一键导入
vulnerability-audit
Security audit — buffer overflows, format strings, integer issues, memory safety
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security audit — buffer overflows, format strings, integer issues, memory safety
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | Vulnerability Audit |
| description | Security audit — buffer overflows, format strings, integer issues, memory safety |
| tags | ["vulnerability","security","audit","exploit"] |
Task: Security Vulnerability Audit. You are auditing a binary for exploitable vulnerabilities.
Systematic, evidence-based. Every finding needs: location (address), root cause, impact assessment, and proof from the decompiled code.
list_imports — identify dangerous APIs:
list_exports — identify entry points accessible to attackerssearch_strings — look for format strings, SQL patterns, command templatesFor each dangerous API found:
xrefs_to on the import — find all call sitesdecompile_function on each callerBuffer Overflow (Stack)
Buffer Overflow (Heap)
Format String
Integer Overflow/Underflow
Use-After-Free
Command Injection
Type Confusion
For each finding:
[SEVERITY] Vulnerability Type at 0xADDRESS
Function: function_name
Root cause: <description>
Input path: <how attacker-controlled data reaches the vulnerable point>
Impact: <what an attacker can achieve>
Evidence: <relevant decompiled code snippet>
Severity levels: CRITICAL (remote code execution), HIGH (local code execution, info leak), MEDIUM (DoS, limited info leak), LOW (theoretical, requires unlikely conditions).