xxd
Generate hexdumps and ASCII representations of files for malware analysis. Supports length limits, column formatting, binary mode, and customizable offsets to inspect file contents thoroughly.
Instructions
Create a hexdump with ASCII representation
Example usage:
Standard xxd dump: { "target": "suspicious.exe" }
With length limit: { "target": "suspicious.exe", "length": 256 }
With column formatting: { "target": "suspicious.exe", "cols": 16 }
Binary bits mode: { "target": "suspicious.exe", "bits": true }
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| bits | No | Switch to bits (binary) dump | |
| cols | No | Format output into specified number of columns | |
| length | No | Number of bytes to display | |
| offset | No | Starting offset in the file | |
| options | No | Additional command-line options | |
| target | Yes | Target file or data to analyze |
Implementation Reference
- commands.js:142-162 (handler)Core handler logic for the xxd tool: constructs the xxd shell command with user-provided options for length, offset, columns, and binary mode.buildCommand: (args) => { let options = args.options ? args.options : ''; if (args.length) { options += ` -l ${args.length}`; } if (args.offset) { options += ` -s ${args.offset}`; } if (args.cols) { options += ` -c ${args.cols}`; } if (args.bits) { options += ' -b'; } return `xxd ${options} ${args.target}`; },
- commands.js:136-141 (schema)Zod input schema definition for the xxd MCP tool, extending the base schema with specific parameters for hexdump customization.schema: baseCommandSchema.extend({ length: z.number().optional().describe("Number of bytes to display"), offset: z.number().optional().describe("Starting offset in the file"), cols: z.number().optional().describe("Format output into specified number of columns"), bits: z.boolean().optional().describe("Switch to bits (binary) dump") }),
- serverMCP.js:113-117 (registration)Registration of xxd (and other specialized tools) in MCP listTools handler by mapping commands config to tool definitions with name, description, and schema.const specializedTools = Object.values(commands).map(cmd => ({ name: cmd.name, description: cmd.description + (cmd.helpText ? '\n' + cmd.helpText : ''), inputSchema: zodToJsonSchema(cmd.schema), }));
- serverMCP.js:130-163 (handler)MCP CallToolRequestSchema handler for xxd: parses and validates input with xxd schema, builds command using xxd buildCommand, executes via shellCommand, returns result.if (commands[name]) { try { const cmdConfig = commands[name]; // Validate arguments against schema const validationResult = cmdConfig.schema.safeParse(args); if (!validationResult.success) { return { content: [{ type: "text", text: `Error: Invalid parameters for ${name} command.\n${JSON.stringify(validationResult.error.format())}` }], isError: true, }; } // Build the command string const commandStr = cmdConfig.buildCommand(validationResult.data); console.error(`Executing specialized command: ${commandStr}`); // Execute the command via the terminal manager const result = await terminalManager.shellCommand(commandStr); console.error(`${name} command executed with PID: ${result.pid}, blocked: ${result.isBlocked}`); return { content: [{ type: "text", text: JSON.stringify(result) }], }; } catch (error) { console.error(`Error executing ${name} command:`, error); return { content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }], isError: true, }; }