Working on a minimal embedded Linux build with IronClaw. Need to understand every point where external data enters the system. Not just the obvious web API.
My usual approach:
* Static analysis on the C code for `read()`, `recv()`, `fgets()`.
* Parse Yocto recipes for enabled network services (`sshd`, `nginx`, `busybox` services).
* Look at `socat` usage or custom IPC sockets.
But IronClaw has its own plugin system and nano-agents. How do you map those hooks? Is there a tool that combines:
* Process listing with open file descriptors
* Netstat output
* And correlates it to the source code or build config?
Example from my last scan:
```bash
# Find all open sockets from processes
find /proc/net -type f -exec grep -l '' {} ;
```
This gives raw data, but mapping it back to the service that opened it is manual.
What's your method for a full, automated input surface map? Especially for custom IPC.