zhaoxuya520/reverse-skill
11 skills11 installs14.6k starsGitHub
Install
npx skills add https://github.com/zhaoxuya520/reverse-skillSkills in this repo
1Apk Reverseapk-reverse is an agent skill from the reverse-skill collection aimed at Android APK reverse-engineering scenarios. Prism’s ingested readme for this entry did not expose human-readable procedure text, so treat the skill as a mobile security helper whose concrete commands and tooling should be confirmed in the source repository after install. Solo builders might still catalog it when they need agent-assisted decompilation, manifest review, or static analysis prep as part of shipping or vetting an Android build. Use it only on packages you are entitled to analyze, and combine outputs with manual verification because automated reverse engineering can mislabel obfuscated or stripped binaries.1installs2Binary DiffBinary Diff is an agent skill from a reverse-engineering toolkit that standardizes how you compare one known-good function against another build of the same logic. Solo reverse engineers, modders, and security researchers install it when IDA or similar has produced disassembly and decompiler procedure text for both sides and they need a machine-readable map of every reference to a curated symbol list—virtual calls, direct calls, function pointers, globals, and structure offsets. The skill ships a copy-paste prompt template with placeholders for reference and target blocks and enforces YAML-shaped answers with worked examples so agents do not drift into narrative dumps. It is intentionally narrow: collect only listed symbols, output nothing else, and return empty structures when nothing matches. That makes it ideal as a repeatable step in migration playbooks before renaming, header generation, or patch validation on large C++ style binaries.1installs3Diagram GeneratorDiagram Generator is an agent skill that helps solo builders and small teams produce maintainable diagram source in Mermaid, Graphviz, PlantUML, and SVG, with optional rendering via local tools. It is aimed at anyone documenting software architecture, user flows, or integration sequences in repos, RFCs, or onboarding docs—without relying on one-off screenshots from a whiteboard tool. The skill emphasizes compact, copy-paste patterns for common diagram types so agents adapt proven syntax rather than hallucinating invalid graph languages. That matters when diagrams live next to code and must diff cleanly in git. Use it during build when writing READMEs and ADRs, during validate when sketching scope and prototypes, or during operate when updating runbooks. Intermediate complexity: you need basic familiarity with at least one diagram dialect, but the patterns lower the bar for consistent output.1installs4Edr Bypass ReEDR Hook 调研速查 is a condensed research reference for agents working on authorized offensive security or defensive validation. It maps how mainstream endpoint detection products instrument processes—naming services, drivers, and whether they lean on kernel callbacks, ETW, AMSI, or heavy ntdll user-mode hooks. Solo builders are rarely the audience unless they ship security tooling or run formal penetration tests; for them it is niche. Red-team and AppSec engineers use it in the Ship security phase to decide what behaviors or APIs need unhooking, evasion testing, or compensating detections in their own products. The content is reference-only: no step-by-step bypass playbook, but enough structure to orient recon before deeper reverse engineering. Treat installs and repo trust like any security-adjacent skill—review source and legal scope before invoking in an agent.1installs5Firmware PentestFirmware Pentest is an agent skill that teaches solo builders and small security teams how to audit embedded device images using the open-source EMBA (Embedded Analyzer) stack. It maps each EMBA phase—from format recognition and extraction through static binary analysis, optional QEMU user-mode simulation, live service checks, and multi-format reporting—into copy-paste commands suitable for Linux lab hosts. The skill emphasizes practical scan profiles (standard full pass, quick triage, offline) and the recommended flag combination for Docker isolation, threading, QEMU, and HTML output. It is aimed at indie hardware vendors, reverse-engineering learners, and agent workflows that need repeatable firmware review without hand-rolling every scanner. Use it when you have a .bin or vendor firmware dump and need structured CVE correlation, hardcoded secret signals, and a grep-friendly log trail before customers or regulators ask what you tested.1installs6Ida ReverseIDA Reverse is an agent skill that catalogs how to run and use the IDA Pro MCP server named idapro over HTTP, with PowerShell launch scripts and a fast-reference for dozens of reverse-engineering tools. Solo builders and small security-minded teams use it when they must open PE or unknown binaries, get a minimal survey of architecture, entry points, strings, segments, and import categories, then paginate and filter functions before deeper IDA work. The readme emphasizes session lifecycle—list, switch, close, save, health—and practical open flags for long analyzes or skipping auto-analysis on huge images. It is aimed at agent-driven workflows where the human already has IDA licensing and a Windows-oriented script path, not at casual code review. Expect advanced familiarity with disassembly concepts and MCP tool naming conventions.1installs7Patch Diff Exploitpatch-diff-exploit is an agent skill that documents how solo builders and security researchers run binary patch differential analysis across common engines. It explains which tool fits IDA-heavy labs versus Ghidra headless CI, how to export BinExport artifacts, and how to read diff databases when a vendor ships a fix. The skill is for indie reversers validating CVE patches, comparing firmware builds, or narrowing exploit research to changed functions—not for generic file diffing of source trees. It assumes comfort with disassemblers, long analysis runs, and interpreting function match quality rather than one-click answers. Use it when you have two related binaries and need a repeatable exploit-or-hardening workflow instead of ad-hoc hex compares.1installs8Pentest ToolsPentest Tools is an agent skill for solo builders and small teams who run authorized security testing on their own apps or lab targets. It defines how to maintain a personal payload library—organized by attack class—and instructs the agent to prefer those proven strings before falling back to SecLists subsets, with automatic SecLists bootstrap when empty. The README also catalogs modern LLM-driven pentest agents and MCP security stacks you can pair with the skill for recon through verification. It does not replace formal penetration tests or legal scope paperwork; it standardizes repeatable, agent-guided testing hygiene during Ship. Expect advanced familiarity with web vulnerabilities and explicit permission to test each environment.1installs9Pwn Chainpwn-chain is an agent skill packaged as procedural heap-exploitation knowledge for Linux glibc targets. It is aimed at solo builders and security hobbyists who ship or study native C binaries—CTF players, reverse engineers, and indie teams auditing allocator-heavy services—not marketers or no-code founders. Invoke it when a challenge or binary smells like heap corruption and you need a version-aware chain rather than guessing techniques from outdated writeups. The readme stresses that every technique binds to glibc era: tcache dominance from 2.27, tightened unsorted attacks by 2.29, safe-linking from 2.32, and hook removal by 2.34. It walks through leaking libc via unsorted-bin remnants, poisoning tcache heads, and adapting when PROTECT_PTR or missing hooks block naive one-gadget paths. Treat it as a structured playbook the agent follows while you drive pwntools I/O, not a turnkey autopwn script.1installs10Radare2Radare2 is an agent skill that packages a practical radare2 quick reference for solo builders and security-minded indie devs who need to inspect PE binaries without living in a GUI disassembler. It walks through baseline recon with rabin2, interactive analysis inside r2 (analysis passes, function lists, strings, cross-references, and disassembly), and safe patching patterns when you deliberately open a writable session. The skill also documents the usual radare2 satellite utilities—rasm2 for instruction decode, radiff2 for version diffs, rahash2 for md5/sha256, and rax2 for address and encoding tricks—plus non-interactive command chains for automation. A parameterized PowerShell entry point ties into shared reverse-engineering bootstrap scripts so agents can discover tools, enforce UTF-8 output, and optionally run deeper analysis on a target path with configurable string and import limits. Use it when malware triage, license compliance, crackmes, or incident response need fast CLI answers on Windows-heavy workflows, not when you only need source-level static analysis.1installs11Reverse EngineeringReverse Engineering is a reference-style agent skill aimed at builders and security hobbyists tackling CTF binaries and protected executables on Linux and Windows. It catalogs advanced anti-debugging, anti-VM, anti-DBI, and integrity-check mechanisms alongside practical bypass angles—ptrace and /proc tricks on Linux, PEB and NtQueryInformationProcess paths on Windows, TLS callbacks, hardware and software breakpoint detection, and sandbox fingerprinting via CPUID, timing, and environment artifacts. Solo indie developers rarely need this daily, but it fits anyone shipping native tools, analyzing crackmes, or learning how release binaries resist inspection. Treat it as procedural knowledge to pair with a debugger, disassembler, or dynamic instrumentation workflow rather than an automated scanner. Complexity is advanced: you should already be comfortable with gdb, WinDbg, or similar before applying the bypass recipes.1installs