Skip to content
/ ghidra_scripts Public

Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.

License

GPL-3.0 license
157 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0x6d696368/ghidra_scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
BuiltInTypes.h
BuiltInTypes.h
 
 
DumpLanguageIDs.py
DumpLanguageIDs.py
 
 
DumpProgramLanguageIDsAndCspecs.py
DumpProgramLanguageIDsAndCspecs.py
 
 
GoogleSearch.md
GoogleSearch.md
 
 
GoogleSearch.png
GoogleSearch.png
 
 
GoogleSearch.py
GoogleSearch.py
 
 
LICENSE
LICENSE
 
 
RC4Decrypter.md
RC4Decrypter.md
 
 
RC4Decrypter.png
RC4Decrypter.png
 
 
RC4Decrypter.py
RC4Decrypter.py
 
 
README.md
README.md
 
 
SearchSimpleStackStrings.md
SearchSimpleStackStrings.md
 
 
SearchSimpleStackStrings.png
SearchSimpleStackStrings.png
 
 
SearchSimpleStackStrings.py
SearchSimpleStackStrings.py
 
 
SimpleStackStrings.md
SimpleStackStrings.md
 
 
SimpleStackStrings.png
SimpleStackStrings.png
 
 
SimpleStackStrings.py
SimpleStackStrings.py
 
 
YaraSearch.md
YaraSearch.md
 
 
YaraSearch.png
YaraSearch.png
 
 
YaraSearch.py
YaraSearch.py
 
 
colorCallGraphCallsTo.md
colorCallGraphCallsTo.md
 
 
colorCallGraphCallsTo.py
colorCallGraphCallsTo.py
 
 
pipeDecoder.md
pipeDecoder.md
 
 
pipeDecoder.png
pipeDecoder.png
 
 
pipeDecoder.py
pipeDecoder.py
 
 
pipeDecoderTemplate.c
pipeDecoderTemplate.c
 
 

Repository files navigation

My Ghidra scripts

A collection of some useful Ghidra scripts I come up with. This is a personal repository. So while you can open issues, I won't guarantee any bug fixes, improvements, etc.

Scripts only tested with CentOS 7.

Documentation

Each script has a .md file with its documentation.

Dependencies

  • YaraSearch.py: yara must be in $PATH
  • GoogleSearch.py: Needs firefox in $PATH

For details please see each script's .md file.

Install

Copy the script(s) (you like to use) to your ghidra_scripts folder (usually located at ~/ghidra_scripts) or any other directory Ghidra is configured to search for scripts.

TODO

  • Make SearchStackStrings.py call StackStrings.py internally.
  • Improve StackStrings.py to handle different and more complex strack strings.

About

Ghidra scripts such as a RC4 decrypter, Yara search, stack string decoder, etc.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

157 stars

Watchers

12 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages