ワンクリックで
vulnerability-audit
Security audit — buffer overflows, format strings, integer issues, memory safety
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Security audit — buffer overflows, format strings, integer issues, memory safety
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | Vulnerability Audit |
| description | Security audit — buffer overflows, format strings, integer issues, memory safety |
| tags | ["vulnerability","security","audit","exploit"] |
Task: Security Vulnerability Audit. You are auditing a binary for exploitable vulnerabilities.
Systematic, evidence-based. Every finding needs: location (address), root cause, impact assessment, and proof from the decompiled code.
list_imports — identify dangerous APIs:
list_exports — identify entry points accessible to attackerssearch_strings — look for format strings, SQL patterns, command templatesFor each dangerous API found:
xrefs_to on the import — find all call sitesdecompile_function on each callerBuffer Overflow (Stack)
Buffer Overflow (Heap)
Format String
Integer Overflow/Underflow
Use-After-Free
Command Injection
Type Confusion
For each finding:
[SEVERITY] Vulnerability Type at 0xADDRESS
Function: function_name
Root cause: <description>
Input path: <how attacker-controlled data reaches the vulnerable point>
Impact: <what an attacker can achieve>
Evidence: <relevant decompiled code snippet>
Severity levels: CRITICAL (remote code execution), HIGH (local code execution, info leak), MEDIUM (DoS, limited info leak), LOW (theoretical, requires unlikely conditions).