Which integrations are available for this server?

Detects leaked Confluence wiki page links in binary artifacts, which may expose internal documentation, with optional live verification of reachability and anonymous access. Detects leaked Google Drive document URLs in binary artifacts, which often point to publisher-internal documents. Detects leaked Logstash or log-ingestion URLs in binary artifacts, which may reveal internal observability infrastructure. Detects leaked Sentry DSNs in binary artifacts, enabling identification of potential forged crash-report submission endpoints, with optional live verification of the Sentry host. Detects leaked Slack tokens in binary artifacts, which could provide long-lived API credentials.

How do I use re-leak-scan?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@re-leak-scan scan mygame.exe for leaked secrets" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

re-leak-scan

by Heretek-RE

Overview Schema Related Servers Score Discussions

Python

Local

re-leak-scan

MCP server for detecting publisher telemetry pipeline leaks in binary artifacts. Scans the file's string table for:

Sentry DSNs (with embedded public auth) — enables forged crash-report submission
Logstash / log-ingestion URLs — internal observability infrastructure
Confluence wiki page links — often engineering-only docs / secrets
Google Drive document URLs — publisher-internal documents
AWS access key IDs — long-lived credentials
Slack tokens — long-lived API credentials
Generic high-entropy hex strings — possible keys / secrets

The output is vendor-neutral: pattern categories describe observable string content, not specific publishers.

Why

The 2026-06-05 stress test surfaced a new attack-surface class that the existing tools did not cover:

Sample A (GameAssembly.dll): 16,236 Google Drive URL matches — the bulk are publisher-internal design documents.
Sample B (CrimsonDesert.exe): a Sentry DSN with embedded auth, a Logstash ingestion URL, an internal dev server URL, and a Confluence wiki page link — all in plaintext, all unprotected by the encrypted-VM bytecode anti-tamper.

re-leak-scan fills that gap. It is pure-Python (no .NET, no system tools), works on any binary file, and is the .re-leak-scan / .re-telemetry-extract foundation for the re-leak-scan and re-telemetry-extract skills.

Related MCP server: project-shield

Tools

Tool	What it does
`check_leak_scan`	Health check — return pattern catalog + `httpx` availability
`extract_strings`	Walk the file, extract ASCII + UTF-16LE printable strings
`find_secrets`	Apply the regex catalog over a binary's string table
`scan`	Full pipeline: extract → apply all detectors → return findings
`verify_sentry_dsn`	Parse a Sentry DSN + probe `<host>/api/0/projects/.../` to confirm liveness
`verify_confluence_url`	Probe a Confluence URL to confirm reachability + anon-access

Install

Part of the RE-AI plugin; ./install.sh installs the package. To install standalone:

pip install -e ./servers/re-leak-scan
# Optional: live verification (Sentry / Confluence HTTP probes)
pip install -e './servers/re-leak-scan[verify]'

Run

re-leak-scan                          # stdio transport (default for MCP)
python -m re_leak_scan                # equivalent

Pattern catalog

The 7 patterns are defined in src/re_leak_scan/patterns.py. Adding a new one is a 6-line dataclass entry. The patterns are all vendor-neutral — they match the URL schemes of public infrastructure (Sentry.io, Logstash, Atlassian Confluence, Google Docs) without naming any specific publisher.

Active verification

verify_sentry_dsn and verify_confluence_url make outbound HTTP requests. By default, they are passive — they only check that the endpoint responds. They do not submit forged crash reports, do not authenticate, and do not exfiltrate the leaked data.

If you run these in an air-gapped environment, the verifier returns verified: false, reason: "connection failed: ..." — the leak detection itself is unaffected.

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Heretek-RE/re-leak-scan'

If you have feedback or need assistance with the MCP directory API, please join our Discord server