Scripts for the Ghidra software reverse engineering suite.
In the Ghidra Script Manager click the "Script Directories" icon in the toolbar and add the checked out repository as a path. Scripts from this collection will appear in the "Ghidra Ninja" category.
Runs binwalk on the current program and bookmarks the findings. Requires binwalk to be in
Automatically find crypto constants in the loaded program - allows to very quickly identify crypto code.
Runs yara with the patterns found in yara-crypto.yar on the current program. The Yara rules are licensed under GPLv2. In addition @phoul's SHA256 rule was added.
yara to be in
Automatically demangle swift function names. For more complex functions it adds the full demangled name into the function comment. Requires
swift to be in
Restores function names from a stripped Go binary. This script was contributed by QwErTy (QwErTyReverse on Telegram) and is a port of George Zaytsev's go_renamer.py.