Что такое ctf-stego?

Подходящий сценарий: Ideal for AI agents that need ctf stego methodology. Локализованное описание: Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking. It covers ai-assistant, ai-hacking, blue-team workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

Как установить ctf-stego?

Выполните команду: npx killer-skills add 26zl/cybersec-toolkit. Она работает с Cursor, Windsurf, VS Code, Claude Code и более чем 19 другими IDE.

Для чего можно использовать ctf-stego?

Ключевые сценарии использования: Сценарий использования: Applying CTF stego methodology, Сценарий использования: Applying CRITICAL — never Read an unvalidated image, Сценарий использования: Applying Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:.

Какие IDE совместимы с ctf-stego?

Этот навык совместим с Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Для единой установки используйте CLI Killer-Skills.

Есть ли ограничения у ctf-stego?

Ограничение: Only Read the image after both checks pass.. Ограничение: Validate first: Only Read the image after both checks pass. Ограничение: Requires repository-specific context from the skill documentation.

ctf-stego

Install ctf-stego, an AI agent skill for AI agent workflows and automation. Explore features, use cases, limitations, and setup guidance.

SKILL.md

Readonly

Upstream Repository Material

The section below comes from the upstream repository. Use it as supporting material alongside the fit, use-case, and installation summary on this page.

Upstream Source

CTF stego methodology

Name: ctf-stego
Availability: InStock
Author: 26zl

0. CRITICAL — never `Read` an unvalidated image

Per CLAUDE.md: reading a corrupt image poisons the conversation. Validate first:

bash
1run_tool("file", "/path/to/image")
2run_tool("identify", "/path/to/image")     # ImageMagick
3# or run_script:
4# from PIL import Image; img = Image.open(path); print(img.size, img.mode)

Only Read the image after both checks pass.

1. Triage every input

bash
1file <file>
2xxd <file> | head -30
3exiftool <file>            # metadata — flag often hides here
4strings <file> | grep -i "ctf\|flag\|key\|pass" | head
5binwalk <file>             # multi-file polyglots

Always check metadata first. ~30% of intro stego is just exiftool.

2. Image (PNG / JPG / BMP / GIF)

Technique	Tool / approach
LSB in pixels	`zsteg` (PNG/BMP), `stegsolve`
EOF data after IEND/EOI	`binwalk -e`, manual hex
JPG specific	`steghide extract -sf <file>` (often with empty pass), `stegseek` for brute
PNG color planes	`stegsolve` (visual layer toggle)
LSB matching, custom	`zsteg -a`, then write custom Python with PIL
Polyglot (file with valid headers for multiple formats)	`binwalk`, `foremost`
File appended after IEND chunk (PNG)	`pngcheck -v`, manual carve
Modified/extra chunks	`pngcheck -v`, `pngcsum`
Width/height tampering (PNG)	edit IHDR width/height, recalc CRC — `tweakpng` style

bash
1# zsteg covers most LSB cases for PNG/BMP
2zsteg -a image.png
3
4# steghide brute (jpg/wav/bmp)
5stegseek image.jpg rockyou.txt
6
7# Multi-tool sweep
8stegsolve image.png        # GUI, manual layer toggle

3. Audio (WAV / MP3 / FLAC / OGG)

Technique	Tool
LSB in samples	`wavsteg`, custom python
Steghide payload	`steghide`, `stegseek`
Spectrogram (visual hidden in freq domain)	`audacity` view spectrogram, `sonic-visualiser`
DTMF tones	`multimon-ng -a DTMF`, manual tone analysis
Morse	listen by ear, then `morse-decoder` or manual
SSTV (slow-scan TV in audio)	`qsstv`, `slowrx`

bash
1# Spectrogram via sox
2sox audio.wav -n spectrogram -o spec.png
3# Then validate spec.png before reading (see step 0)
4
5# DTMF
6multimon-ng -a DTMF audio.wav

4. Video / GIF

bash
1# Extract frames
2ffmpeg -i video.mp4 -vf fps=1 frames/frame_%04d.png
3
4# Per-frame stego
5for f in frames/*.png; do zsteg -a "$f" 2>/dev/null | grep -i "flag\|ctf"; done
6
7# Audio track
8ffmpeg -i video.mp4 -vn audio.wav
9# Then audio analysis

5. Text / Unicode

Technique	Tool
Zero-width characters	`zwsp-steg`, manual unicode inspect
Whitespace stego	`snow`, `stegsnow`
Homoglyph substitution	unicode normalize + diff
Base-N nested encodings	`ciphey`, manual
Bacon / null cipher	manual + dcode.fr

bash
1# Show every character including invisibles
2python3 -c "import sys; [print(repr(c), hex(ord(c))) for c in open(sys.argv[1]).read()]" file.txt

6. Less common

PDF: pdf-parser, peepdf, qpdf --qdf — check streams, annotations, JS, attachments
Office docs: oletools (olevba, oleid), oledump, unzip the .docx/.xlsx
QR / barcode: zbarimg, zxing — also try partial QR reconstruction
DNA/protein sequences: ROT/encoding tricks, decode A/C/G/T as base-4

7. Default workflow

exiftool + strings + binwalk -e always first
If image → zsteg -a (PNG/BMP) OR stegseek (JPG)
If audio → spectrogram view
If nothing obvious → stegsolve GUI for visual analysis
If still nothing → metadata might encode the answer (look at GPS, comment, software field)

8. Don't waste time on

LSB scripts when zsteg exists
Manually viewing spectrograms in matplotlib when audacity/sonic-visualiser exist
Reading the image with Read before validation (see step 0)

After solve

Use the writeup-template skill.

ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

# Ключевые темы

Skill Overview

Зачем использовать этот навык

Подходит лучше всего

↓ Реализуемые кейсы использования for ctf-stego

! Безопасность и ограничения

About The Source

Browser Sandbox Environment

⚡️ Ready to unleash?

FAQ и шаги установки

? Частые вопросы

Что такое ctf-stego?

Как установить ctf-stego?

Для чего можно использовать ctf-stego?

Какие IDE совместимы с ctf-stego?

Есть ли ограничения у ctf-stego?

↓ Как установить этот skill

! Source Notes

Upstream Repository Material

ctf-stego

CTF stego methodology

0. CRITICAL — never `Read` an unvalidated image

1. Triage every input

2. Image (PNG / JPG / BMP / GIF)

3. Audio (WAV / MP3 / FLAC / OGG)

4. Video / GIF

5. Text / Unicode

6. Less common

7. Default workflow

8. Don't waste time on

After solve

Связанные навыки

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

openclaw-release-maintainer

widget-generator

flags

pr-review

ctf-stego — for Claude Code ctf-stego, cybersec-toolkit, community, for Claude Code, ide skills, ai-assistant, ai-hacking, blue-team, bug-bounty, claude-code

Об этом навыке

Возможности

# Ключевые темы

Skill Overview

Зачем использовать этот навык

Подходит лучше всего

↓ Реализуемые кейсы использования for ctf-stego

! Безопасность и ограничения

About The Source

Browser Sandbox Environment

⚡️ Ready to unleash?

FAQ и шаги установки

? Частые вопросы

Что такое ctf-stego?

Как установить ctf-stego?

Для чего можно использовать ctf-stego?

Какие IDE совместимы с ctf-stego?

Есть ли ограничения у ctf-stego?

↓ Как установить этот skill

! Source Notes

Upstream Repository Material

ctf-stego

CTF stego methodology

0. CRITICAL — never Read an unvalidated image

1. Triage every input

2. Image (PNG / JPG / BMP / GIF)

3. Audio (WAV / MP3 / FLAC / OGG)

4. Video / GIF

5. Text / Unicode

6. Less common

7. Default workflow

8. Don't waste time on

After solve

Связанные навыки

Looking for an alternative to ctf-stego or another community skill for your workflow? Explore these related open-source skills.

openclaw-release-maintainer

widget-generator

flags

pr-review

0. CRITICAL — never `Read` an unvalidated image