redcap-imhex

redcap

A Claude Code skill suite for offensive and defensive device research. Named for the folklore redcap — a goblin that dips its hat in the blood of its victims. This suite dips its pointer into whichever sibling skill best fits the task.

Use it to:

• Unlock engineering / factory modes on devices you own
• Extract and analyze device firmware
• Audit advertised features against actual compile-time state (the "was 5G really supported?" test)
• Detect FCC-filing gaps for consumer hardware
• Reverse engineer Android apps, decompile APKs, trace call flows
• Look up offensive-security payloads for authorized testing
• Run autonomous pentests on CTF / HTB / authorized targets
• Compare systems to hardening baselines (STIG, CIS, PCI-DSS)

The suite

Skill	Purpose
redcap	Meta-dispatcher — routes intent to the right sibling
redcap-payloads	Offensive payload lookup (PayloadsAllTheThings wrapper)
redcap-imhex	Binary reverse engineering with ImHex Pattern Language
redcap-droid	Android APK decompilation + call-flow tracing
redcap-gpt	Autonomous pentest reasoning (PentestGPT subprocess)
redcap-kernel	Firmware / kernel analysis workbench
redcap-compliance	SCAP / STIG / CIS baseline audits

Install

From Claude Code:

/plugin marketplace add GITDIDDY69/redcap
/plugin install redcap@redcap
/plugin install redcap-payloads@redcap
/plugin install redcap-imhex@redcap
/plugin install redcap-droid@redcap
/plugin install redcap-gpt@redcap
/plugin install redcap-kernel@redcap
/plugin install redcap-compliance@redcap

Install only the siblings you want. The meta-skill (redcap) is useful for discovery; pin it in at minimum.

Clone upstream reference forks

Most siblings expect a user-local clone of their corresponding upstream fork:

cd ~/Documents/GitHub
gh repo clone GITDIDDY69/PayloadsAllTheThings
gh repo clone GITDIDDY69/ImHex
gh repo clone GITDIDDY69/PentestGPT
gh repo clone GITDIDDY69/linux                 # large (~4 GB, ADI variant)
gh repo clone GITDIDDY69/content               # ComplianceAsCode fork

Design

• Each sibling auto-triggers on its own description keywords. For a direct request ("find an XSS payload"), Claude invokes the sibling skill directly without bouncing through the meta.
• The meta-skill exists for ambiguous intent and for multi-sibling chains (e.g., full engineering-mode unlock on a hotspot involves redcap-payloads → redcap-droid → redcap-kernel → redcap-imhex).
• Works with or without Ultraplan. Each sibling is a dispatchable work-unit under Ultraplan decomposition. No extra wiring needed.

Legal and ethical framing

This suite is for lawful uses:

• Authorized penetration testing
• Security research on hardware and software you OWN
• Right-to-repair and consumer-rights investigation (interop analysis under DMCA §1201(f); EU Directive 2009/24/EC)
• Malware analysis and incident response
• CTF competitions and educational use
• Compliance audits of systems under your administration

You are responsible for ensuring your use complies with applicable laws and terms of service. Unauthorized reverse engineering or network access against systems you do not own or do not have permission to test may violate computer-fraud statutes, terms of service, or regulations.

Attribution

redcap-droid is adopted from SimoneAvogadro/android-reverse-engineering-skill under Apache 2.0. See NOTICE for full attribution and the list of upstream projects referenced (but not redistributed) by the other siblings.

License

Apache 2.0 — see LICENSE.