drbinary-chat-plugin

Deepbits Cyber Assistant Plugin for Claude Code

The Plugin equips Claude Code with advanced binary analysis capabilities for tasks such as incident response, malware investigation, and vulnerability assessment. It connects to the remote Dr. Binary MCP server over HTTP — no local server to install — and combines that with local system tools. To analyze a local file, Claude calls prepare_upload to obtain a one-time curl command, runs it to stream the file into a remote workspace, and then analyzes it with inspect_binary (Rizin triage), run_sandbox (rizin -qc and a full reverse-engineering toolkit), and dump_data (Ghidra decompilation). The plugin also exposes an Android/AOSP kernel CVE database for vulnerability research. Together with local Windows system scanning, browser hijacking detection, and registry/network monitoring, it transforms Claude Code into a powerful AI-assisted workspace for comprehensive system and binary security analysis.

Overview

The Claude Code Security Analysis Plugin extends Claude Code with advanced cybersecurity and binary-analysis capabilities, enabling developers and analysts to perform in-depth system investigations directly within their coding environment.

This plugin seamlessly integrates with both cloud-based analysis platforms and local security tools via the Model Context Protocol (MCP), creating a unified workspace for intelligent, AI-assisted security analysis.

Designed for incident response, malware forensics, and vulnerability research, the plugin empowers users to:

• 🧩 Investigate compromised systems to identify indicators of compromise (IoCs) and attack traces.

• 🦠 Analyze malware samples to uncover behaviors, persistence methods, and payloads.

• 🛡️ Perform vulnerability and exploit analysis, including Android/AOSP kernel CVE research and patch-status assessment.

• ⚙️ Combine cloud automation with local expertise, integrating Deepbits’ agentic binary-analysis capabilities into Claude Code.

Specialized Cybersecurity Capabilities

This plugin provides Claude Code with specialized cybersecurity features, including:

• 💻 Local Windows system scanning for malware, configuration weaknesses, and security issues.

• 🌐 Browser hijacking detection to identify malicious extensions or modified settings.

• 🧮 Windows Registry analysis to reveal persistence mechanisms or misconfigurations.

• 🧾 Suspicious file detection through behavioral and signature-based analysis.

• 🔗 Network connection monitoring for unusual or unauthorized communications.

• 🧠 Remote binary file analysis powered by Rizin/radare2, Ghidra, angr, qiling, and other advanced analysis frameworks.

Together, these capabilities transform Claude Code into a comprehensive cybersecurity co-pilot—bridging the gap between code intelligence, system defense, and binary analysis.

Features

🛡️ Security Scanning

• Comprehensive system security assessments
• Browser hijacking detection across Chrome, Firefox, Edge, and IE
• Windows Registry malware persistence detection
• Suspicious file system scanning
• Active network connection monitoring

🔍 Binary Analysis

• Upload local files to the remote workspace via a one-time curl (bytes never pass through the model context)
• Lightweight Rizin (rz-bin) triage with inspect_binary
• Deep, sandboxed analysis with run_sandbox + rizin -qc and a full RE toolkit (radare2, binwalk, angr, qiling, qemu, apktool, jadx, …)
• Full Ghidra decompilation with dump_data
• Malware classification, threat assessment, and IoC extraction

🧬 Android Kernel CVE Research

• Look up individual CVEs and their affected version ranges, fixes, and bug-inducing commits
• Find CVEs by AOSP kernel version, build date, or branch
• Identify unpatched and exploitable vulnerabilities for a branch at a point in time

🤖 Specialized Agent

The Cyber Security Analyst agent provides expert-level security analysis with:

• Structured threat assessment workflow
• Evidence-based reporting
• Risk prioritization (Critical/High/Medium/Low)
• Actionable remediation steps

Installation

The plugin connects directly to the remote Dr. Binary MCP server (https://mcp.deepbits.com/mcp) over HTTP — there is no local MCP server to install or run.

1. Run Claude Code:

   claude
   

2. Add the marketplace:

   /plugin marketplace add DeepBitsTechnology/claude-plugins
   

3. Install the plugin:

   /plugin install drbinary-chat-plugin@deepbits
   

4. Connect and authenticate:

   /mcp
   

   Connecting to the drbinary server opens a browser-based sign-in. Log in with Google or GitHub SSO — no manual account creation is required. Once authenticated, the binary-analysis and kernel-CVE tools are available.

Important Configuration

MCP Timeout Setting