from CTF Skills Collection1,622
Comprehensive web-exploitation playbook for CTFs: XSS, SQLi, SSTI, SSRF, XXE, JWT abuse, auth bypass, file upload chains, and web-related reconnaissance.
This skill provides a structured, practical playbook for web-focused CTF challenges. It guides the operator through recon, attack surface mapping, common vulnerability families (XSS, SQLi, SSTI, SSRF, XXE, auth flaws), and chaining techniques to escalate a small primitive into a full exploit path. The SKILL bundles quick-start commands, prioritisation heuristics, and links to in-depth notes for server-side, client-side, and auth-related vectors.
Invoke when the challenge is centred on an HTTP application, API, or browser surface — particularly when templates, tokens, identity flows, or upload/parsing features are involved. Avoid for native pwn or deep crypto unless the web interface remains the core attack vector.
Intended for agents with shell and HTTP tooling (ffuf, curl, Python). Works best with Claude Code or other agents that can run local tools for active testing.
This skill has not been reviewed by our automated audit pipeline yet.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
CTF Cryptography
Reference of cryptographic attack techniques and tools for CTF challenges (RSA, AES, ECC, lattices, PRNGs, padding oracles, and more).
