub
  Quarkslab Bindiffer but not only !
  ☆222May 5, 2025Updated 10 months ago
• EgeBalci / syscall_api

  View on GitHub
  ☆38Jun 5, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆20Aug 25, 2024Updated last year
• 0xdea / ghidra-scripts

  View on GitHub
  A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
  ☆290Jan 31, 2026Updated last month
• 0x6d696368 / ghidra_scripts

  View on GitHub
  Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.
  ☆160Feb 22, 2020Updated 6 years ago
• gipi / ghidra_scripts

  View on GitHub
  ☆18Dec 13, 2022Updated 3 years ago
• msm-code / ghidralib

  View on GitHub
  A Pythonic Ghidra standard library
  ☆187Feb 6, 2026Updated last month
• getCUJO / ThreatIntel

  View on GitHub
  ☆210Feb 19, 2025Updated last year
• nccgroup / Cartographer

  View on GitHub
  Code Coverage Exploration Plugin for Ghidra
  ☆379Jul 19, 2024Updated last year
• bigsnarfdude / Malware-Probabilistic-Data-Structres

  View on GitHub
  NSRL BloomFilter, Mandiant BloomFilter, Hyperloglog Malware Data Structure
  ☆15Mar 14, 2014Updated 12 years ago
• embee-research / CyberChef

  View on GitHub
  ☆16Mar 22, 2023Updated 3 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• malpedia / malpedia-flossed

  View on GitHub
  FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.
  ☆76Jan 6, 2026Updated 2 months ago
• usualsuspect / yara_vt_mock

  View on GitHub
  Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing
  ☆24May 29, 2023Updated 2 years ago
• cispa / indirect-meltdown

  View on GitHub
  Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (…
  ☆22Sep 24, 2023Updated 2 years ago
• cmu-sei / kaiju

  View on GitHub
  CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- p…
  ☆138Mar 9, 2026Updated 2 weeks ago
• NyaMisty / ghidra_ida_til

  View on GitHub
  GDT (Ghidra Data Type) generated from IDA tils
  ☆22Mar 10, 2023Updated 3 years ago
• jpleasu / ghidraal

  View on GitHub
  A Ghidra extension for scripting with GraalVM languages, including Javascript, Python3, R, and Ruby.
  ☆63Apr 27, 2021Updated 4 years ago
• NextronSystems / gimphash

  View on GitHub
  Imphash-like calculation on Golang binaries
  ☆49Jul 2, 2022Updated 3 years ago
• binarly-io / ToolsAndPoCs

  View on GitHub
  BINARLY Research Tools and PoCs
  ☆40Sep 27, 2024Updated last year
• WithSecureLabs / GarbageMan

  View on GitHub
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆119Apr 8, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• 8051Enthusiast / allyourbase

  View on GitHub
  Finds the base address of a firmware by comparing string addresses with target pointer addresses
  ☆53Mar 9, 2025Updated last year
• rbmm / TL-TASK

  View on GitHub
  ☆19Sep 17, 2025Updated 6 months ago
• VoidSec / VulnerableWindowsDrivers

  View on GitHub
  A collection of Vulnerable Windows Drivers
  ☆16Dec 4, 2021Updated 4 years ago
• kohnakagawa / gdt_helper

  View on GitHub
  Ghidra Data Type (GDT) Helper
  ☆54Dec 7, 2021Updated 4 years ago
• jbgalet / yaradec

  View on GitHub
  Simple yara decompiler
  ☆17Apr 8, 2017Updated 8 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆285Jun 18, 2025Updated 9 months ago
• mandiant / Ghidrathon

  View on GitHub
  The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
  ☆782May 8, 2024Updated last year