- 0xdurakiGhidra Scripts
Apple-related Scripts
- SwizzlingDetector - Detect whether an app is using swizzling
- SwiftNameDemangler - Demangle Swift class, functions, and vars
- RenameObjCStubs - An Objective-C Stub decoder
Replica - Analysis Enhancer
- reb311ion/replica §installation guide
=> replica is Ghidra's Analysis Enhancer plugin
This is the typical script that I use, basically do-it-all with appropriate database that resolves to method signatures and other Ghidra components. Some things it does: disass. missed ops, detect missed funcs., use MSDN API on WinNT, detect wrapper functions, and much more.
Important Information
🐉
The file in ‘~/.config/ghidra/ghidra_scripts/’ should be available via dotdrop synced files. This also contains Replica.
$ ls ~/.config/ghidra/ghidra_scripts/reb311ion_replica
# data.py db.json replica.py ...
Running REPLICA via Ghidra Script ManagerPlugin List
- coloring_call_jmp.py
- py-findcrypt-ghidra
- binwalk.py
- yara.py
- swift_demangler.py
- golang_renamer.py
- ghidra-fidb-repo
- replace-constants
- annotate-syscalls
- goto-main
- operator
- analyzeocmsgsend.py
- fox
- rhabdomancer.java
- ghidra_stack_strings
Additionally, there is ghidra-snippets repository that may be usable as a reference to various Ghidra functions and their signatures.
Themes + Tweaks
The user zackelia implemented a
Dark Theme
for Ghidra titled ghidra-dark.
Ghidra Scripts