Open
Conversation
- Created packages/frida/ module for Frida integration - Added FridaScanner class with process attach/spawn capabilities - Support for custom scripts and built-in templates - Added raptor-cli wrapper for easier command execution - Updated requirements.txt to include web scanning dependencies - Added macOS setup documentation (SETUP_MACOS.md) - Added quick start guide (QUICKSTART.md) Features: - Attach to running processes or spawn new ones - Load Frida scripts (custom or templates) - Message handling and finding collection - JSON report generation - Integration with RAPTOR output structure
Added comprehensive Frida support to RAPTOR framework: Frida Scanner: - Process attach/spawn capabilities - Custom script loading and template system - Message handling and finding collection - JSON report generation Frida Templates: - api-trace.js: API call tracing (file, network, process, crypto) - ssl-unpin.js: SSL certificate pinning bypass (iOS/Android/OpenSSL) - memory-scan.js: Memory scanning for secrets/keys/PII - crypto-trace.js: Cryptographic operation tracing - anti-debug.js: Anti-debugging bypass techniques Autonomous Frida Analysis: - LLM-guided instrumentation strategy - Static analysis integration - Iterative hook refinement based on findings - Goal-directed security testing RAPTOR Integration: - Added 'frida' mode to raptor.py launcher - Added 'frida-auto' mode for autonomous analysis - Updated help text and examples Usage: raptor-cli frida --attach 1234 --template ssl-unpin raptor-cli frida-auto --target ./binary --goal "Find memory corruption"
Created comprehensive Frida skill for Claude Code integration: - Template-based instrumentation (quick, targeted) - Autonomous LLM-guided analysis (intelligent, adaptive) - Integration with RAPTOR ecosystem - Example workflows and troubleshooting guide Enables natural language Frida instrumentation: '/frida - test this iOS app for SSL pinning' '/frida-auto - find API key leakage in com.example.app'
Created meta-level orchestrator that understands the complete RAPTOR ecosystem and intelligently coordinates all tools to achieve security goals. Key Features: - Tool capability awareness (what each tool does, when to use it) - Intelligent strategy selection via LLM - Tool synergy exploitation (static + dynamic analysis) - Feedback loops between tools - Goal-directed orchestration - Progress tracking and iteration Tool Ecosystem Understanding: - Semgrep: Fast pattern matching, good for initial triage - CodeQL: Deep dataflow, complex vulnerability chains - Frida: Runtime verification, behavior observation - AFL++: Fuzzing for crashes and memory corruption - Web Scanner: OWASP Top 10, web app testing - LLM Analysis: Cross-tool synthesis, prioritization Integration Strategies: - Static analysis → Frida verification - Frida behavior → CodeQL dataflow tracking - Fuzzing crashes → Frida + CodeQL root cause analysis - LLM guides tool selection at each iteration Usage: raptor-cli meta --target /path/to/project --goal "Find RCE vulns" The meta-orchestrator makes RAPTOR tools aware of each other and coordinates them intelligently to maximize security coverage.
Complete guide covering: - What was built (scanner, templates, autonomous mode, meta-orchestrator) - Usage examples for all modes - Tool synergy explanations - Integration architecture - Next steps and future enhancements Documents the first autonomous security framework where tools understand their ecosystem and coordinate intelligently.
Binary Environment Analysis: - Loaded libraries and dependency trees - Symlink detection (TOCTOU risks) - LD_PRELOAD injection opportunities - Environment variable monitoring - SUID/SGID binary detection - File descriptor enumeration - IPC mechanism tracking - Syscall monitoring - Dynamic linker hooking Finding Normalizer: - Unified finding format across all tools - SARIF parser (Semgrep/CodeQL) - JSON parser (Frida/AFL) - Finding merger (cross-tool correlation) - Confidence scoring - Exploit probability assessment Integration: - Binary context feeds to static analysis - Dependencies analyzed by Semgrep/CodeQL - Runtime behavior informs LLM decisions - JSONL audit trail compatibility This ensures Frida analysis includes the complete execution environment, not just the binary itself.
Comprehensive guide showing: - Data flow through entire system - Tool output format conversion - Meta-orchestrator decision making examples - Binary environment → static analysis loop - TOCTOU detection workflow - LD_PRELOAD attack surface analysis - Complete workflow from user request to report Visual diagrams and examples demonstrating how: - Finding normalizer converts all formats to unified JSON - LLM reasons about cross-tool findings - Frida discoveries feed back to static analysis - Dependencies are analyzed comprehensively - Tools achieve awareness of each other
Features: - Checks all Python packages (requests, litellm, frida-tools, etc.) - Checks external tools (Semgrep, CodeQL, AFL++, Frida, Ollama, etc.) - Validates API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY) - Checks file permissions - Verifies Python version (>= 3.8) - Color-coded output (green=OK, yellow=warning, red=failed) Auto-installation: - Offers to install missing dependencies - Generates install script for batch installation - Per-tool installation commands Usage: raptor-cli doctor # Check all dependencies raptor-cli doctor --install # Auto-install missing deps raptor-cli doctor --generate-script # Create install script raptor-cli doctor --json # JSON output for automation Categorized checks: - Python packages - Static analysis tools - Dynamic analysis tools - Fuzzing tools - LLM tools - Network tools - Binary analysis tools - System tools Exit codes: - 0: All required dependencies OK - 1: Required dependencies missing
Created raptor_doctor.py to verify all RAPTOR dependencies are installed and properly configured. Checks Python packages, external tools, API keys, and file permissions. Features: - Smart version detection (handles packages without __version__) - Category-based organization (Python, static-analysis, dynamic, etc.) - Color-coded output (✓ green, ⚠ yellow, ✗ red) - JSON output for automation - Auto-install capability (--install flag) - Script generation (--generate-script) - Distinguishes required vs optional dependencies Test Results (see RAPTOR_DOCTOR_TEST_RECEIPT.md): - ✓ All required dependencies detected correctly - ✓ Version checking works for litellm (no __version__) via importlib.metadata - ✓ JSON output format validated - ✓ Exit codes: 0 for success/warnings, 1 for failures - ✓ Passed: 11, Warnings: 5, Failed: 0 Dependencies Checked: Required: - Python packages: requests, litellm, instructor, pydantic, frida-tools - External tools: Semgrep, Frida CLI, Git, Python 3 - Web scanner: beautifulsoup4, playwright Optional: - CodeQL, AFL++, Ollama, Nmap, Binwalk Usage: python3 raptor_doctor.py # Check all dependencies python3 raptor_doctor.py --json # JSON output python3 raptor_doctor.py --install # Auto-install missing deps python3 raptor.py doctor # Via unified launcher Added 'doctor' mode to raptor.py for easy access.
Collaborator
|
nice!! let me read up what you've done and test some bits, but thank you for adding this PR. super cool |
Author
|
A premature push (it was supposed to be for my fork hah, but I'll have to own it now) I'm just ironing some things out but a dependency checker/doctor, a metabrain for interoperability awareness (possibly don't need that) and obviously Frida (it was more about Frida) |
- Frida autonomous mode now uses LLM to generate actual JavaScript hooks (not just function names) focused on exploitation primitives - New interactive.py: Manual app exploration with start/stop controls for GUI applications - hooks fire in real-time as user explores - New methodology.py: Exploitation-focused methodology engine with primitives (heap ops, credentials, network I/O, process control, etc.) - New platform.py: Cross-platform support for Linux, macOS, iOS, Windows, and Android with platform-specific library mappings - Fixed ARM64 macOS symbol resolution using getModuleByName() - Fixed model names in LLM config (claude-sonnet-4-20250514) - Added frida-interactive CLI command 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Collaborator
|
@Splinters-io are we good to get this merged? anything missing? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.