ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

v1.0.0
GitHub

About this Skill

Ideal for AI agents that need ctf stego methodology. ctf-stego is an AI agent skill for ctf stego methodology.

Features

CTF stego methodology
CRITICAL — never Read an unvalidated image
Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:
run tool("file", "/path/to/image")
run tool("identify", "/path/to/image") # ImageMagick

# Core Topics

for Claude Code ai-assistant ai-hacking blue-team bug-bounty claude-code
26zl 26zl
[2]
[0]
Updated: 4/30/2026

Skill Overview

Start with fit, limitations, and setup before diving into the repository.

Ideal for AI agents that need ctf stego methodology. ctf-stego is an AI agent skill for ctf stego methodology.

Core Value

ctf-stego helps agents ctf stego methodology. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Ideal Agent Persona

Ideal for AI agents that need ctf stego methodology.

Capabilities Granted for ctf-stego

Applying CTF stego methodology
Applying CRITICAL — never Read an unvalidated image
Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

! Prerequisites & Limits

  • Only Read the image after both checks pass.
  • Validate first: Only Read the image after both checks pass
  • Requires repository-specific context from the skill documentation

About The Source

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is ctf-stego?

Ideal for AI agents that need ctf stego methodology. ctf-stego is an AI agent skill for ctf stego methodology.

How do I install ctf-stego?

Run the command: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for ctf-stego?

Key use cases include: Applying CTF stego methodology, Applying CRITICAL — never Read an unvalidated image, Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:.

Which IDEs are compatible with ctf-stego?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for ctf-stego?

Only Read the image after both checks pass.. Validate first: Only Read the image after both checks pass. Requires repository-specific context from the skill documentation.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add 26zl/cybersec-toolkit/ctf-stego. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use ctf-stego immediately in the current project.

! Source Notes

This page is still useful for installation and source reference. Before using it, compare the fit, limitations, and upstream repository notes above.

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

ctf-stego

Install ctf-stego, an AI agent skill for AI agent workflows and automation. Explore features, use cases, limitations, and setup guidance.

SKILL.md
Readonly
Upstream Repository Material
The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.
Upstream Source

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

TechniqueTool / approach
LSB in pixelszsteg (PNG/BMP), stegsolve
EOF data after IEND/EOIbinwalk -e, manual hex
JPG specificsteghide extract -sf <file> (often with empty pass), stegseek for brute
PNG color planesstegsolve (visual layer toggle)
LSB matching, customzsteg -a, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)binwalk, foremost
File appended after IEND chunk (PNG)pngcheck -v, manual carve
Modified/extra chunkspngcheck -v, pngcsum
Width/height tampering (PNG)edit IHDR width/height, recalc CRC — tweakpng style
bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

TechniqueTool
LSB in sampleswavsteg, custom python
Steghide payloadsteghide, stegseek
Spectrogram (visual hidden in freq domain)audacity view spectrogram, sonic-visualiser
DTMF tonesmultimon-ng -a DTMF, manual tone analysis
Morselisten by ear, then morse-decoder or manual
SSTV (slow-scan TV in audio)qsstv, slowrx
bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

TechniqueTool
Zero-width characterszwsp-steg, manual unicode inspect
Whitespace stegosnow, stegsnow
Homoglyph substitutionunicode normalize + diff
Base-N nested encodingsciphey, manual
Bacon / null ciphermanual + dcode.fr
bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

  • PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
  • Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
  • QR / barcode: zbarimg, zxing — also try partial QR reconstruction
  • DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

  1. exiftool + strings + binwalk -e always first
  2. If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
  3. If audio → spectrogram view
  4. If nothing obvious → stegsolve GUI for visual analysis
  5. If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

  • LSB scripts when zsteg exists
  • Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
  • Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

Related Skills

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

View All

openclaw-release-maintainer

Logo of openclaw
openclaw

openclaw-release-maintainer is an AI agent skill for openclaw release maintainer.

333.8k
0
AI

widget-generator

Logo of f
f

Generate customizable widget plugins for the prompts.chat feed system

149.6k
0
AI

flags

Logo of vercel
vercel

flags is an AI agent skill for use this skill when adding or changing framework feature flags in next.js internals.

138.4k
0
Browser

pr-review

Logo of pytorch
pytorch

pr-review is an AI agent skill for pytorch pr review skill.

98.6k
0
Developer