From drbinary-chat-plugin
Analyzes suspicious binary file using remote Ghidra tools: extracts metadata, performs static and behavioral analysis, detects malware indicators, outputs Markdown report with threat assessment and recommendations.
npx claudepluginhub DeepBitsTechnology/claude-plugins --plugin drbinary-chat-plugin# Binary File Analysis Analyze a suspicious binary file using the remote MCP server's Ghidra analysis tools. ## Usage Provide the full path to the suspicious file you want to analyze. ## Analysis Process ### Step 1: Ghidra Analysis Perform: 1. **Basic File Information** - File size and type - PE header analysis - Compilation timestamp - Hash values (MD5, SHA256) 2. **Static Analysis** - Decompile key functions - Extract strings - Analyze imports (API calls) - Examine exports - Review sections (.text, .data, .rsrc) 3. **Behavioral Analysis** - Identify su...
/decompileDecompiles Android APK/XAPK/JAR/AAR files using jadx or Fernflower, installs dependencies if needed, and analyzes structure including AndroidManifest.xml.
/investigate-sandboxInvestigates ZIA Sandbox file analysis issues for MD5 hash or URL, checking reports, quota, SSL inspection rules, and diagnosing blocks, quarantines, or non-analysis. Produces structured diagnosis report.
/fire-security-scanScans files, directories, skills, plugins, MCP tools, or RAG documents for prompt injection, PII harvesting, credential theft, supply chain attacks, and invisible characters. Supports deep AI analysis, auto-fixes, and report output.
/analyze-crashParses and analyzes iOS/macOS crash logs (.ips, .crash, or pasted text) to identify root cause, categorize patterns, and provide actionable next steps.
/inspectInspects a WebAssembly binary in the project and reports its structure, validity, and interfaces using wasm-inspector subagent.
/analyzePreviews mcp-anything analysis on codebase path, spec file, or API URL as dry run: detects source types/confidence scores, total/sample capabilities. No code generated.
Share bugs, ideas, or general feedback.
Analyze a suspicious binary file using the remote MCP server's Ghidra analysis tools.
Provide the full path to the suspicious file you want to analyze.
Perform:
Basic File Information
Static Analysis
Behavioral Analysis
Malware Indicators
Provide comprehensive findings with:
CreateRemoteThread - Process injectionWriteProcessMemory - Memory manipulationVirtualAllocEx - Memory allocation in other processesSetWindowsHookEx - Keylogging capabilityURLDownloadToFile - Download additional payloads## Binary Analysis Report
### File Information
- Filename: [name]
- Path: [original path]
- Size: [bytes]
- MD5: [hash]
- SHA256: [hash]
- Type: [PE32/PE64/DLL/etc]
### Analysis Summary
[1-2 paragraph overview]
### Capabilities Detected
- [ ] Network Communication
- [ ] File System Access
- [ ] Registry Modification
- [ ] Process Manipulation
- [ ] Keylogging
- [ ] Screenshot Capture
- [ ] Persistence Mechanism
### Detailed Findings
1. **[Category]**
- Evidence: [specific code/strings/API calls]
- Significance: [explanation]
- Risk: [High/Medium/Low]
### Threat Assessment
- Classification: [Trojan/Adware/RAT/Ransomware/etc]
- Severity: Critical/High/Medium/Low
- Confidence: High/Medium/Low
### Indicators of Compromise
- File hashes
- Mutex names
- Registry keys
- URLs/IPs
- File paths
### Recommendations
1. [Immediate actions]
2. [Remediation steps]
3. [Prevention measures]
Begin the analysis with the provided file path.