ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

v1.0.0
GitHub

Sobre este Skill

Cenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumo localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Recursos

CTF stego methodology
CRITICAL — never Read an unvalidated image
Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:
run tool("file", "/path/to/image")
run tool("identify", "/path/to/image") # ImageMagick

# Tópicos principais

for Claude Code ai-assistant ai-hacking blue-team bug-bounty claude-code
26zl 26zl
[2]
[0]
Atualizado: 4/30/2026

Skill Overview

Start with fit, limitations, and setup before diving into the repository.

Cenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumo localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Por que usar essa habilidade

Recomendacao: ctf-stego helps agents ctf stego methodology. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. This AI agent skill supports Claude

Melhor para

Cenario recomendado: Ideal for AI agents that need ctf stego methodology.

Casos de Uso Práticos for ctf-stego

Caso de uso: Applying CTF stego methodology
Caso de uso: Applying CRITICAL — never Read an unvalidated image
Caso de uso: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

! Segurança e Limitações

  • Limitacao: Only Read the image after both checks pass.
  • Limitacao: Validate first: Only Read the image after both checks pass
  • Limitacao: Requires repository-specific context from the skill documentation

About The Source

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Demo Labs

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ e etapas de instalação

These questions and steps mirror the structured data on this page for better search understanding.

? Perguntas frequentes

O que é ctf-stego?

Cenario recomendado: Ideal for AI agents that need ctf stego methodology. Resumo localizado: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Como instalar ctf-stego?

Execute o comando: npx killer-skills add 26zl/cybersec-toolkit. Ele funciona com Cursor, Windsurf, VS Code, Claude Code e mais de 19 outros IDEs.

Quais são os casos de uso de ctf-stego?

Os principais casos de uso incluem: Caso de uso: Applying CTF stego methodology, Caso de uso: Applying CRITICAL — never Read an unvalidated image, Caso de uso: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:.

Quais IDEs são compatíveis com ctf-stego?

Esta skill é compatível com Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use a CLI do Killer-Skills para uma instalação unificada.

ctf-stego tem limitações?

Limitacao: Only Read the image after both checks pass.. Limitacao: Validate first: Only Read the image after both checks pass. Limitacao: Requires repository-specific context from the skill documentation.

Como instalar este skill

  1. 1. Abra o terminal

    Abra o terminal ou linha de comando no diretório do projeto.

  2. 2. Execute o comando de instalação

    Execute: npx killer-skills add 26zl/cybersec-toolkit. A CLI detectará sua IDE ou agente automaticamente e configurará a skill.

  3. 3. Comece a usar o skill

    O skill já está ativo. Seu agente de IA pode usar ctf-stego imediatamente no projeto atual.

! Source Notes

This page is still useful for installation and source reference. Before using it, compare the fit, limitations, and upstream repository notes above.

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

ctf-stego

Install ctf-stego, an AI agent skill for AI agent workflows and automation. Explore features, use cases, limitations, and setup guidance.

SKILL.md
Readonly
Upstream Repository Material
The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.
Upstream Source

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

TechniqueTool / approach
LSB in pixelszsteg (PNG/BMP), stegsolve
EOF data after IEND/EOIbinwalk -e, manual hex
JPG specificsteghide extract -sf <file> (often with empty pass), stegseek for brute
PNG color planesstegsolve (visual layer toggle)
LSB matching, customzsteg -a, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)binwalk, foremost
File appended after IEND chunk (PNG)pngcheck -v, manual carve
Modified/extra chunkspngcheck -v, pngcsum
Width/height tampering (PNG)edit IHDR width/height, recalc CRC — tweakpng style
bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

TechniqueTool
LSB in sampleswavsteg, custom python
Steghide payloadsteghide, stegseek
Spectrogram (visual hidden in freq domain)audacity view spectrogram, sonic-visualiser
DTMF tonesmultimon-ng -a DTMF, manual tone analysis
Morselisten by ear, then morse-decoder or manual
SSTV (slow-scan TV in audio)qsstv, slowrx
bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

TechniqueTool
Zero-width characterszwsp-steg, manual unicode inspect
Whitespace stegosnow, stegsnow
Homoglyph substitutionunicode normalize + diff
Base-N nested encodingsciphey, manual
Bacon / null ciphermanual + dcode.fr
bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

  • PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
  • Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
  • QR / barcode: zbarimg, zxing — also try partial QR reconstruction
  • DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

  1. exiftool + strings + binwalk -e always first
  2. If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
  3. If audio → spectrogram view
  4. If nothing obvious → stegsolve GUI for visual analysis
  5. If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

  • LSB scripts when zsteg exists
  • Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
  • Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

Habilidades Relacionadas

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

Ver tudo

openclaw-release-maintainer

Logo of openclaw
openclaw

Resumo localizado: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
Inteligência Artificial

widget-generator

Logo of f
f

Resumo localizado: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor, and

149.6k
0
Inteligência Artificial

flags

Logo of vercel
vercel

Resumo localizado: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
Navegador

pr-review

Logo of pytorch
pytorch

Resumo localizado: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
Desenvolvedor