aeondave/radare2
offensive-tools/re/radare2/SKILL.md
CLI reverse engineering framework with disassembly, debugging, scripting, and binary patching. Use when analyzing binaries headlessly, scripting RE tasks, patching executables, or working in resource-constrained environments.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill radare2Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 9:22 PM59.4s1 file scanned
SKILL.md
- name:
- radare2
- description:
- CLI reverse engineering framework with disassembly, debugging, scripting, and binary patching. Use when analyzing binaries headlessly, scripting RE tasks, patching executables, or working in resource-constrained environments.
- license:
- MIT
- compatibility:
- C; Linux/macOS/Windows; apt install radare2 or github.com/radareorg/radare2
- author:
- AeonDave
- version:
- 1.0
Radare2
CLI RE framework — disassemble, debug, patch, and script binary analysis.
Quick Start
# Open binary (read-only)
r2 ./binary
# Analyze all (auto-analysis)
> aaa
# List functions
> afl
# Disassemble function
> pdf @ main
# Print strings
> iz
# Quit
> q
Essential Commands
| Command | Purpose |
|---------|---------|
| aaa | Full auto-analysis |
| afl | List all functions |
| pdf @ FUNC | Disassemble function |
| s ADDR | Seek to address |
| iz | Print strings in binary |
| iS | List sections |
| ii | List imports |
| px N @ ADDR | Hex dump N bytes at ADDR |
| ood | Reopen in debug mode |
| dc | Continue execution |
| dr | Show registers |
| VV | Visual graph mode |
| / | Search bytes/strings |
Common Workflows
Quick static triage:
r2 malware.exe
> aaa; afl; iz; ii
> pdf @ sym.main
Patch a jump:
r2 -w ./binary
> s 0x401234 # seek to instruction
> wa jmp 0x401300 # write assembly
> q
Script with r2pipe (Python):
import r2pipe
r2 = r2pipe.open('./binary')
r2.cmd('aaa')
print(r2.cmd('afl'))
Resources
| File | When to load |
|------|--------------|
| references/ | r2pipe scripting and debugging shortcuts |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026