x42en/sysplant
Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP
This tool helps cybersecurity researchers and penetration testers generate custom Windows syscall hooking code. It takes your desired syscall retrieval method and a list of Windows API functions (like NtReadVirtualMemory) as input. It then outputs ready-to-use source code in languages like C, C++, Rust, or Nim, which can be compiled into malicious payloads or defensive security tools. The primary users are red team operators, malware developers, and security educators.
126 stars.
Use this if you need to create custom, low-level Windows binaries for offensive security or malware analysis that bypass traditional user-mode API hooking and logging.
Not ideal if you are looking for a high-level API for general application development or if you do not have a strong understanding of Windows internals and defensive evasion techniques.
Stars
126
Forks
12
Language
Nim
License
GPL-3.0
Category
Last pushed
Mar 06, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/x42en/sysplant"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
mrexodia/ida-pro-mcp
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
cyberkaida/reverse-engineering-assistant
MCP server for reverse engineering tasks in Ghidra 👩💻
symgraph/GhidrAssistMCP
An MCP extension for Ghidra
soth-ai/mcp-reticle
Reticle intercepts, visualizes, and profiles JSON-RPC traffic between your LLM and MCP servers...
sjkim1127/Reversecore_MCP
A security-first MCP server empowering AI agents to orchestrate Ghidra, Radare2, and YARA for...