LING71671/open-reverselab

GitHub: LING71671/open-reverselab

一个Agent原生的开源逆向工程实验室,整合197篇知识库文章与100+ MCP自动化工具,覆盖CTF、APK逆向、PE分析和密码学等场景。

Stars: 789 | Forks: 215

# ReverseLab 开源逆向工程实验室 —— 包含 197 篇文章的知识库,100+ MCP 自动化工具,涵盖 CTF 渗透测试 / APK 逆向工程 / PE 二进制分析 / 密码学与协议破解 / 游戏作弊分析。原生支持 Agent,目录即约定。 ## 路由 ``` Signal → kb_router(board=) → kb_read_file → Attack chain → MCP tool mapping → Execution ``` | 信号类型 | 板块 | 知识库分类 / 文件 | MCP 工具族 | |---|---|---|---| | HTTP/Web/API/CVE/CAPTCHA | `ctf-website` | 23/97 | `http_probe` `run_ctf_tool` `kb_router` | | APK/DEX/SO/Frida/Java | `apk-reverse` | 8/17 | `android_app_baseline` `android_crypto_unpack_recipe` `android_frida_*` | | PE/x64/x86/malware/driver | `pe-reverse` | 8/18 | `triage_pe` `ghidra_headless_analyze` `make_x64dbg_breakpoint_script` `sample_full_workup` | | Crypto/Protocol/Cheat/IoT/Radio | `general` | 4+4/12 | `die_scan` `ghidra_*` `rizin_*` `python_re_tool_*` | ## 知识库 ``` kb/ ├── ctf-website/techniques/ 23 categories, 97 articles — Full web attack surface ├── apk-reverse/techniques/ 8 categories, 17 articles — APK/DEX reverse engineering ├── pe-reverse/techniques/ 8 categories, 18 articles — PE binary analysis └── general/techniques/ 4+4 categories, 12 articles — Cryptography / Protocols / Cheating / Methodology ``` 每个技术文件都遵循此结构:`场景 → 输入信号 → 方法 → 攻击链 → MCP 工具映射` Agent 工作流:检测信号 → `kb_router` 查找 → `kb_read_file` → 通过 MCP 工具映射执行。 ## 板块 | 板块 | 触发信号 | |---|---| | `boards/ctf-website` | URL, HTTP, JWT, SQLi, SSRF, CVE, API, CSP, OAuth, CAPTCHA, Cloudflare, ReDoS, Slowloris, DoS, Paywall | | `boards/android` | APK, DEX, adb, Frida, jadx, smali, SO, native | | `boards/windows` | PE, EXE, DLL, x64dbg, Ghidra, Procmon, packer, malware | | `boards/general` | AES/DES/RSA, protobuf, game cheat, EAC/BE/Vanguard, firmware, JTAG, SDR | | `boards/misc` | MCP 配置,技能安装,环境健康检查 | ## 目录约定 ``` samples/ → Original samples + _quarantine/ + unpacked/ exports/ → Tool outputs (triage / IOC / YARA / Sigma / Procmon / Ghidra summaries) patches/ → Patch artifacts (original samples are never modified) notes/ → Analysis notes reports/ → Final reports scripts/ → Automation scripts projects/ → Ghidra project files templates/ → Note / report / rule templates kb/ → Reusable attack knowledge base tools/ → Toolchain cases/ → Lightweight index — no large file copies ``` ## 安装说明 ``` git clone https://github.com/LING71671/open-reverselab.git cd open-reverselab .\scripts\misc\bootstrap.ps1 # Core script wrappers (no downloads) .\scripts\misc\install_tools.ps1 -CTF # Web tools .\scripts\misc\install_tools.ps1 -Android # APK tools .\scripts\misc\install_tools.ps1 -Windows # PE tools .\scripts\misc\install_tools.ps1 -Common # Ghidra + Maven ``` 安装后验证: ``` python scripts/misc/lab_healthcheck.py python scripts/misc/ai_toolcheck.py --board misc python scripts/misc/public_release_check.py ``` `--board misc` 用于验证全新克隆的核心 Agent 脚本和轻量级工具。仅在安装了您所需的 Android、Windows 和 CTF 板块工具链之后,才运行完整的 `python scripts/misc/ai_toolcheck.py`。 ## Context 链 启动时,Agent 会沿此链加载 context: ``` CLAUDE.md → AGENTS.md → AI-USAGE.md → boards//AI-USAGE.md ``` 搭配 [codex-session-patcher](https://github.com/ryfineZ/codex-session-patcher) 即可一键配置项目级 `.codex/` 环境与 MCP server。 ## 许可证 GPL-3.0-only。详情请参阅 [LICENSE](LICENSE)。
标签:AI合规, DNS 反向解析, Go语言工具, IP 地址批量处理, MCP, 二进制分析, 云安全运维, 云资产清单, 逆向工具, 逆向工程