Images
>Ghidra

Ghidra

A containerized software reverse engineering suite for headless analysis, automation, and collaborative project workflows.

radareorg/radare2
radareorg/radare2
remnux/remnux-distro
remnux/remnux-distro
kalilinux/kali-rolling
kalilinux/kali-rolling
ubuntu
ubuntu

What is ghidra image?

The ghidra image refers to containerized distributions of the Ghidra software reverse engineering framework, commonly used for analyzing compiled binaries, firmware, and executable code. Ghidra supports disassembly, decompilation, graphing, and scripting, making it a powerful tool for vulnerability research, malware analysis, and reverse engineering tasks. In containerized environments, Ghidra is typically used either in headless mode for automated analysis or as a multi-user server that enables teams to collaborate on shared projects. The headless workflow is especially useful in CI pipelines or batch processing scenarios, where large numbers of binaries must be analyzed consistently without a graphical interface. Running Ghidra in containers allows teams to standardize tooling, isolate analysis environments, and automate reverse engineering tasks at scale.

How to use this image

Ghidra containers are most commonly used in headless mode or as a long-running server for collaborative projects. Headless usage enables automated import and analysis of binaries without a GUI.

Run a headless analysis job:

docker run --rm \
  -v $(pwd)/samples:/work/in \
  -v $(pwd)/out:/work/out \
  ghidra-image \
  /ghidra/support/analyzeHeadless /work/out/ghidra-project ProjectName \
  -import /work/in \
  -overwrite

Run a Ghidra Server container:

docker run -d --name ghidra-server \
  -p 13100:13100 -p 13101:13101 -p 13102:13102 \
  -v ghidra-repos:/repos \
  ghidra-image

Ghidra logs to stdout in containerized setups. For reproducible workflows, analysis scripts and configuration are typically baked into the image or managed via mounted volumes or Kubernetes ConfigMaps.

Image variants

Published across several community repositories (there is no single canonical GHIDRA image), common variants include:

  • bskaggs/ghidra:latest – A server-oriented image commonly used for collaborative Ghidra Server deployments and headless analysis workflows.
  • bskaggs/ghidra:<version></version> – Version-pinned tags aligned with specific Ghidra releases; recommended for reproducible analysis.
  • blacktop/ghidra:alpine – Alpine-based variant that aligns with minimal-base environments, though still relatively large due to Java and Ghidra itself.
  • ghidra-server:<version></version> (varies by repo) – Images focused specifically on running the Ghidra Server for multi-user setups.

Because Ghidra is Java-based and heavyweight, image size differences are usually driven more by included tooling than by base OS. For automation and CI, pinning exact tags is strongly recommended.

Interested in base images that start and stay clean?

Chat with a product expert