ctf-skills

Name: ctf-skills
Author: ljagiello

Verified

Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more

2,397stars

293forks

Python

Installation

# Add to your Claude Code skills
git clone https://github.com/ljagiello/ctf-skills

Getting Started

Guides for using ai agents skills like ctf-skills.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 4/26/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-04-26T06:09:13.385Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is ctf-skills?

ctf-skills is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by ljagiello. Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more. It has 2,397 GitHub stars.

Is ctf-skills safe to use?

Yes. ctf-skills passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install ctf-skills?

Clone the repository with "git clone https://github.com/ljagiello/ctf-skills" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is ctf-skills written in?

ctf-skills is primarily written in Python. It is open-source under ljagiello on GitHub, so you can review or fork the full source.

Are there alternatives to ctf-skills?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh ctf-skills against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

215,726

AI-research-SKILLs super-agent-party

ctf-skills

Agent Skills for solving CTF challenges — web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more. Works with any tool that supports the Agent Skills spec, including Claude Code.

Installation

npx skills add ljagiello/ctf-skills

Run with Friday Studio

Want these skills as part of a real workflow — schedules, signals, MCP tools, memory, the works? Drop them into Friday, the shareable AI workspace runtime from Tempest Labs.

Friday Studio loads skills into agent context on demand and runs them inside reproducible workspaces that you can trigger from chat, on a cron, or over HTTP. Everything runs locally, your data stays on your machine, and every step is logged so you can see exactly what the agent did during a challenge.

To add these skills to Friday Studio:

Install Friday from hellofriday.ai (macOS).
Open Skills in the Studio sidebar and click + Add.
Import individual skills by reference (e.g. ljagiello/ctf-skills/ctf-web), or upload this repo as a folder.
Reference them from any workspace.yml, or let agents load them automatically based on the skill description.

See the Friday Skills docs for the full workflow, and the Friday blog — including AI Drift: The Hidden Cost of Building with AI — for the philosophy behind it.

Environment Setup

Two setup strategies depending on your workflow:

Pre-install (recommended before competitions)

Use the central installer entrypoint:

bash scripts/install_ctf_tools.sh all

Run a narrower mode when you only want one tool group:

bash scripts/install_ctf_tools.sh python
bash scripts/install_ctf_tools.sh apt
bash scripts/install_ctf_tools.sh brew
bash scripts/install_ctf_tools.sh gems
bash scripts/install_ctf_tools.sh go
bash scripts/install_ctf_tools.sh manual

Preview what would be installed (skips already-present packages):

bash scripts/install_ctf_tools.sh --dry-run all

Verify what's already installed:

bash scripts/install_ctf_tools.sh --verify

Use --force to reinstall everything regardless of what's already present. Install logs are saved to ~/.ctf-tools/.

The full package lists now live in scripts/install_ctf_tools.sh.

On-demand (during challenges)

Each skill's SKILL.md has a Prerequisites section listing only the tools needed for that category. Install as you go when the agent encounters a missing tool.

Skills

Skill	Files	Description
ctf-ai-ml	3	Model weight perturbation negation, adversarial examples (FGSM, PGD, C&W), foolbox L1BasicIterativeAttack Keras evasion, hand-rolled Keras FGSM via K.gradients, prompt injection, LLM jailbreaking, model extraction, membership inference, neural network collision, LoRA adapter exploitation, gradient descent inversion, data poisoning, backdoor detection, token smuggling, context window manipulation
ctf-web	20	SQLi (EXIF metadata injection, keyword fragmentation bypass, MySQL column truncation, DNS record injection, ORDER BY CASE WHERE bypass, QR code input injection, double-keyword filter bypass, MySQL session variable dual-value injection, information_schema.processlist race condition leak, PHP PCRE backtrack limit WAF bypass, BETWEEN operator tautology bypass, Host header injection + PROCEDURE ANALYSE(), INSERT ON DUPLICATE KEY UPDATE password overwrite, MySQL innodb_table_stats WAF bypass), XSS (AngularJS 1.x sandbox escape via charAt/trim override, Chrome Unicode URL normalization bypass, Referer header injection + WebRTC IP leak), SSTI (Vue.js toString.constructor injection), SSRF (Host header, DNS rebinding, ElasticSearch Groovy script_fields RCE, rogue MySQL server LOAD DATA LOCAL file read), JWT (JWK/JKU/KID injection), prototype pollution, file upload RCE (BMP pixel webshell + filename truncation bypass), Node.js VM escape, XXE (DOCX/Office XML upload), JSFuck, Web3/Solidity (reentrancy DAO pattern), delegatecall abuse, transient storage clearing collision, Groth16 proof forgery, phantom market unresolve, HAProxy bypass, polyglot XSS, CVEs (Apache CVE-2012-0053 HttpOnly cookie leak), HTTP TRACE bypass, LLM jailbreak, Tor fuzzing, SSRF→Docker API RCE, PHP type juggling, PHP assert() string evaluation injection, PHP LFI / php://filter (+ /dev/fd symlink bypass), PHP zip:// wrapper LFI via PNG/ZIP polyglot, PHP extract() variable overwrite, PHP backtick eval under character limit, PHP variable variables ($$var) abuse, PHP uniqid() predictable filename, PHP ReDoS code execution skip, PHP SoapClient CRLF SSRF via __call() deserialization, Python str.format() attribute traversal info leak, DOM XSS jQuery hashchange, XML entity WAF bypass, React Server Components Flight RCE (CVE-2025-55182), XS-Leak timing oracle, GraphQL CSRF, Unicode case folding XSS (long-s U+017F), Unicode homoglyph path traversal (U+2E2E), CSS font glyph container query exfiltration, Hyperscript CDN CSP bypass, PBKDF2 prefix timing oracle, SSTI `__dict__.update()` quote bypass, ERB SSTI Sequel bypass, affine cipher OTP brute-force, Express.js `%2F` middleware bypass, IDOR on WIP endpoints, Apache mod_status info disclosure + session forging, Apache mod_rewrite PATH_INFO bypass, Nginx alias traversal .env leak, OAuth/OIDC exploitation, OAuth email subaddressing bypass, CORS misconfiguration, hash length extension attack (hashpumpy), Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF bypass, Castor XML xsi:type JNDI, Apache ErrorDocument expression file read, SAML XPath digest smuggling (CVE-2024-45409), PaperCut auth bypass (CVE-2023-27350), Zabbix SQLi (CVE-2024-22120), CI/CD variable theft, git history credential leak, identity provider API takeover, Guacamole connection extraction, login page poisoning, TeamCity REST API RCE, Squid proxy pivoting, LaTeX injection RCE, LaTeX mpost restricted write18 bypass, Java deserialization (ysoserial, XMLDecoder RCE), .NET JSON TypeNameHandling $type deserialization, Python pickle RCE (+ STOP opcode chaining), XPath blind injection, race conditions (TOCTOU), client-side HMAC bypass via leaked JS secret, SQLite file path traversal string equality bypass, PHP preg_replace /e RCE, Prolog injection, HQL non-breaking space parser mismatch injection, sendmail parameter injection, base64-encoded path traversal LFI, terminal control character obfuscation, CSP bypass via Cloud Run whitelisted domain, multi-barcode concatenation shell injection, CSP nonce bypass via base tag hijacking, JA4/JA4H TLS fingerprint matching, git CLI newline injection, XSSI via JSONP callback exfiltration, Shift-JIS encoding SQLi (multi-byte charset mismatch), PHP serialization length manipulation via filter expansion, CSP bypass via link prefetch, bash brace expansion space-free injection, XML injection via X-Forwarded-For header, Common Lisp reader macro injection, base64 decode leniency signature bypass, Windows 8.3 short filename path traversal bypass, URL parse_url() @ symbol SSRF bypass, SSRF parse_url/curl double-@ discrepancy, TOTP recovery via PHP srand(time()) seed weakness, Ruby ObjectSpace memory scanning, Ruby Regexp.escape multibyte bypass, GraphQL injection (introspection, query batching/aliasing, string interpolation), PHP7 OPcache binary webshell + LD_PRELOAD disable_functions bypass, wget GET parameter filename trick, tar filename command injection, XSS to SSTI chain via Flask error pages, INSERT INTO dual-field SQLi column shift, session cookie forgery via timestamp-seeded PRNG, PNG/PHP polyglot upload + double extension + disable_functions scandir bypass, cross-origin cookie XSS via shared parent domain, XSS dot-filter bypass via decimal IP + bracket notation, editor backup file (~/.swp) source disclosure, date -f arbitrary file read, sequential regex replacement bypass, Java hashCode() collision auth bypass, SQLite randomblob() blind timing oracle, wget CRLF SSRF-to-SMTP injection, CSS @font-face unicode-range exfiltration, Gopher SSRF to MySQL blind SQLi, PHP hash_hmac NULL via array bypass, Smarty SSTI CVE-2017-1000480, vsprintf double-prepare format string SQLi, custom serializer integer overflow field injection, postMessage null origin bypass via data: URI iframe, WAV polyglot upload via `.wave` extension bypass, SNI-based FTP protocol smuggling through HTTPS, Apache mod_vhost_alias docroot override via Host header, unescaped-dot SSRF regex allowlist bypass, PHP eval regex bypass via `current(getallheaders())`, Python f-string format injection blind extraction, CSP bypass via attacker-controlled mime-type for same-origin scripts, React `__reactInternalInstance$` component state extraction, PHP parse_str() variable injection, SQLi inline comment multi-field split, PHP full-width dollar regex anchor bypass, MySQL REGEXP byte-by-byte oracle with backtick comment bypass, LDAP filter breakout with wildcard injection, Jinja2 SSTI via globals.self.exec() string concat bypass, web.py reparam() eval + subclasses with blanked builtins, Redis Lua redis.call() injection, unanchored regex command injection, Java TiedMapEntry + LazyMap reflection HashMap patch, X-Forwarded-Host CDN template fetch cache poisoning, std::unordered_set bucket collision auth bypass, AES cookie length-field truncation + CRC32 swap, multi-slash URL `path.startswith` bypass, Xalan XSLT math:random() seed guess, SoapClient _user_agent CRLF HTTP method smuggling, `gopher:///` no-host URL scheme bypass, SSRF credential leak via attacker-specified outbound URL, nodeprep.prepare Unicode homograph username collision, PHP (int) cast leading-number path traversal, recursive-replac