Reverse Engineering MCP

Tools · 44

• Binary Parsing PE/ELF/Mach-O parsing via LIEF with hash computation and suspicious indicator detection
• Disassembly Multi-backend disassembly supporting Capstone, radare2, and objdump for x86/x64/ARM/MIPS/RISC-V
• String Extraction FLOSS integration with regex fallback and 17 classifier patterns (URLs, IPs, crypto, registry keys)
• Entropy Analysis Shannon entropy with sliding window, per-section analysis, and packing detection
• Symbol Extraction DWARF, PDB, LIEF universal symbol extraction with function prologue scanning for stripped binaries
• YARA Scanning Inline rules, file/directory rules, and community rules support for pattern matching
• Capa Integration ATT&CK mapping, MBC behaviors, and capability enumeration for binary analysis
• Decompilation Ghidra (headless), RetDec, and Binary Ninja decompilation with caching
• GDB Adapter Full GDB/MI protocol with breakpoints, stepping, registers, memory, backtrace, and heap inspection
• LLDB Adapter Native SB API integration for macOS/Linux debugging
• Frida Adapter Spawn/attach, script injection, function interception, memory scan/dump, and RPC exports
• Code Coverage DynamoRIO drcov, Frida Stalker block tracing, and coverage analysis
• APK Parsing Manifest extraction, permission analysis, component enumeration, and resource inspection
• DEX Analysis Class/method listing, bytecode stats, and string extraction from DEX files
• Android Decompilation jadx/apktool integration, smali disassembly/assembly/patching
• Native Binary Analysis ARM/AArch64 .so analysis with JNI detection
• Device Interaction ADB bridge with 12 actions (logcat, install, shell, dumpsys, screenshot)
• Frida for Android Root bypass, crypto hooking, SSL pinning bypass, API tracing, and memory dump
• Traffic Interception tcpdump/mitmproxy integration with SSL key extraction
• Repack and Sign APK rebuild with smali patches, zipalign + apksigner
• Security Scanners MobSF, Quark-Engine, Semgrep, and manifest vulnerability detection
• Rizin/r2 Automated analysis with 13 actions and binary diffing
• GDB Enhanced Heap analysis, ROP gadget finding, exploit helpers (pattern create/find, checksec)
• QEMU User-mode emulation (4 actions) and full system emulation (5 actions)
• ROP Chain Builder Multi-architecture gadget finding with semantic classification, automatic chain generation, bad-char avoidance, and pwntools script generation
• Heap Exploitation Malloc chunk analysis, bin classification, fake chunk generation, safe-linking encode/decode, and technique templates
• Libc Database Symbol/offset extraction, libc identification from leaked addresses, ASLR defeat helpers, and one-gadget RCE finder
• Shellcode Generation, encoding, bad-char analysis, extraction, and emulation testing
• Format String Offset calculation, write payload generation, GOT overwrite, and address leaking
• Anti-Analysis Detection Scan for anti-debug, anti-VM, anti-tamper, and packing indicators
• Bypass Generation Frida/GDB/patch/LD_PRELOAD scripts for ptrace, IsDebuggerPresent, timing, and VM checks
• Malware Triage Multi-hash, IoC extraction, suspicious import scoring, and risk assessment
• Sandbox Queries VirusTotal, Hybrid Analysis, and MalwareBazaar API integration
• YARA Generation Auto-generate YARA rules from binary artifacts
• Config Extraction C2 URLs, IPs, domains, encryption keys, and mutexes extraction
• Firmware Extraction binwalk scan/extract, entropy analysis, and filesystem identification
• Firmware Vulnerability Scanning Hardcoded credentials, known CVEs, unsafe functions, and weak crypto detection
• Base Address Detection String reference analysis for firmware base address recovery
• PCAP Analysis tshark-based with 8 actions (summary, flows, DNS, HTTP, TLS, filter, export, IoC)
• Protocol Dissection Binary structure inference, field boundary detection, and pattern analysis
• Protocol Fuzzing Mutation-based, boundary testing, field-specific, and template fuzzing
• Packer Detection UPX, Themida, VMProtect, ASPack, PECompact, MPRESS, and more packer detection
• UPX Unpacking Static unpacking with automatic backup
• Dynamic Unpacking Frida-based memory dump with OEP detection