Raunaksplanet/JAR-Reverse-Engineering-Tool — reverse-engineered prompt

Build me a simple Python tool that I can point at a Java JAR file and get a useful reverse engineering report without a bunch of setup. I want it to unpack the JAR, read the manifest, show me the package and file structure, and then scan both the raw contents and decompiled source for things like hardcoded passwords, tokens, AWS keys, JDBC URLs, internal IPs, risky command execution, reflection use, weak crypto, hardcoded web URLs, and suspicious base64 blobs.

Please make decompilation work out of the box with CFR downloading itself automatically the first time, and also let me choose JADX or Fernflower if they are available. I also want a fast mode that skips decompilation and only does the raw scan. Save everything into an output folder next to the JAR, including extracted files, decompiled Java source, and a findings.txt report grouped by category with file names and line hints where possible.

Keep it as a clean command line script, Python 3.10+, no extra packages if possible. Look up current docs online if you need to.