[FEATURE]: Adds Phase 6 - reverse engineering capabilites to shannon pentesting pipeline

[BandiAkarsh]

Currently, Shannon is limited to web application penetration testing (Phases 1-5). However, modern security assessments often require analyzing:

• Binary executables (ELF, PE, Mach-O) for vulnerabilities
• Mobile applications (APK, IPA) for insecure coding practices
• Firmware images for backdoors and misconfigurations
• Malware samples for threat intelligence

Security professionals need a unified tool that can handle both web pentesting AND reverse engineering tasks, rather than switching between multiple disconnected tools.

Describe the solution you'd like

I propose adding Phase 6 - Reverse Engineering to the Shannon pipeline with 5 new specialized agents that follow Shannon's existing architecture patterns:

New Agents

1. re-binary - Binary Executable Analysis

   • Analyzes compiled binaries (ELF, PE, Mach-O)
   • Identifies hardcoded credentials, buffer overflows, dangerous functions
   • Uses: Rizin, Detect It Easy (DIE), strings analysis
   • Output: re_binary_analysis_deliverable.md

2. re-mobile - Mobile Application Analysis

   • Analyzes Android (APK) and iOS (IPA) applications
   • Detects hardcoded secrets, insecure storage, weak cryptography
   • Uses: MobSF, JADX, apktool
   • Output: re_mobile_analysis_deliverable.md

3. re-firmware - Firmware Analysis

   • Extracts and analyzes embedded device firmware
   • Discovers backdoors, hardcoded credentials, insecure services
   • Uses: Binwalk, firmware extraction tools
   • Output: re_firmware_analysis_deliverable.md

4. re-malware - Malware Static Analysis

   • Performs static analysis of suspicious samples
   • Extracts IoCs (Indicators of Compromise), classifies threats
   • Uses: YARA, string analysis, import analysis
   • Output: re_malware_analysis_deliverable.md

5. re-report - RE Report Compilation

   • Aggregates findings from all RE phases
   • Generates comprehensive report with risk prioritization
   • Output: re_comprehensive_analysis_report.md

Architecture

Existing Pipeline:
Phase 1: Pre-Recon → Phase 2: Recon → Phase 3: Vuln Analysis → 
Phase 4: Exploitation → Phase 5: Reporting

Proposed Extension:
... Phase 5: Reporting → Phase 6: Reverse Engineering
                        (re-binary → re-mobile → re-firmware → 
                         re-malware → re-report)

• Sequential Execution: RE agents run sequentially (not parallel) to accommodate resource constraints (works with 15GB RAM)
• Prerequisites: report → re-binary → re-mobile → re-firmware → re-malware → re-report
• New Phase: All RE agents map to 'reverse-engineering' phase for metrics
• Zero Breaking Changes: Purely additive, no modifications to existing agents

Implementation Details

New Files:

• prompts/re-binary.txt - Prompt template for binary analysis
• prompts/re-mobile.txt - Prompt template for mobile analysis
• prompts/re-firmware.txt - Prompt template for firmware analysis
• prompts/re-malware.txt - Prompt template for malware analysis
• prompts/re-report.txt - Prompt template for report compilation

Modified Files:

• src/types/agents.ts: Add RE agents to ALL_AGENTS, add REType type, add REAnalysisDecision interface, extend PhaseName
• src/session-manager.ts: Register 5 RE agents with AGENTS, AGENT_PHASE_MAP, MCP_AGENT_MAPPING, AGENT_VALIDATORS

Required Docker Images

Users will need these additional Docker images:

docker pull remnux/rizin:latest
docker pull cincan/binwalk:latest
docker pull remnux/die
docker pull deefence/yarahunter
docker pull opensecurity/mobile-security-framework-mobsf:latest
docker pull blacktop/ghidra:latest

### Describe alternatives you've considered

1. Separate Tool: Create a standalone RE tool instead of integrating into Shannon
   - *Rejected*: Fragmented workflow, loses integration with existing audit system
   
2. Plugin Architecture: Make RE capabilities optional plugins
   - *Rejected*: Would require significant architectural changes to core
   
3. Parallel Execution: Run RE agents in parallel like vulnerability analysis
   - *Rejected*: Requires 32GB+ RAM; sequential execution ensures accessibility


### Additional context

This feature has been implemented and tested locally. The implementation:
- ✅ Follows Shannon's exact architectural patterns
- ✅ Uses existing infrastructure (Temporal, MCP, deliverable system)
- ✅ Maintains AGPL-3.0 license compliance
- ✅ Adds 1,716 lines across 7 files (5 new, 2 modified)
- ✅ Ready for immediate use

The implementation is available at: https://github.com/BandiAkarsh/shannon

## Use Cases

1. **IoT Security Assessment**: Analyze firmware of IoT devices alongside their web interfaces
2. **Mobile App Audit**: Test both mobile app (APK) and backend API simultaneously
3. **Malware Investigation**: Analyze suspicious binaries found during web pentest
4. **Red Team Operations**: Comprehensive analysis of all attack surfaces
5. **Supply Chain Security**: Analyze third-party binaries and libraries

## Checklist

- [x] I have searched existing issues to ensure this is not a duplicate
- [x] I have provided a clear description of the feature
- [x] I have considered the impact on existing functionality
- [x] I have a working implementation available
- [x] I am willing to submit a Pull Request

---

**Would you be open to accepting a Pull Request for this feature?** I'm happy to address any feedback or make adjustments to align with the project's roadmap.