By vulhunt-re
Analyze binaries and firmware for vulnerabilities using VulHunt MCP: decompile functions to C-like pseudocode, track data flows for taint analysis detecting overflows and injections, match raw byte patterns and vulnerable code constructs like unchecked memcpy, discover functions and call sites, and interact with Binarly Transparency Platform via CLI to upload scans and manage rules.
npx claudepluginhub vulhunt-re/skills --plugin vulhuntInteract with the Binarly Transparency Platform (BTP) via CLI commands for uploading firmware, running scans, downloading BA2 archives, and pushing custom rules. Use when you need to interact with the Binarly Transparency Platform or working with BA2s.
Search for raw byte patterns (hex sequences, opcodes) in binary code. Use when looking for specific instruction sequences, machine code patterns, UEFI SMI handlers, or known vulnerability signatures by their byte representation.
Find all locations where functions are called in a binary. Use when analyzing callers of a function, checking call relationships, or identifying which functions invoke a specific API.
Search for code patterns in decompiled output using Weggli semantic matching. Use when finding vulnerable code constructs like unchecked memcpy, buffer operations, or specific function call patterns in pseudocode.
Track data flow between function parameters, calls, and arguments using taint analysis. Use when detecting vulnerabilities like command injection, buffer overflows, or tracing user input to dangerous functions.
Decompile a function to C-like pseudocode for human-readable analysis. Use to understand function logic, review control flow, or prepare for code pattern matching.
Find and list functions in a binary by name, address, regex, or byte pattern. Use as the starting point for binary analysis, to locate specific functions, or to enumerate all functions matching criteria.
Binary analysis skills for Claude Code, powered by VulHunt MCP tools.
| Skill | Description |
|---|---|
call-sites | Find function call sites in a binary |
code-pattern-matching | Search for code patterns in decompiled output using Weggli |
dataflow-analysis | Track data flow between function parameters, calls, and arguments |
decompiler | Decompile a function in a binary to C-like pseudocode |
functions | Find and list functions in a binary |
byte-pattern-matching | Search for raw byte patterns in binary code |
btp-ba2-cli | Interact with the Binarly Transparency Platform and Binarly Analysis Archives (BA2 files) |
Once installed, skills are available via:
/vulhunt:decompiler - Decompile a function/vulhunt:functions - Find functions/vulhunt:call-sites - Find call sites/vulhunt:dataflow-analysis - Perform dataflow analysis/vulhunt:code-pattern-matching - Search code patterns/vulhunt:byte-pattern-matching - Search byte patterns/vulhunt:btp-ba2-cli - Interact with the BTP and BA2sopen_project toolVia Claude Code:
git submodule update --init --remote
claude plugin marketplace add vulhunt-re/skills
claude plugin install vulhunt
Via skills.sh:
npx skills add vulhunt-re/skills
Reverse engineer binaries using Ghidra's headless analyzer. Decompile executables, extract functions, strings, symbols, and analyze call graphs without GUI.
Share bugs, ideas, or general feedback.
Claude Code skills for x64dbg debugger automation — state snapshots, memory analysis, and more
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Build deep architectural context through ultra-granular code analysis before vulnerability hunting
No description provided.
Agentic binary reverse engineering for ELF binaries on ARM64, ARMv7, x86_64 - hypothesis-driven analysis with radare2, Ghidra, GDB, QEMU