explaingit

wpeace-hch/wpegpt-analyzer

Analysis updated 2026-05-18

36PowerShellAudience · researcherComplexity · 4/5Setup · hard

TLDR

A skill that drives IDA and a WPeGPT plugin to automatically reverse engineer PE and ELF binaries and produce a structured analysis report.

Mindmap

mindmap
  root((WPeGPT-Analyzer))
    What it does
      Automated reverse engineering
      IDA plus WPeGPT
    Tech stack
      IDA
      Python
      PowerShell
    Use cases
      Malware triage
      Vulnerability scan
      Network IOC extraction
    Audience
      Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automatically reverse engineer a suspicious executable to identify its purpose.

USE CASE 2

Extract network indicators like IPs and domains from a binary sample.

USE CASE 3

Get a ranked list of suspicious functions in a program for manual review.

What is it built with?

IDAPythonPowerShellWPeGPT

How does it compare?

wpeace-hch/wpegpt-analyzersbousseaden/edrunchokerzaxardery8011-design/soplint
Stars363539
LanguagePowerShellPowerShellPowerShell
Setup difficultyhardmoderatemoderate
Complexity4/53/53/5
Audienceresearcherops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires IDA 7.6+ with the WPeGPT plugin installed, Python 3, and Windows.

In plain English

WPeGPT Analyzer is a portable skill that connects the IDA disassembler to a plugin called WPeGPT, so an AI agent can perform automatic reverse engineering analysis of executable files. It supports both PE and ELF binary formats and works with any AI agent system that can load this kind of skill file. The skill starts IDA automatically, drives it with the WPeGPT plugin, and produces a structured report about the file being examined. That report covers the likely purpose and behavior of the program, network indicators such as IP addresses, domains, URLs, and ports if any network activity is detected, a ranked list of suspicious functions with notes on why each stood out, and, in one of its modes, a vulnerability assessment with risk ratings. There are three analysis modes. The light mode, which is the default, does a broad scan plus analysis of key code paths and takes about two to five minutes. The full mode adds analysis of every function in the binary and takes ten to thirty minutes. The vuln mode focuses only on vulnerability analysis of key code paths and takes five to twenty minutes. To use it, someone needs IDA version 7.6 or later with the WPeGPT plugin already installed and working, Python 3 with the openai and httpx packages, and a Windows machine, since the launch scripts are PowerShell and Batch files. After installing the WPeGPT plugin into IDA's plugins folder and filling in a small config file with the IDA and Python paths, the skill can be added to an AI agent's skill directory. A person can then simply ask the agent to analyze a specific file, and it handles starting IDA, detecting the binary's architecture, running the scan, and summarizing the resulting report.

Copy-paste prompts

Prompt 1
Use the wpegpt-analyzer skill to run a light analysis on this sample.exe.
Prompt 2
Ask wpegpt-analyzer to do a full function-by-function analysis of this binary.
Prompt 3
Have wpegpt-analyzer check this ELF file for vulnerabilities.
Prompt 4
Set up WPeGPT-Analyzer with IDA so I can reverse engineer malware samples.

Frequently asked questions

What is wpegpt-analyzer?

A skill that drives IDA and a WPeGPT plugin to automatically reverse engineer PE and ELF binaries and produce a structured analysis report.

What language is wpegpt-analyzer written in?

Mainly PowerShell. The stack also includes IDA, Python, PowerShell.

How hard is wpegpt-analyzer to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is wpegpt-analyzer for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.