capa-triage
CommunityQuick .so/ELF triage for capabilities and strings
Software Engineering#reverse engineering#mobile security#capa#capability analysis#floss#native binary triage#string deobfuscation
Authorwarterbili
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Manually identifying capabilities and deobfuscating strings in unknown native binaries before deep reverse engineering is slow and inefficient, wasting valuable analyst time on irrelevant code paths.
Core Features & Use Cases
- Automated Capability Identification: Uses Mandiant capa to map binary capabilities (crypto, network, anti-debug, file operations) with exact hit addresses for targeted decompilation in Ghidra or IDA.
- Obfuscated String Recovery: Retrieves hidden, stack-built, or encoded strings (URLs, encryption keys, C2 endpoints) using FLOSS for PE/shellcode samples and native tooling for ELF/.so files.
- Use Case: When analyzing an unknown malicious .so library from an Android app, run this triage first to locate all crypto and network-related functions, so you can focus decompiler efforts only on the relevant code sections instead of the entire binary.
Quick Start
Use the capa-triage skill to perform a quick capability and string triage on the unknown native library 'libsuspect.so' extracted from an unpacked Android APK.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: capa-triage Download link: https://github.com/warterbili/AUTO_REVERSE/archive/main.zip#capa-triage Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.