by ljagiello
Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more
# Add to your Claude Code skills
git clone https://github.com/ljagiello/ctf-skillsLast scanned: 4/26/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-04-26T06:09:13.385Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}Agent Skills for solving CTF challenges — web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more. Works with any tool that supports the Agent Skills spec, including Claude Code.
npx skills add ljagiello/ctf-skills
Two setup strategies depending on your workflow:
Use the central installer entrypoint:
bash scripts/install_ctf_tools.sh all
Run a narrower mode when you only want one tool group:
bash scripts/install_ctf_tools.sh python
bash scripts/install_ctf_tools.sh apt
bash scripts/install_ctf_tools.sh brew
bash scripts/install_ctf_tools.sh gems
bash scripts/install_ctf_tools.sh go
bash scripts/install_ctf_tools.sh manual
Preview what would be installed (skips already-present packages):
bash scripts/install_ctf_tools.sh --dry-run all
Verify what's already installed:
bash scripts/install_ctf_tools.sh --verify
Use --force to reinstall everything regardless of what's already present. Install logs are saved to ~/.ctf-tools/.
The full package lists now live in scripts/install_ctf_tools.sh.
Each skill's SKILL.md has a Prerequisites section listing only the tools needed for that category. Install as you go when the agent encounters a missing tool.
No comments yet. Be the first to share your thoughts!
| Skill | Files | Description |
|-------|-------|-------------|
| ctf-ai-ml | 3 | Model weight perturbation negation, adversarial examples (FGSM, PGD, C&W), foolbox L1BasicIterativeAttack Keras evasion, hand-rolled Keras FGSM via K.gradients, prompt injection, LLM jailbreaking, model extraction, membership inference, neural network collision, LoRA adapter exploitation, gradient descent inversion, data poisoning, backdoor detection, token smuggling, context window manipulation |
| ctf-web | 20 | SQLi (EXIF metadata injection, keyword fragmentation bypass, MySQL column truncation, DNS record injection, ORDER BY CASE WHERE bypass, QR code input injection, double-keyword filter bypass, MySQL session variable dual-value injection, information_schema.processlist race condition leak, PHP PCRE backtrack limit WAF bypass, BETWEEN operator tautology bypass, Host header injection + PROCEDURE ANALYSE(), INSERT ON DUPLICATE KEY UPDATE password overwrite, MySQL innodb_table_stats WAF bypass), XSS (AngularJS 1.x sandbox escape via charAt/trim override, Chrome Unicode URL normalization bypass, Referer header injection + WebRTC IP leak), SSTI (Vue.js toString.constructor injection), SSRF (Host header, DNS rebinding, ElasticSearch Groovy script_fields RCE, rogue MySQL server LOAD DATA LOCAL file read), JWT (JWK/JKU/KID injection), prototype pollution, file upload RCE (BMP pixel webshell + filename truncation bypass), Node.js VM escape, XXE (DOCX/Office XML upload), JSFuck, Web3/Solidity (reentrancy DAO pattern), delegatecall abuse, transient storage clearing collision, Groth16 proof forgery, phantom market unresolve, HAProxy bypass, polyglot XSS, CVEs (Apache CVE-2012-0053 HttpOnly cookie leak), HTTP TRACE bypass, LLM jailbreak, Tor fuzzing, SSRF→Docker API RCE, PHP type juggling, PHP assert() string evaluation injection, PHP LFI / php://filter (+ /dev/fd symlink bypass), PHP zip:// wrapper LFI via PNG/ZIP polyglot, PHP extract() variable overwrite, PHP backtick eval under character limit, PHP variable variables ($$var) abuse, PHP uniqid() predictable filename, PHP ReDoS code execution skip, PHP SoapClient CRLF SSRF via __call() deserialization, Python str.format() attribute traversal info leak, DOM XSS jQuery hashchange, XML entity WAF bypass, React Server Components Flight RCE (CVE-2025-55182), XS-Leak timing oracle, GraphQL CSRF, Unicode case folding XSS (long-s U+017F), Unicode homoglyph path traversal (U+2E2E), CSS font glyph container query exfiltration, Hyperscript CDN CSP bypass, PBKDF2 prefix timing oracle, SSTI __dict__.update() quote bypass, ERB SSTI Sequel bypass, affine cipher OTP brute-force, Express.js %2F middleware bypass, IDOR on WIP endpoints, Apache mod_status info disclosure + session forging, Apache mod_rewrite PATH_INFO bypass, Nginx alias traversal .env leak, OAuth/OIDC exploitation, OAuth email subaddressing bypass, CORS misconfiguration, hash length extension attack (hashpumpy), Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF bypass, Castor XML xsi:type JNDI, Apache ErrorDocument expression file read, SAML XPath digest smuggling (CVE-2024-45409), PaperCut auth bypass (CVE-2023-27350), Zabbix SQLi (CVE-2024-22120), CI/CD variable theft, git history credential leak, identity provider API takeover, Guacamole connection extraction, login page poisoning, TeamCity REST API RCE, Squid proxy pivoting, LaTeX injection RCE, LaTeX mpost restricted write18 bypass, Java deserialization (ysoserial, XMLDecoder RCE), .NET JSON TypeNameHandling $type deserialization, Python pickle RCE (+ STOP opcode chaining), XPath blind injection, race conditions (TOCTOU), client-side HMAC bypass via leaked JS secret, SQLite file path traversal string equality bypass, PHP preg_replace /e RCE, Prolog injection, HQL non-breaking space parser mismatch injection, sendmail parameter injection, base64-encoded path traversal LFI, terminal control character obfuscation, CSP bypass via Cloud Run whitelisted domain, multi-barcode concatenation shell injection, CSP nonce bypass via base tag hijacking, JA4/JA4H TLS fingerprint matching, git CLI newline injection, XSSI via JSONP callback exfiltration, Shift-JIS encoding SQLi (multi-byte charset mismatch), PHP serialization length manipulation via filter expansion, CSP bypass via link prefetch, bash brace expansion space-free injection, XML injection via X-Forwarded-For header, Common Lisp reader macro injection, base64 decode leniency signature bypass, Windows 8.3 short filename path traversal bypass, URL parse_url() @ symbol SSRF bypass, SSRF parse_url/curl double-@ discrepancy, TOTP recovery via PHP srand(time()) seed weakness, Ruby ObjectSpace memory scanning, Ruby Regexp.escape multibyte bypass, GraphQL injection (introspection, query batching/aliasing, string interpolation), PHP7 OPcache binary webshell + LD_PRELOAD disable_functions bypass, wget GET parameter filename trick, tar filename command injection, XSS to SSTI chain via Flask error pages, INSERT INTO dual-field SQLi column shift, session cookie forgery via timestamp-seeded PRNG, PNG/PHP polyglot upload + double extension + disable_functions scandir bypass, cross-origin cookie XSS via shared parent domain, XSS dot-filter bypass via decimal IP + bracket notation, editor backup file (~/.swp) source disclosure, date -f arbitrary file read, sequential regex replacement bypass, Java hashCode() collision auth bypass, SQLite randomblob() blind timing oracle, wget CRLF SSRF-to-SMTP injection, CSS @font-face unicode-range exfiltration, Gopher SSRF to MySQL blind SQLi, PHP hash_hmac NULL via array bypass, Smarty SSTI CVE-2017-1000480, vsprintf double-prepare format string SQLi, custom serializer integer overflow field injection, postMessage null origin bypass via data: URI iframe, WAV polyglot upload via .wave extension bypass, SNI-based FTP protocol smuggling through HTTPS, Apache mod_vhost_alias docroot override via Host header, unescaped-dot SSRF regex allowlist bypass, PHP eval regex bypass via current(getallheaders()), Python f-string format injection blind extraction, CSP bypass via attacker-controlled mime-type for same-origin scripts, React __reactInternalInstance$ component state extraction, PHP parse_str() variable injection, SQLi inline comment multi-field split, PHP full-width dollar regex anchor bypass, MySQL REGEXP byte-by-byte oracle with backtick comment bypass, LDAP filter breakout with wildcard injection, Jinja2 SSTI via globals.self.exec() string concat bypass, web.py reparam() eval + subclasses with blanked builtins, Redis Lua redis.call() injection, unanchored regex command injection, Java TiedMapEntry + LazyMap reflection HashMap patch, X-Forwarded-Host CDN template fetch cache poisoning, std::unordered_set bucket collision auth bypass, AES cookie length-field truncation + CRC32 swap, multi-slash URL path.startswith bypass, Xalan XSLT math:random() seed guess, SoapClient _user_agent CRLF HTTP method smuggling, gopher:/// no-host URL scheme bypass, SSRF credential leak via attacker-specified outbound URL, nodeprep.prepare Unicode homograph username collision, PHP (int) cast leading-number path traversal, recursive-replace ....// traversal, jQuery $(location.hash) CSS selector timing leak, Werkzeug SecureCookie pickle RCE after SECRET_KEY leak, PHP create_function string interpolation RCE, php://input + NULL-byte + ~ bitwise base64 filter bypass, SVG XXE via svglib-to-PNG pipeline, strpos substring-match blacklist bypass, ExpressionEngine FileManager ORDER BY sort-key SQLi, EXIF ImageDescription shell injection via exiftool, SRP A=0/A=N auth bypass, ArangoDB AQL MERGE injection, .phar extension upload bypass, vsftpd 2.3.4 smiley backdoor (CVE-2011-2523), colon/newline injection in string-separator serialization, PHP unserialize double-URL-encode curl LFI, Python pickle RCE wrapped in ROT13(Base64), SQLite UNION via X-Forwarded-For PHPSESSID oracle, quote-adjacent UNION filter bypass, AMQP/TLS interception via sslsplit + arpspoof, CairoSVG XXE via oversized width, Bazaar (.bzr) repository reconstruction, WordPress RevSlider upload + MySQL load_file() SSH pivot (CVE-2014-9734), User-Agent-gated robots.txt, PHP log()/INF math equality + recursive urldecode, CloudFlare cache poisoning via .js username + stored SVG XSS |
| ctf-pwn | 18 | Buffer overflow, ROP chains, ret2csu, ret2vdso, vsyscall ROP PIE bypass, bad char XOR bypass, exotic gadgets (BEXTR/XLAT/STOSB/PEXT), stack pivot (xchg r