> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/NationalSecurityAgency/ghidra/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction to Ghidra

> Learn about Ghidra, the NSA's open-source software reverse engineering framework

## What is Ghidra?

Ghidra is a software reverse engineering (SRE) framework created and maintained by the [National Security Agency](https://www.nsa.gov) Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

<Note>
  Ghidra was publicly released as open source software in March 2019 at the RSA Conference, making advanced reverse engineering capabilities available to security researchers worldwide.
</Note>

## History and Purpose

In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

## Key Capabilities

Ghidra provides comprehensive reverse engineering features:

<CardGroup cols={2}>
  <Card title="Disassembly" icon="microchip">
    Support for a wide variety of processor instruction sets including x86, ARM, MIPS, PowerPC, SPARC, and many more
  </Card>

  <Card title="Decompilation" icon="code">
    Advanced decompiler that converts assembly code back into readable C-like pseudocode
  </Card>

  <Card title="Graphing" icon="diagram-project">
    Visual representation of program flow, function call graphs, and data relationships
  </Card>

  <Card title="Scripting" icon="file-code">
    Extensible through custom scripts written in Java or Python
  </Card>
</CardGroup>

### Core Features

<Steps>
  <Step title="Multi-Platform Support">
    Analyze compiled code across Windows, macOS, and Linux platforms with a consistent interface
  </Step>

  <Step title="Multiple File Formats">
    Import and analyze various executable formats including PE, ELF, Mach-O, and raw binary files
  </Step>

  <Step title="Collaborative Analysis">
    Work with teams using the Ghidra Server for shared project repositories
  </Step>

  <Step title="Extensibility">
    Develop custom analyzers, plugins, and extensions using Java or Python APIs
  </Step>
</Steps>

## Advanced Analysis Tools

Ghidra includes hundreds of features for deep program analysis:

* **Function Identification**: Automatically detect and analyze functions within binaries
* **Cross-References**: Track data and code references throughout the program
* **Data Type Management**: Define and apply custom data structures
* **Binary Diffing**: Compare multiple versions of binaries to identify changes
* **Debugger Integration**: Dynamic analysis with integrated debugging support
* **BSim (Behavioral Similarity)**: Find structurally similar functions across binary collections

## Operating Modes

Ghidra can be run in multiple modes to suit different workflows:

```bash theme={null}
# GUI Mode - Interactive analysis
./ghidraRun

# Headless Mode - Automated batch processing
./support/analyzeHeadless <project_location> <project_name> [options]

# PyGhidra Mode - Native Python integration
./support/pyghidraRun
```

<Warning>
  Before proceeding, please read through Ghidra's [Security Advisories](https://github.com/NationalSecurityAgency/ghidra/security/advisories) as there are known security vulnerabilities within certain versions of Ghidra.
</Warning>

## Extensibility and Customization

Users can extend Ghidra's functionality through:

* **Custom Scripts**: Automate repetitive tasks and create custom analysis workflows
* **Plugins**: Add new features and integrate with external tools
* **Analyzers**: Implement domain-specific analysis capabilities
* **Processors**: Add support for new instruction sets
* **File Loaders**: Support additional executable formats

## Open Source Community

Ghidra is released under the Apache License 2.0, enabling:

* Free use for commercial and non-commercial purposes
* Community contributions and improvements
* Integration with other security tools and workflows
* Academic research and education

<Note>
  If you would like to contribute bug fixes, improvements, and new features back to Ghidra, please take a look at the [Contributor's Guide](https://github.com/NationalSecurityAgency/ghidra/blob/master/CONTRIBUTING.md) to see how you can participate in this open source project.
</Note>

## Next Steps

Ready to get started with Ghidra? Continue to the installation guide to set up your environment, or jump to the quickstart guide to begin analyzing your first binary.