# Install ghidra with Homebrew, apk, chocolatey, MacPorts, Nix, pacman, scoop

Multi-platform software reverse engineering framework. Version 12.1.2 via Homebrew; verified 2026-06-05.

## Install

```sh
sudo av install brew:ghidra
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ghidra
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install ghidra
```

  Evidence: MacPorts ports tree: devel/ghidra/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add ghidra
```

  Evidence: Alpine Linux edge package indexes: ghidra from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#ghidra
```

  Evidence: nixpkgs package indexes: ghidra from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

- pacman (92%):

```sh
sudo pacman -S ghidra
```

  Evidence: Arch Linux sync databases: ghidra from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

### Windows

- Chocolatey (92%):

```sh
choco install ghidra
```

  Evidence: Chocolatey community package catalog: ghidra from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','gawk'

- Scoop (92%):

```sh
scoop install extras/ghidra
```

  Evidence: Scoop official bucket manifest trees: bucket/ghidra.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:ghidra
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ghidra>
- **Version:** 12.1.2
- **Source summary:** Multi-platform software reverse engineering framework
- **Homepage:** <https://github.com/NationalSecurityAgency/ghidra>
- **Repository:** <https://github.com/NationalSecurityAgency/ghidra>
- **Upstream docs:** <https://ghidra-sre.org/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/NationalSecurityAgency/ghidra/archive/refs/tags/Ghidra_12.1.2_build.tar.gz>
- **Last updated:** 2026-06-05T21:47:28Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- ghidraRun (cli)
- pyghidraRun (cli)
- ghidraRun (alias)
- pyghidraRun (alias)

## Dependencies

- openjdk@21

## Build dependencies

- gradle
- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 12.1.2
- Package-manager updated: 2026-06-05
- Local data: ok
- Upstream repository: https://github.com/NationalSecurityAgency/ghidra
- info: No cached GitHub release or tag data was available.
## Project history and usage

Ghidra is NSA's open-source software reverse engineering framework, combining disassembly, decompilation, graphing, scripting, collaboration, and extension development across many processor architectures and executable formats.

### Project history

NSA publicly released Ghidra at the 2019 RSA Conference after years of research and development aimed at difficult software reverse engineering mission problems. The project README says it was built to solve scaling and teaming problems on complex analysis efforts and to provide a customizable research platform.

### Adoption history

NSA described the public reaction as overwhelming after release, with hundreds of thousands of downloads and millions of website views in the first days. Four years later, NSA reported more than one million public downloads, use in college curricula, books and videos, operational use by technology and cybersecurity companies, and community contributions through GitHub.

### How it is used

Practitioners use Ghidra interactively for reverse engineering compiled code and in automated modes for batch analysis. Common workflows include importing binaries, disassembling and decompiling functions, using the Sleigh processor specification language and P-code model, writing Java or Python scripts, and building extensions.

### Why package nerds care

Ghidra became significant to security packagers because a high-end reverse engineering suite moved from a government internal tool to a redistributable Apache-licensed project. The official release packaging is a multi-platform zip rather than a traditional installer, which made package-manager formulas and wrappers valuable for users who prefer reproducible installs.

### Timeline

- 2019: NSA released Ghidra to the public at RSA Conference.
- 2019: The public GitHub repository and Ghidra 9.0.1 release appeared.
- 2023: NSA reported more than one million public downloads across the first four years.

### Related projects

- The Ghidra source tree includes PyGhidra, GhidraDev, Sleigh, a headless analyzer, a server component, and extension APIs for Java and Python users.

### Sources

- <https://github.com/NationalSecurityAgency/ghidra>
- <https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_9.0.1_build>
- <https://raw.githubusercontent.com/NationalSecurityAgency/ghidra/master/DevGuide.md>
- <https://raw.githubusercontent.com/NationalSecurityAgency/ghidra/master/GhidraDocs/GettingStarted.md>
- <https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/1775584/ghidra-the-software-reverse-engineering-tool-youve-been-waiting-for-is-here/>
- <https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3319971/four-years-later-the-impacts-of-ghidras-public-release/>


## Security Notes

escape, surveillance, or offensive capability signal.

- **Geiger risk:** red / medium
- escape, surveillance, or offensive capability signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ghidra
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - ghidra: normalized package name match | nixpkgs package indexes: ghidra from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- apk - ghidra - 12.0.4-r0: normalized package name match | Alpine Linux edge package indexes: ghidra from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | A Cross Platform and Open Source Electronics Design Automation Suite | https://ghidra-sre.org/
- apk - ghidra-doc - 12.0.4-r0: normalized package name match | Alpine Linux edge package indexes: ghidra-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | A Cross Platform and Open Source Electronics Design Automation Suite (documentation) | https://ghidra-sre.org/
- apk - ghidra-tutorials - 12.0.4-r0: normalized package name match | Alpine Linux edge package indexes: ghidra-tutorials from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Ghidra tutorial files | https://ghidra-sre.org/
- pacman - ghidra - 12.1.2-1: normalized package name match | Arch Linux sync databases: ghidra from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Software reverse engineering framework | https://ghidra-sre.org/
- MacPorts - ghidra: normalized package name match | MacPorts ports tree: devel/ghidra/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Chocolatey - ghidra: normalized package name match | Chocolatey community package catalog: ghidra from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','gawk'
- Scoop - extras/ghidra: normalized package name match | Scoop official bucket manifest trees: bucket/ghidra.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [openjdk@21](https://www.automicvault.com/pkg/brew/openjdk-21/) - Runtime dependency declared by Homebrew.
- [gradle](https://www.automicvault.com/pkg/brew/gradle/) - Build dependency declared by Homebrew.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Build dependency declared by Homebrew.
- [retdec](https://www.automicvault.com/pkg/brew/retdec/) - Shares av.db curated category or tags: cli, decompiler, reverse-engineering, security.
- [rizin](https://www.automicvault.com/pkg/brew/rizin/) - Shares av.db curated category or tags: cli, disassembler, reverse-engineering, security.
- [jadx](https://www.automicvault.com/pkg/brew/jadx/) - Shares av.db curated category or tags: cli, decompiler, reverse-engineering, security.
- [radare2](https://www.automicvault.com/pkg/brew/radare2/) - Shares av.db curated category or tags: cli, disassembler, reverse-engineering, security.
- [urh](https://www.automicvault.com/pkg/brew/urh/) - Shares av.db curated category or tags: cli, reverse-engineering, security.
- [ipsw](https://www.automicvault.com/pkg/brew/ipsw/) - Shares av.db curated category or tags: cli, reverse-engineering, security.
- [redress](https://www.automicvault.com/pkg/brew/redress/) - Shares av.db curated category or tags: cli, reverse-engineering, security.
- [rp](https://www.automicvault.com/pkg/brew/rp/) - Shares av.db curated category or tags: cli, reverse-engineering, security.

## Combined YAML source

View the package source record on GitHub. [combined/ghidra.yml](https://github.com/automic-vault/db/blob/main/combined/ghidra.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
