Ghidra
NSA-released reverse engineering suite: decompiler, disassembler, scripting, and collaboration features.
Why it is included
Full-featured free alternative to IDA for malware and firmware analysis in authorized work.
Best for
Binary analysis, malware triage, and vulnerability research.
Strengths
- Decompiler quality
- Scripting
- Headless mode
Limitations
- Java footprint; learning curve
Good alternatives
radare2 · Binary Ninja (commercial)
Related tools
Security & Privacy
radare2
Unix-style reversing framework: disasm, debug, binary patching, esil, and rich CLI automation.
Security & Privacy
Cutter
Qt GUI for Rizin/radare2 with graph views, decompiler plugins, and debugger integration.
Security & Privacy
Volatility 3
Advanced memory forensics framework for extracting artifacts from RAM dumps across OS versions.
Security & Privacy
YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
Security & Privacy
IntelOwl
Analyze files, IPs, domains, and URLs in one request by fanning out to many free/TI analyzers (YARA, PE, DNS, etc.).
Security & Privacy
CAPEv2
Malware sandbox forked from Cuckoo lineage: automated unpacking, configurable machinery, and rich reporting for analysts.