Agent skill
vulnerability-analysis
Identify vulnerability class, analyze root cause, and plan exploitation strategy.
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/vulnerability-analysis
SKILL.md
Vulnerability Analysis
Systematic identification and analysis of vulnerabilities in binary targets.
Vulnerability Classes
| Class | Signals | Typical Cause |
|---|---|---|
| Stack BOF | No bounds check on input | gets(), strcpy(), sprintf() |
| Format String | User input as format arg | printf(buf) instead of printf("%s", buf) |
| Heap Corruption | Dynamic allocation + free | UAF, double-free, heap overflow |
| Integer Overflow | Arithmetic on user input | Size calculations, array indexing |
| Race Condition | Multi-threaded or file ops | TOCTOU, signal handlers |
| Logic Bug | Unexpected program state | Auth bypass, incorrect checks |
Analysis Process
- Trace user input - Where does it enter? Where does it go?
- Find sinks - Dangerous functions that consume input
- Check bounds - Are there size limits? Are they enforced?
- Check protections - What mitigations affect exploitation?
Dangerous Function Patterns
c
// Stack BOF
gets(buf); // No bounds
strcpy(dst, src); // No bounds
sprintf(buf, fmt, ...); // No bounds
scanf("%s", buf); // No bounds
// Format String
printf(user_input); // User controls format
// Command Injection
system(user_input); // Direct command exec
popen(user_input, "r"); // Command exec
Mitigation Bypass Planning
| Have | Need | Strategy |
|---|---|---|
| BOF + NX | Code exec | ROP chain, ret2libc |
| BOF + Canary | Bypass | Leak canary first |
| BOF + PIE | Fixed addr | Leak code address |
| Format + No write | Write primitive | Use %n specifier |
| Heap + no leak | Info leak | Heap feng shui |
Output
Produce context/vulnerability-analysis.md using the template.
Didn't find tool you were looking for?