Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes...
Advanced RE Analysis
6
1
# Install this skill:
npx skills add KevinMitchell-OSWP-CISSP/EmberScale-Enhanced
Or install specific skill: npx add-skill https://github.com/KevinMitchell-OSWP-CISSP/EmberScale-Enhanced/tree/master/examples/custom_re_skill
# Description
Specialized reverse engineering analysis workflows for binary analysis, pattern recognition, and vulnerability assessment
# SKILL.md
name: "Advanced RE Analysis"
description: "Specialized reverse engineering analysis workflows for binary analysis, pattern recognition, and vulnerability assessment"
Advanced Reverse Engineering Analysis Skill
This Skill provides specialized reverse engineering analysis capabilities for binary analysis, pattern recognition, and vulnerability assessment.
Capabilities
Binary Analysis
- Function analysis and classification
- String pattern recognition
- Cross-reference analysis
- Control flow analysis
Pattern Recognition
- Malware pattern detection
- Vulnerability pattern identification
- Security feature analysis
- Code obfuscation detection
Vulnerability Assessment
- Buffer overflow detection
- Format string vulnerability identification
- Integer overflow analysis
- Use-after-free detection
Usage
Basic Analysis
# Analyze binary for security issues
analysis_result = analyze_binary_security(binary_data)
Pattern Recognition
# Detect malware patterns
malware_indicators = detect_malware_patterns(binary_data)
Vulnerability Assessment
# Assess vulnerabilities
vulnerabilities = assess_vulnerabilities(binary_data)
Output Formats
- Technical Reports: Detailed analysis results
- Risk Matrices: Vulnerability risk assessment
- IOC Reports: Indicators of Compromise
- Remediation Guides: Security recommendations
Configuration
Analysis Parameters
sensitivity_level: Analysis sensitivity (low, medium, high)pattern_types: Types of patterns to detectoutput_format: Desired output formatinclude_recommendations: Include remediation suggestions
Custom Patterns
- Define custom pattern recognition rules
- Configure analysis thresholds
- Set output preferences
Examples
Malware Analysis
# Analyze binary for malware indicators
result = analyze_malware_indicators(
binary_data=binary_data,
sensitivity="high",
include_network_indicators=True,
include_file_operations=True
)
Vulnerability Assessment
# Assess binary for vulnerabilities
vulnerabilities = assess_binary_vulnerabilities(
binary_data=binary_data,
check_buffer_overflows=True,
check_format_strings=True,
check_integer_overflows=True
)
Security Analysis
# Perform comprehensive security analysis
security_report = perform_security_analysis(
binary_data=binary_data,
analysis_depth="comprehensive",
include_recommendations=True
)
Integration
This Skill integrates with EmberScale to provide:
- Automated Analysis: Automated binary analysis workflows
- Pattern Recognition: Advanced pattern detection capabilities
- Vulnerability Assessment: Comprehensive security assessment
- Report Generation: Automated report generation
- Recommendation Engine: Security improvement suggestions
Requirements
- Binary analysis capabilities
- Pattern recognition algorithms
- Vulnerability detection methods
- Report generation tools
- Security assessment frameworks
Output
The Skill generates comprehensive analysis reports including:
- Executive Summary: High-level findings and recommendations
- Technical Details: Detailed analysis results
- Risk Assessment: Vulnerability risk analysis
- Remediation Guide: Security improvement recommendations
- IOC Report: Indicators of Compromise for threat hunting
Support
For questions and support regarding this Skill:
- Check the documentation
- Review example usage
- Contact the development team
- Submit issues and feedback
Advanced Reverse Engineering Analysis Skill - Specialized binary analysis and security assessment
# README.md
EmberScale - Advanced AI-Powered Reverse Engineering Tool
Overview
EmberScale is a comprehensive reverse engineering tool that integrates advanced AI capabilities with Ghidra for enhanced binary analysis, vulnerability assessment, and security research. The tool leverages Anthropic's Claude AI models and the latest Agent Skills API to provide specialized analysis workflows, automated document generation, and intelligent reverse engineering assistance.
Built on the Foundation of Decyx: EmberScale is an enhanced and expanded version of the original Decyx project by philsajdak. We extend our deepest gratitude to the original Decyx team for creating the foundational AI-powered Ghidra extension that inspired this project. The core concepts, API integration patterns, and user experience principles from Decyx have been instrumental in developing EmberScale's advanced capabilities.
Repository: https://github.com/KevinMitchell-OSWP-CISSP/EmberScale-Enhanced
Key Features
Core Capabilities (Production-Ready)
- AI-Powered Analysis: Advanced binary analysis using Claude AI models
- Advanced Analysis: Specialized reverse engineering workflows with comprehensive analysis
- Enhanced Ghidra Integration: Deep integration with Ghidra's scripting API
- Usage Monitoring: Comprehensive cost tracking and usage analytics
- Token Tracking: Built-in usage tracking across all tools
- Error Handling: Robust error handling and logging system
Analysis Types
- Malware Analysis: Advanced malware detection and analysis
- Firmware Analysis: Comprehensive firmware security assessment
- Vulnerability Assessment: Automated vulnerability detection and risk assessment
- Function Analysis: Intelligent function analysis and classification
- String Analysis: Advanced string pattern recognition and analysis
- Cross-Reference Analysis: Comprehensive cross-reference analysis
Document Generation
- Technical Reports: Detailed analysis reports (Word/PDF)
- Analysis Spreadsheets: Structured data analysis (Excel)
- Executive Presentations: High-level summaries (PowerPoint)
- Specialized Reports: IOC reports, vulnerability assessments, remediation guides
Project Structure
EmberScale-Enhanced/
โโโ EmberScale_Ghidra.py # Main Ghidra integration script
โโโ EmberScale_QA_Lite.py # Quick analysis tool
โโโ EmberScale-RE_Toolbox.py # Comprehensive analysis toolbox
โโโ EmberScale_Enhanced.py # Enhanced version (production-ready)
โโโ EmberScale_Usage_Monitor.py # Usage monitoring dashboard
โโโ EmberScale_Single_Decompile.py # Single function decompilation
โโโ decyx/ # Core API modules
โ โโโ api.py # Anthropic API integration
โ โโโ config.py # Configuration management
โ โโโ logger.py # Enhanced logging system
โ โโโ decompiler.py # Decompilation utilities
โ โโโ gui.py # GUI components
โ โโโ utils.py # Utility functions
โโโ examples/ # Usage examples and tutorials
โ โโโ quick_start.py # Quick start guide
โ โโโ custom_re_skill/ # Custom skill examples
โโโ assets/ # Media and documentation
โโโ INSTALLATION.md # Detailed installation guide
โโโ CHANGELOG.md # Version history
โโโ CONTRIBUTING.md # Contribution guidelines
โโโ LICENSE # MIT License
โโโ requirements.txt # Python dependencies
โโโ README.md # This file
โโโ ENHANCEMENT_SUMMARY.md # Enhancement summary
Production-Ready Improvements (v2.0.0)
Enhanced Stability
- Removed Incomplete Features: All stub functions and placeholder code removed
- Production-Ready Code: Only fully implemented features included
- Robust Error Handling: Comprehensive error handling across all tools
- Jython Compatibility: Full compatibility with Ghidra's Jython environment
Code Quality Improvements
- Enhanced Logging: Structured logging system with multiple levels
- Token Tracking: Built-in usage tracking for all EmberScale tools
- Configuration Management: Environment variables and flexible settings
- Character Encoding: Fixed all emoji and special character rendering issues
Documentation & Examples
- Comprehensive Documentation: Installation, usage, and contribution guides
- Quick Start Examples: Interactive tutorials and examples
- Professional Structure: Complete project structure with all necessary files
- Version History: Detailed changelog and version tracking
Installation & Setup
Prerequisites
- Ghidra: Version 11.4.2 or later
- Python: Python 3.8+ (for Jython compatibility)
- Anthropic API Key: Required for AI analysis capabilities
- Internet Connection: Required for API calls
Installation Steps
-
Download EmberScale
bash git clone https://github.com/KevinMitchell-OSWP-CISSP/EmberScale-Enhanced.git cd EmberScale-Enhanced -
Configure Ghidra
- Copy the main EmberScale scripts to your Ghidra scripts directory
-
Ensure Jython is properly configured in Ghidra
-
Configure API Keys
- Run any EmberScale script in Ghidra
- Enter your Anthropic API key when prompted
-
The key will be saved in Ghidra Preferences for future use
-
Verify Installation
- Open Ghidra and load a binary
- Run
EmberScale_Ghidra.pyfrom the Script Manager - Verify the API key is configured correctly
Quick Start
Basic Analysis
- Load a Binary: Open your target binary in Ghidra
- Run Analysis: Execute
EmberScale_Ghidra.pyfrom the Script Manager - Select Analysis Type: Choose from available analysis options
- Review Results: Examine the AI-generated analysis results
Advanced Analysis with Agent Skills
- Run Enhanced Script: Execute
EmberScale_Agent_Skills.py - Select Specialized Analysis: Choose from malware, firmware, or vulnerability analysis
- Generate Documents: Let the AI generate comprehensive reports
- Review Outputs: Examine generated Word documents, Excel spreadsheets, and PowerPoint presentations
Usage Monitoring
- Run Usage Monitor: Execute
EmberScale_Usage_Monitor.py - View Analytics: Check usage statistics, costs, and trends
- Manage API Keys: Configure and monitor API key usage
- Export Reports: Generate usage reports for analysis
Usage Examples
Malware Analysis
# Advanced malware analysis with Agent Skills
def perform_malware_analysis():
# Collect malware indicators
indicators = collect_malware_indicators()
# Create analysis prompt
prompt = create_malware_analysis_prompt(indicators)
# Use specialized Skills
skills = [
{"type": "anthropic", "skill_id": "docx", "version": "latest"},
{"type": "anthropic", "skill_id": "xlsx", "version": "latest"},
{"type": "anthropic", "skill_id": "pptx", "version": "latest"}
]
# Perform analysis
response = call_claude_with_skills(prompt, skills)
Firmware Analysis
# Comprehensive firmware analysis
def perform_firmware_analysis():
# Collect firmware data
firmware_data = collect_firmware_indicators()
# Create analysis prompt
prompt = create_firmware_analysis_prompt(firmware_data)
# Use specialized Skills
skills = [
{"type": "anthropic", "skill_id": "docx", "version": "latest"},
{"type": "anthropic", "skill_id": "xlsx", "version": "latest"},
{"type": "anthropic", "skill_id": "pdf", "version": "latest"}
]
# Perform analysis
response = call_claude_with_skills(prompt, skills)
Vulnerability Assessment
# Comprehensive vulnerability assessment
def perform_vulnerability_assessment():
# Collect vulnerability data
vuln_data = collect_vulnerability_indicators()
# Create assessment prompt
prompt = create_vulnerability_assessment_prompt(vuln_data)
# Use specialized Skills
skills = [
{"type": "anthropic", "skill_id": "docx", "version": "latest"},
{"type": "anthropic", "skill_id": "xlsx", "version": "latest"},
{"type": "anthropic", "skill_id": "pptx", "version": "latest"}
]
# Perform assessment
response = call_claude_with_skills(prompt, skills)
Configuration
API Key Management
- Automatic Storage: API keys are automatically stored in Ghidra Preferences
- Secure Storage: Keys are encrypted and stored securely
- Multiple Keys: Support for regular and admin API keys
- Key Validation: Automatic validation of API key format and permissions
Analysis Settings
- Model Selection: Choose between Claude Sonnet and other available models
- Analysis Depth: Configure analysis depth and detail level
- Output Format: Select desired output formats and document types
- Custom Skills: Configure custom reverse engineering Skills
Usage Monitoring
- Cost Tracking: Monitor API usage costs and trends
- Usage Analytics: Track token usage, model usage, and operation types
- Budget Alerts: Set up cost alerts and usage limits
- Report Generation: Generate detailed usage reports
Advanced Features
Agent Skills Integration
- Pre-built Skills: Access to Anthropic's pre-built Skills (Excel, PowerPoint, Word, PDF)
- Custom Skills: Create and integrate custom reverse engineering Skills
- Multi-Skill Workflows: Combine multiple Skills for comprehensive analysis
- Document Generation: Automated generation of technical reports and presentations
Enhanced UI Integration
- Smart Selections: Intelligent selection management with visual feedback
- Advanced Navigation: Enhanced program navigation and analysis
- Interactive Tables: Specialized table displays for analysis results
- Status Integration: Real-time status updates and progress tracking
Usage Analytics
- Cost Analysis: Detailed cost breakdown and trend analysis
- Usage Patterns: Analysis of usage patterns and optimization opportunities
- Performance Metrics: Track analysis performance and efficiency
- Custom Reports: Generate custom usage and cost reports
Security & Privacy
Data Protection
- Local Processing: Analysis data remains on your local system
- Secure API Calls: All API calls use HTTPS encryption
- Key Security: API keys are stored securely in Ghidra Preferences
- No Data Retention: No analysis data is retained by external services
Access Control
- API Key Management: Secure API key storage and management
- Usage Limits: Configurable usage limits and cost controls
- Audit Logging: Comprehensive logging of all analysis activities
- Permission Management: Fine-grained control over analysis capabilities
Documentation
Core Documentation
- README.md: This comprehensive overview
- USAGE_MONITORING_README.md: Detailed usage monitoring guide
- AGENT_SKILLS_README.md: Agent Skills integration documentation
- ENHANCEMENT_SUMMARY.md: Complete enhancement summary
Example Implementations
- agent_skills_example.py: Complete examples of Agent Skills usage
- custom_re_skill/: Example custom reverse engineering Skill
- Usage Examples: Comprehensive usage examples and tutorials
API Reference
- Anthropic API: Integration with Anthropic's Claude API
- Ghidra API: Deep integration with Ghidra's scripting API
- Agent Skills API: Integration with Anthropic's Agent Skills API
Contributing
Development Setup
- Fork the Repository: Create your own fork of the project
- Create Branch: Create a feature branch for your changes
- Make Changes: Implement your improvements or fixes
- Test Changes: Ensure all changes work correctly
- Submit PR: Submit a pull request with your changes
Contribution Guidelines
- Code Quality: Follow Python best practices and coding standards
- Documentation: Update documentation for any new features
- Testing: Ensure all changes are thoroughly tested
- Compatibility: Maintain compatibility with existing functionality
Areas for Contribution
- Custom Skills: Develop new reverse engineering Skills
- Analysis Algorithms: Improve analysis accuracy and performance
- UI Enhancements: Improve user interface and experience
- Documentation: Improve documentation and examples
- Testing: Add comprehensive test coverage
๐ License
This project is licensed under the MIT License. See the LICENSE file for details.
Acknowledgments
- Decyx Project: The original AI-powered Ghidra extension by philsajdak that served as the foundation for EmberScale. Their innovative work in integrating Claude AI with Ghidra's API provided the core architecture and inspiration for this enhanced version.
- Ghidra Team: For the excellent reverse engineering framework
- Anthropic: For the powerful Claude AI models and Agent Skills API
- Community: For feedback, contributions, and support
Support
Getting Help
- Documentation: Check the comprehensive documentation
- Examples: Review the example implementations
- Community: Join the community discussions
- Issues: Report issues and bugs
Contact Information
- GitHub Issues: Report bugs and request features
- Community Forum: Join community discussions
- Email Support: Contact the development team
- Documentation: Check the comprehensive documentation
EmberScale - Advanced AI-Powered Reverse Engineering Tool
Leveraging the power of AI to enhance reverse engineering workflows and security research.
Repository: https://github.com/KevinMitchell-OSWP-CISSP/EmberScale-Enhanced
# Related Skills
This skill should be used when the user asks to "optimize context", "reduce token costs",...
Posts content to WeChat Official Account (ๅพฎไฟกๅ ฌไผๅท) via Chrome CDP automation. Supports article...
Generates Xiaohongshu (Little Red Book) infographic series with 9 visual styles and 6 layouts....
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.