advanced-threat-research/GhidraScripts external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

advanced-threat-research/GhidraScripts

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/advanced-threat-research/GhidraScripts)

Close

advanced-threat-research / GhidraScriptsView on GitHubMore

• External links
• Readme badge

Scripts to run within Ghidra, maintained by the Trellix ARC team

☆128Jul 1, 2025Updated 9 months ago

Alternatives and similar repositories for GhidraScripts

Users that are interested in GhidraScripts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• advanced-threat-research / BSim

  View on GitHub
  BSim signatures and databases for Ghidra to recover function symbols with
  ☆15Jul 11, 2024Updated last year
• advanced-threat-research / FIDBs

  View on GitHub
  FunctionID databases for Ghidra to recover function symbols with from stripped binaries
  ☆15Jun 19, 2024Updated last year
• d-we / binja-golang-symbol-restore

  View on GitHub
  Binary Ninja plugin for restoring function names from stripped Golang binaries
  ☆14Oct 19, 2020Updated 5 years ago
• flounderK / ghidra_scripts

  View on GitHub
  ☆13Jan 28, 2026Updated 2 months ago
• qtc-de / rpv-web

  View on GitHub
  rpv-web is a browser based frontend for the rpv library
  ☆27Nov 21, 2025Updated 4 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• mandiant / dncil

  View on GitHub
  The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
  ☆171Updated this week
• mandiant / GoReSym

  View on GitHub
  Go symbol recovery tool
  ☆965Mar 6, 2026Updated last month
• clearbluejar / ghidriff

  View on GitHub
  Python Command-Line Ghidra Binary Diffing Engine
  ☆751Sep 25, 2025Updated 6 months ago
• airbus-cyber / ghidralligator

  View on GitHub
  ☆329Jun 20, 2024Updated last year
• cyberkaida / golang-ghidra

  View on GitHub
  A Ghidra extension for Golang analysis
  ☆32May 21, 2023Updated 2 years ago
• nccgroup / ghostrings

  View on GitHub
  Ghidra scripts for recovering string definitions in Go binaries
  ☆133Nov 25, 2025Updated 4 months ago
• quarkslab / qbindiff

  View on GitHub
  Quarkslab Bindiffer but not only !
  ☆225May 5, 2025Updated 11 months ago
• EgeBalci / syscall_api

  View on GitHub
  ☆38Jun 5, 2023Updated 2 years ago
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆21Aug 25, 2024Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• 0xdea / ghidra-scripts

  View on GitHub
  A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
  ☆294Jan 31, 2026Updated 2 months ago
• 0x6d696368 / ghidra_scripts

  View on GitHub
  Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.
  ☆160Feb 22, 2020Updated 6 years ago
• gipi / ghidra_scripts

  View on GitHub
  ☆18Dec 13, 2022Updated 3 years ago
• antoniovazquezblanco / GhidraFindcrypt

  View on GitHub
  Ghidra analysis plugin to locate cryptographic constants
  ☆85Mar 27, 2026Updated 3 weeks ago
• diommsantos / QtREAnalyzer

  View on GitHub
  QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.
  ☆134Apr 27, 2025Updated 11 months ago
• msm-code / ghidralib

  View on GitHub
  A Pythonic Ghidra standard library
  ☆188Feb 6, 2026Updated 2 months ago
• getCUJO / ThreatIntel

  View on GitHub
  ☆210Feb 19, 2025Updated last year
• nccgroup / Cartographer

  View on GitHub
  Code Coverage Exploration Plugin for Ghidra
  ☆379Jul 19, 2024Updated last year
• bigsnarfdude / Malware-Probabilistic-Data-Structres

  View on GitHub
  NSRL BloomFilter, Mandiant BloomFilter, Hyperloglog Malware Data Structure
  ☆15Mar 14, 2014Updated 12 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• embee-research / CyberChef

  View on GitHub
  ☆16Mar 22, 2023Updated 3 years ago
• malpedia / malpedia-flossed

  View on GitHub
  FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.
  ☆77Jan 6, 2026Updated 3 months ago
• usualsuspect / yara_vt_mock

  View on GitHub
  Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing
  ☆24May 29, 2023Updated 2 years ago
• cispa / indirect-meltdown

  View on GitHub
  Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (…
  ☆22Sep 24, 2023Updated 2 years ago
• cmu-sei / kaiju

  View on GitHub
  CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- p…
  ☆140Mar 9, 2026Updated last month
• NyaMisty / ghidra_ida_til

  View on GitHub
  GDT (Ghidra Data Type) generated from IDA tils
  ☆22Mar 10, 2023Updated 3 years ago
• jpleasu / ghidraal

  View on GitHub
  A Ghidra extension for scripting with GraalVM languages, including Javascript, Python3, R, and Ruby.
  ☆63Apr 27, 2021Updated 4 years ago
• NextronSystems / gimphash

  View on GitHub
  Imphash-like calculation on Golang binaries
  ☆49Jul 2, 2022Updated 3 years ago
• binarly-io / ToolsAndPoCs

  View on GitHub
  BINARLY Research Tools and PoCs
  ☆39Sep 27, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• WithSecureLabs / GarbageMan

  View on GitHub
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆119Apr 8, 2023Updated 3 years ago
• 8051Enthusiast / allyourbase

  View on GitHub
  Finds the base address of a firmware by comparing string addresses with target pointer addresses
  ☆53Mar 9, 2025Updated last year
• rbmm / TL-TASK

  View on GitHub
  ☆19Sep 17, 2025Updated 7 months ago
• VoidSec / VulnerableWindowsDrivers

  View on GitHub
  A collection of Vulnerable Windows Drivers
  ☆16Dec 4, 2021Updated 4 years ago
• kohnakagawa / gdt_helper

  View on GitHub
  Ghidra Data Type (GDT) Helper
  ☆54Dec 7, 2021Updated 4 years ago
• jbgalet / yaradec

  View on GitHub
  Simple yara decompiler
  ☆17Apr 8, 2017Updated 9 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆292Jun 18, 2025Updated 10 months ago