Ghidra Logo from NSA

Ghidra-Server.org provides a collaboration server on the internet for the software reverse engineering (SRE) global community using the open source software (OSS) project Ghidra's server feature.

This server is provided free to the global community by an association of independent individuals intereted in fostering international collaboration in SRE spaces. This site and associated server are not operated by the NSA, is currently hosted in Canada and has individuals involved from multiple countries. It will be available intially for 1 year from March 2019 after which usage scale and funding model will be reconsidered, with a tentative move towards a voluntary donations model.

Get an account

Reach out with a direct message to @Ghidra_Server on Twitter or email sre[you-know-the-symbol]ghidra-server.org with a brief description of what you'd like to use the server for, and a rough estimate of overall disk space requirements. This is a manual enrolment process so instructions will likely take a few days to follow. Usernames will be generated for you in an anonymous manner as Ghidra currently lists all users publicly. Repositories are also public so a naming convention will be shared with you. You will need the Ghidra client software to connect to the server which is available from NSA's https://ghidra-sre.org/. Twitter public, and direct message and email questions and suggestions welcome. If you'd like to communicate securely reach out with your preferred method.

Why use a Ghidra Server?

SRE can be a mammoth task. One of Ghidra's best features is it's check-in, check-out and merge facilities to scale up parallel efforts. Training classes and tutorials can also benefit from the central distribution a server provides.

Why use this server?

Perhaps you'd like to explore the feature set without setting up a local server; perhaps you've running some community training that would benefit from exploring server features; perhaps you've got a CTF (we promise not to steal your flags!); perhaps you've got malware to analyse; perhaps you're diagnosing your own buggy software; perhaps you're working on a bug bounty project - all good reasons to use this server. If you've got content that would not be legal to upload to a file sharing site such as this then this is not for you. If you've got content that is sensitive or private then please think carefully before using this server: we will respect your privacy but please consider the risk balance of content being hosted on a shared server instance, layered on a shared VPS.

Terms and Conditions

Please read these terms and conditions, there's a good bit near the end on bug bounties to encourage you to read on.

Ghidra-server.org and the association of Intriguing Systems are not the NSA, and ghidra-server.org is not funded or influenced by NSA.

Ghidra-server.org is designed solely to facilitate lawful SRE activities. You should always ensure that any SRE activities in which you engage are permissible as computer software may be protected under governing law (e.g., copyright) or under an applicable licensing agreement. In making ghidra-server.org available for public use, the association of Intriguing Systems and ghidra-server.org does not condone or encourage any improper usage of ghidra-server.org.

As a user you are responsible for ensuring that any content you upload to ghidra-server.org servers is permissible taking into consideration all governing laws that might apply, noting that the ghidra-server.org server(s) are currently hosted in Canada. Offensive material is not permissible and will be taken down immediately upon discovery or notification. Any deviation from permissible activities (E.g breakage of applicable licencing agreements) should be notified to ghidra-server.org and content will be taken down. The association of Intriguing Systems reserves the right to audit content for potentially offensive and non-permissive material and will try to keep the privacy intrusion to a minimum. Some resources to help you understand governing laws might include (but Ghidra-server.org and the association of Intriguing Systems do not endorse these as being correct or complete):

To respect your privacy all usernames (note these are publicly visible to all users) will not be related to your email/name/location. All repositories (note these are publicly visible by name to all users) will follow a standard naming convention to hide the associated users and type of content. Users have the ability to create repository names themselves and any not confirming to the naming convention described on registration will be taken down. Sysadmins of the association of Intriguing Systems will respect the privacy of your client IP addresses. We appreciate many potential users of a public server will have reservations of sharing SRE analysis, and a local server may be a better solution for you, but we have made some effort to assess the risks as follows. From a brief inspection of ghidra client to ghidra server IP traffic it looks secured under TLS1.2 however we make no guarantees on the privacy of your data on the wire from onlookers. We are open to running the ghidra-server.org as a tor hidden service if somebody can get this working to further limit the information available to sysadmins. Furthermore we wonder if the ghidra server software could be patched to store content in an encrypted form so that sysadmins cannot see it.

On registration you will contact ghidra-server.org via Twitter or Email. The association of your Twitter/Email address with a ghidra-server.org will not be stored on the ghidra server VPS(s) to maintain your privacy, and will be kept on other systems(s) with disk encryption. You are responsible for keeping ghidra-server.org updated with any Twitter/Email address changes so that you are reachable during the time that you have an active account on ghidra-server.org. If you would like an export of your ghidra-server.org content and any records of you based on your ghida-server.org username or Twitter/Email address get in touch. You may hold multiple ghidra-server.org usernames to facilitate cross working on several repositories.

The authentication method in use at present is username and password based. In the future we may explore the PKI and/or SSH key options but at present these will not be made available.

As a user you are encouraged to follow the ghidra-server.org Twitter account, and it would be nice if you could spread the word to others who may find the service useful.

Please submit bugs in the ghidra server OSS software as released by NSA to the official ghidra github issue tracker. If you submit bugs that you think ghidra-server.org needs to take action on, or if you have good ideas for features (E.g we'd like a better user enrolment tool, and an ability to hide/group users in selection panels) we'd appreciate a tip off to ghidra-server.org Twitter or email.

On first access if you are not familiar with ghidra server usage generally you are encouraged to access (you will be given read/write access on each acount) the rHydrogen repository which contains the Ghidra Class binaries available for experimentation. Please respect other users and clone the clean tree of binaries before checking in changes, and clean up after you are done by deleting your tree.

Following registration you will be supplied the server DNS names of a ghidra-server running the ghidra server software, a username and password and guidance on repository creation naming. You should change your password ASAP. You will have ability to create new repositories and become the initial admin on these. It will be your responsibility to administer read/write/admin access for further users. Each user needs to have a separate username, and if helpful we will accept bulk user account creation requests (E.g to support a training course) and delegate username and password distribution to you on the understanding that you will be the sole contact for the users unless they make contact later directly with ghidra-server.org.

The association of Intriguing Systems and ghidra-server.org will not provide backups. Your data is at risk on our server(s) and you should put disaster recover processes in place if needed.

The ghidra-server.org service may be shutdown at any moment, and may suffer outages, although the hope is to run for at least 1 year through to March 2020. The association of Intriguing Sytems will not be responsibile for any loss or damages you suffer as a result of loss of service. The hosting is on a commercial VPS so we hope for reasonable uptime.

User registration and support requests will be answered on a best endeavours basis by volunteers of the association of Intriguing Systems.

The ghidra-server.org service is a shared facility, so respect other users with considerate use of disk space (Megabytes to tens of Megabytes per users is perhaps reasonable) and network bandwidth.

If you've got publicly shareable feedback and don't mind others knowing you are a general user of ghidra-server.org it would be nice to post this on the ghdira-server.org Twitter account.

Respect the privacy of other users and the association of Intriguing Systems. If you happen to know username or sysadmin associations to real people, Twitter, email addresses or simlar please keep this to yourself. Volunteers welcome to support this community effort, please reach out with a description of what you may be able to offer in terms of skills and time.

In order to encourage a community effort to catch and disclose security issues with ghidra-server.org early, a bug bounty is available for compromises of the host OS (user-mode, user-to-administrator, kernel-mode, accounts) running the ghidra server software as well as compromises of the ghidra server software. Please let us know thoughts on the best way to validate this (maybe we should have some CTF style flags available to collect). Eligible attack surfaces are the IPv4 and IPv6 TCP sockets exposed by the ghidra server software 13100, 13101, 13102 (no brute forcing or DDOS). Resource exhaustion attacks are out of scope. As the source code for the ghidra server has not been audited and we are not sure if the server was designed with security in mind we may award the first reasonably deep code review to state whether the server is generally suitable for running on a public IP with general public users even if the answer is that it is secure. No wider port scanning as our hosting company may complain. Examples of scenarios resulting in a bounty award include: ability to login as a user account that you do not have the password for, access to a repository that your user account does not have privileges for, any form of code execution in user-mode or kernel-mode. Social engineering is out of scope and will not be awarded. Attacks against the hosting company are out of scope and will not be awarded. As ghidra-server.org is a fledgling voluntary service bounties are small and will involve a selection of shout outs on Twitter, ghidra branded (temporary) tattoos and home brew beer depending on the postal logistics of shipping to you and the gravity of your find.