Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

ghidra_scripts

Scripts for the Ghidra software reverse engineering suite.

Installation

In the Ghidra Script Manager click the "Script Directories" icon in the toolbar and add the checked out repository as a path. Scripts from this collection will appear in the "Ghidra Ninja" category.

binwalk.py

Runs binwalk on the current program and bookmarks the findings. Requires binwalk to be in $PATH.

Example result: SHA256 constants found by binwalk.

yara.py

Automatically find crypto constants in the loaded program - allows to very quickly identify crypto code.

Example result: Crypto constants found in libcrypto.a

Runs yara with the patterns found in yara-crypto.yar on the current program. The Yara rules are licensed under GPLv2. In addition @phoul's SHA256 rule was added.

Requires yara to be in $PATH.

export_gameboy_rom.py

Exports working ROMs from ROMs imported using Gekkio's GhidraBoy.

swift_demangler.py

Automatically demangle swift function names. For more complex functions it adds the full demangled name into the function comment. Requires swift to be in $PATH.

Example result: Swift demangling of a simple entry function.

golang_renamer.py

Restores function names from a stripped Go binary. This script was contributed by QwErTy (QwErTyReverse on Telegram) and is a port of George Zaytsev's go_renamer.py.

Example result: Function names restored by golang_renamer.py

About

Scripts for the Ghidra software reverse engineering suite.

Resources

License

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •