Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Re Leak Scan

БесплатноНе проверен

MCP server for detecting publisher telemetry pipeline leaks in binary artifacts by scanning for sensitive strings like Sentry DSNs, Slack tokens, and AWS keys.

GitHubEmbed

Описание

MCP server for detecting publisher telemetry pipeline leaks in binary artifacts by scanning for sensitive strings like Sentry DSNs, Slack tokens, and AWS keys.

README

MCP server for detecting publisher telemetry pipeline leaks in binary artifacts. Scans the file's string table for:

  • Sentry DSNs (with embedded public auth) — enables forged crash-report submission
  • Logstash / log-ingestion URLs — internal observability infrastructure
  • Confluence wiki page links — often engineering-only docs / secrets
  • Google Drive document URLs — publisher-internal documents
  • AWS access key IDs — long-lived credentials
  • Slack tokens — long-lived API credentials
  • Generic high-entropy hex strings — possible keys / secrets

The output is vendor-neutral: pattern categories describe observable string content, not specific publishers.

Why

The 2026-06-05 stress test surfaced a new attack-surface class that the existing tools did not cover:

  • Sample A (GameAssembly.dll): 16,236 Google Drive URL matches — the bulk are publisher-internal design documents.
  • Sample B (CrimsonDesert.exe): a Sentry DSN with embedded auth, a Logstash ingestion URL, an internal dev server URL, and a Confluence wiki page link — all in plaintext, all unprotected by the encrypted-VM bytecode anti-tamper.

re-leak-scan fills that gap. It is pure-Python (no .NET, no system tools), works on any binary file, and is the .re-leak-scan / .re-telemetry-extract foundation for the re-leak-scan and re-telemetry-extract skills.

Tools

Tool What it does
check_leak_scan Health check — return pattern catalog + httpx availability
extract_strings Walk the file, extract ASCII + UTF-16LE printable strings
find_secrets Apply the regex catalog over a binary's string table
scan Full pipeline: extract → apply all detectors → return findings
verify_sentry_dsn Parse a Sentry DSN + probe <host>/api/0/projects/.../ to confirm liveness
verify_confluence_url Probe a Confluence URL to confirm reachability + anon-access

Install

Part of the RE-AI plugin; ./install.sh installs the package. To install standalone:

pip install -e ./servers/re-leak-scan
# Optional: live verification (Sentry / Confluence HTTP probes)
pip install -e './servers/re-leak-scan[verify]'

Run

re-leak-scan                          # stdio transport (default for MCP)
python -m re_leak_scan                # equivalent

Pattern catalog

The 7 patterns are defined in src/re_leak_scan/patterns.py. Adding a new one is a 6-line dataclass entry. The patterns are all vendor-neutral — they match the URL schemes of public infrastructure (Sentry.io, Logstash, Atlassian Confluence, Google Docs) without naming any specific publisher.

Active verification

verify_sentry_dsn and verify_confluence_url make outbound HTTP requests. By default, they are passive — they only check that the endpoint responds. They do not submit forged crash reports, do not authenticate, and do not exfiltrate the leaked data.

If you run these in an air-gapped environment, the verifier returns verified: false, reason: "connection failed: ..." — the leak detection itself is unaffected.

from github.com/Heretek-RE/re-leak-scan

Установка Re Leak Scan

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/Heretek-RE/re-leak-scan

FAQ

Re Leak Scan MCP бесплатный?

Да, Re Leak Scan MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Re Leak Scan?

Нет, Re Leak Scan работает без API-ключей и переменных окружения.

Re Leak Scan — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Re Leak Scan в Claude Desktop, Claude Code или Cursor?

Открой Re Leak Scan на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Re Leak Scan with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории communication