| name | binary-analysis |
| description | Analyzes binary files for vulnerabilities and develops exploits. Use when working with ELF/PE executables, pwn challenges, buffer overflow, heap exploitation, ROP chains, format string bugs, or shellcode development. |
| allowed-tools | Bash, Read, Write, Grep, Glob |
Binary Analysis Skill
Quick Workflow
Progress:
- [ ] Run checksec (identify protections)
- [ ] Identify binary type and dangerous functions
- [ ] Find vulnerability (BOF/format string/heap)
- [ ] Calculate offsets
- [ ] Develop exploit with pwntools
- [ ] Test locally, then remote
Quick Analysis Pipeline
# 1. File identification
file <binary>
# 2. Security features
checksec --file=<binary>
# 3. Interesting strings
strings <binary> | grep -iE "flag|ctf|password|correct|wrong|win|shell|secret"
# 4. Function symbols
nm <binary> 2>/dev/null | grep -E " T | t " | head -20
# 5. Dangerous functions
objdump -d <binary> 2>/dev/null | grep -E "gets|strcpy|sprintf|scanf|system|exec"
# 6. Auto vulnerability scan
cwe_checker <binary>
Reference Files
Quick Commands
# Generate cyclic pattern
python3 -c "from pwn import *; print(cyclic(200))"
# Find offset
python3 -c "from pwn import *; print(cyclic_find(0x61616167))"
# Find ROP gadgets
ROPgadget --binary <binary> | grep "pop rdi"
# Find one_gadget
one_gadget <libc>
Tools Summary
| Tool |
Purpose |
| checksec |
Check binary protections |
| pwntools |
Exploit development |
| ROPgadget |
Find ROP gadgets |
| one_gadget |
Find libc one-shot gadgets |
| cwe_checker |
Auto vuln detection |
| qira |
Runtime analysis |
| Triton |
Symbolic execution |