LING71671/open-reverselab
GitHub: LING71671/open-reverselab
一个Agent原生的开源逆向工程实验室,整合197篇知识库文章与100+ MCP自动化工具,覆盖CTF、APK逆向、PE分析和密码学等场景。
Stars: 789 | Forks: 215
# ReverseLab
开源逆向工程实验室 —— 包含 197 篇文章的知识库,100+ MCP 自动化工具,涵盖 CTF 渗透测试 / APK 逆向工程 / PE 二进制分析 / 密码学与协议破解 / 游戏作弊分析。原生支持 Agent,目录即约定。
## 路由
```
Signal → kb_router(board=) → kb_read_file → Attack chain → MCP tool mapping → Execution
```
| 信号类型 | 板块 | 知识库分类 / 文件 | MCP 工具族 |
|---|---|---|---|
| HTTP/Web/API/CVE/CAPTCHA | `ctf-website` | 23/97 | `http_probe` `run_ctf_tool` `kb_router` |
| APK/DEX/SO/Frida/Java | `apk-reverse` | 8/17 | `android_app_baseline` `android_crypto_unpack_recipe` `android_frida_*` |
| PE/x64/x86/malware/driver | `pe-reverse` | 8/18 | `triage_pe` `ghidra_headless_analyze` `make_x64dbg_breakpoint_script` `sample_full_workup` |
| Crypto/Protocol/Cheat/IoT/Radio | `general` | 4+4/12 | `die_scan` `ghidra_*` `rizin_*` `python_re_tool_*` |
## 知识库
```
kb/
├── ctf-website/techniques/ 23 categories, 97 articles — Full web attack surface
├── apk-reverse/techniques/ 8 categories, 17 articles — APK/DEX reverse engineering
├── pe-reverse/techniques/ 8 categories, 18 articles — PE binary analysis
└── general/techniques/ 4+4 categories, 12 articles — Cryptography / Protocols / Cheating / Methodology
```
每个技术文件都遵循此结构:`场景 → 输入信号 → 方法 → 攻击链 → MCP 工具映射`
Agent 工作流:检测信号 → `kb_router` 查找 → `kb_read_file` → 通过 MCP 工具映射执行。
## 板块
| 板块 | 触发信号 |
|---|---|
| `boards/ctf-website` | URL, HTTP, JWT, SQLi, SSRF, CVE, API, CSP, OAuth, CAPTCHA, Cloudflare, ReDoS, Slowloris, DoS, Paywall |
| `boards/android` | APK, DEX, adb, Frida, jadx, smali, SO, native |
| `boards/windows` | PE, EXE, DLL, x64dbg, Ghidra, Procmon, packer, malware |
| `boards/general` | AES/DES/RSA, protobuf, game cheat, EAC/BE/Vanguard, firmware, JTAG, SDR |
| `boards/misc` | MCP 配置,技能安装,环境健康检查 |
## 目录约定
```
samples/ → Original samples + _quarantine/ + unpacked/
exports/ → Tool outputs (triage / IOC / YARA / Sigma / Procmon / Ghidra summaries)
patches/ → Patch artifacts (original samples are never modified)
notes/ → Analysis notes
reports/ → Final reports
scripts/ → Automation scripts
projects/ → Ghidra project files
templates/ → Note / report / rule templates
kb/ → Reusable attack knowledge base
tools/ → Toolchain
cases/ → Lightweight index — no large file copies
```
## 安装说明
```
git clone https://github.com/LING71671/open-reverselab.git
cd open-reverselab
.\scripts\misc\bootstrap.ps1 # Core script wrappers (no downloads)
.\scripts\misc\install_tools.ps1 -CTF # Web tools
.\scripts\misc\install_tools.ps1 -Android # APK tools
.\scripts\misc\install_tools.ps1 -Windows # PE tools
.\scripts\misc\install_tools.ps1 -Common # Ghidra + Maven
```
安装后验证:
```
python scripts/misc/lab_healthcheck.py
python scripts/misc/ai_toolcheck.py --board misc
python scripts/misc/public_release_check.py
```
`--board misc` 用于验证全新克隆的核心 Agent 脚本和轻量级工具。仅在安装了您所需的 Android、Windows 和 CTF 板块工具链之后,才运行完整的 `python scripts/misc/ai_toolcheck.py`。
## Context 链
启动时,Agent 会沿此链加载 context:
```
CLAUDE.md → AGENTS.md → AI-USAGE.md → boards//AI-USAGE.md
```
搭配 [codex-session-patcher](https://github.com/ryfineZ/codex-session-patcher) 即可一键配置项目级 `.codex/` 环境与 MCP server。
## 许可证
GPL-3.0-only。详情请参阅 [LICENSE](LICENSE)。
标签:AI合规, DNS 反向解析, Go语言工具, IP 地址批量处理, MCP, 二进制分析, 云安全运维, 云资产清单, 逆向工具, 逆向工程