Skip to main content
Glama
Heretek-RE

re-leak-scan

by Heretek-RE

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
check_leak_scanA

Return pattern-catalog summary + dependency availability.

Always returns status: OK (this server has no external system-tool dependencies — pure Python).

The optional [verify] extra adds httpx for live verification of Sentry / Confluence endpoints. When missing, :func:verify_sentry_dsn and :func:verify_confluence_url return {"verified": False, "reason": "httpx not installed"} — the leak detection itself is unaffected.

extract_stringsA

Extract printable ASCII and UTF-16LE strings from path.

Args: path: file to scan min_length: minimum string length (default 8) max_strings: per-encoding cap (default 50,000)

Returns a dict with ascii and utf16le arrays of {"string", "offset", "encoding"}. This is the raw string extraction — pass the result to :func:find_secrets for the leak-detection pass.

On a 500+ MB GameAssembly.dll, prefer the section-aware :func:re-lief.categorize_strings instead; this implementation walks the file linearly and may be slow.

find_secretsA

Run the regex leak catalog over path's string table.

Args: path: file to scan detector_set: comma-separated list of pattern names to apply (default: all categories except the noisy generic-hex-secret). Use detector_set="all" for the full catalog. min_length: minimum string length passed to :func:extract_strings max_per_category: per-category match cap (default 200)

Returns::

{
  "path": "...",
  "totals": {"strings_seen": N, "matches": N},
  "truncated": bool,
  "categories_run": ["sentry-dsn", ...],
  "by_category": {
    "sentry-dsn": {"count": N, "risk": "HIGH", "description": "...",
                   "matches": [{"string": "...", "offset": N, ...}]},
    ...
  },
}
scanA

Full pipeline: extract strings → apply all detectors → return findings.

Convenience wrapper for the typical workflow. Equivalent to find_secrets(path, detector_set="all", max_per_category=...).

Returns the same shape as :func:find_secrets.

verify_sentry_dsnA

Parse a Sentry DSN and (if httpx is available) probe the Sentry host to confirm reachability.

Args: dsn: a single Sentry DSN string (the full URL, including the https://key@host/project_id form)

Returns::

{"dsn": "...", "parsed": {"host": "...", "project_id": N,
                           "public_key": "..."},
 "verified": bool, "http_status": N | None, "reason": "..."}

The probe hits <host>/api/0/projects/<org>/<project>/ with the public key. A 200/401/403/404 means the endpoint is reachable (the specific status tells you whether the key has project access). A connection error or timeout means the host is unreachable from the analyst's network.

verify_confluence_urlA

Probe a Confluence URL to confirm reachability + anon-access.

Returns::

{"url": "...", "verified": bool, "http_status": N | None,
 "anon_accessible": bool, "reason": "..."}

A 200 means the page is publicly readable (anon-accessible). A 401/403 means it's behind auth (still reachable). A connection error means unreachable.

Note: this only checks the URL — the actual content of the Confluence page is the analyst's responsibility.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Heretek-RE/re-leak-scan'

If you have feedback or need assistance with the MCP directory API, please join our Discord server