This is a dockerized version of Ghidra, meant as a server for multi-user projects, and for headless analysis. By default, it stays within whatever memory limits are set set in Docker or Kubernetes on the container (via the container awareness in Java 10+). Instead of running Ghidra's Linux service, this container runs the Ghidra server directly, and is configured to log to stdout.
If you want to have a user created on first start with the default password of
'changeme', set GHIDRA_DEFAULT_USERS
to the comma-separated usernames.
For example, to run Ghidra server in a container with a memory limit of 1GB and
create users named esfried
and ghidra
, use:
docker run -it --rm -m 1G --env GHIDRA_DEFAULT_USERS=esfried,ghidra bskaggs/ghidra
If you would like to pass any additional flags to the Ghidra server, set
GHIDRA_FLAGS
to specify the flags and values.
For example, to run the Ghidra server with anonymous access enabled and the password reset window set to 3 days instead of 1, use:
docker run -it --rm --env "GHIDRA_FLAGS=-anonymous -e3" bskaggs/ghidra
There is also a Helm chart for Kubernetes in the charts/ghidra-server charts directory that will create a one-pod StatefulSet with a persistent volume for storing the repository information.
You can use Ghidra for headless analysis; be sure to read
support/analyzeHeadlessREADME.html
in the Ghidra distribution to find out
more.
User names are by default based on the OS user name, so it's easiest to make one
for the user running the GUI, and one for ghidra
for headless analysis in a docker
container. However, if you'd like, you can change your user name when launching
Ghidra (either with the GUI, or headless in docker) by setting the following
environment variable:
VMARGS=-Duser.name=esfried
To create the initial repository on the server, you must currently connect once
via the GUI (instructions will change once source code is released). Create a
shared project (foo
in our example) with your user as the admin, and make sure
to let the ghidra
user we will use for the headless analysis have Read/Write
access.
If, for example, the Ghidra server container you created is running with the IP
address on the docker bridge of 172.17.0.2, you can then launch an analyzer
container. In this case, we will mount in /usr/bin
on the host as /data
,
and then analyze every binary in the directory:
echo changeme | docker run -i --rm -m 4G -v /usr/bin:/data:ro bskaggs/ghidra \
support/analyzeHeadless ghidra://172.17.0.2/foo -p -import /data
If you have your GUI also logged in to the server, you will see the programs being added as they are analyzed