Can it identify functionality in stripped binaries?

Yes, while stripped binaries lack symbol names, this skill uses import analysis, string extraction, and library dependency mapping to infer the binary's likely capabilities.

Which CPU architectures does it support?

It supports a broad range of architectures including ARM, AARCH64, x86, x86_64, MIPS, and others supported by the underlying rabin2 tool.

Is this skill meant for full decompilation?

No, this is a Phase 1 triage skill intended for rapid fingerprinting. It prepares the ground for deeper static or dynamic analysis tools.

Does it work on non-ELF files?

While optimized for ELF files and Linux-based firmware, it can perform basic fingerprinting on any executable or binary blob that rabin2 can parse.

What tools are required for this skill to function?

This skill primarily utilizes rabin2 (from the radare2 suite), the 'file' utility, and readelf to extract and parse binary metadata.

Binary Triage & Fingerprinting

Name: Binary Triage & Fingerprinting
Author: 2389-research

by2389-research

•

Security & Testing

Identifies architecture, ABI, and potential capabilities of unknown binary files and firmware blobs using fast fingerprinting techniques.

The binary-re:triage skill provides a standardized, high-speed workflow for the initial assessment of unknown binaries, ELF files, and firmware. By leveraging tools like rabin2 and readelf, it extracts critical metadata such as architecture (ARM, x86, MIPS), bit width, endianness, and libc dependencies in seconds. This skill is designed to establish a factual baseline before committing to time-intensive static or dynamic analysis, mapping imports to specific capabilities like network communication, cryptography, and file system access.

Key Features

01Structured metadata extraction via JSON-formatted tool output

02Fast architecture and ABI detection (ARM, x86, MIPS, etc.)

038 GitHub stars

04Inferred capability mapping based on import patterns and library usage

05Intelligent string filtering for high-value indicators like URLs and paths

06Automated dependency mapping and interpreter identification

Use Cases

01Quickly identifying security capabilities and dependencies in third-party binaries

02Initial assessment of unknown firmware blobs to determine analysis toolchains

03Establishing an environment baseline (libc, arch, endianness) for reverse engineering

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add 2389-research/claude-plugins triage

For use in Claude.ai and ChatGPT

Download Skill