At　EUROCRYPT　2021,　Bao　et　al.　proposed　an　automatic　method　for　systematically　exploring　the　configuration　space　of　meet-in-the-middle　(MITM)　preimage　attacks.　We　further　extend　it　into　a　constraint-based　framework　for　finding　exploitable　MITM　characteristics　in　the　context　of　key-recovery　and　collision　attacks　by　taking　the　subtle　peculiarities　of　both　scenarios　into　account.　Moreover,　to　perform　attacks　based　on　MITM　characteristics　with　nonlinear　constrained　neutral　words,　which　have　not　been　seen　before,　we　present　a　procedure　for　deriving　the　solution　spaces　of　neutral　words　without　solving　the　corresponding　nonlinear　equations　or　increasing　the　overall　time　complexities　of　the　attack.　We　apply　our　method　to　concrete　symmetric-key　primitives,　including　SKINNY,　ForkSkinny,　Romulus-H,　Saturnin,　Grostl,　WHIRLPOOL,　and　hashing　modes　with　AES-256.　As　a　result,　we　identify　the　first　23-round　key-recovery　attack　on　SKINNY-n-3n　and　the　first　24-round　key-recovery　attack　on　ForkSkinny-n-3n　in　the　single-key　model.　Moreover,　improved　(pseudo)　preimage　or　collision　attacks　on　round-reduced　WHIRLPOOL,　Grostl,　and　hashing　modes　with　AES-256　are　obtained.　In　particular,　employing　the　new　representation　of　the　AES　key　schedule　due　to　Leurent　and　Pernot　(EUROCRYPT　2021),　we　identify　the　first　preimage　attack　on　10-round　AES-256　hashing.