Stats
Actions
Tags
From cybersec-toolkit
Solves CTF cryptography challenges with a decision tree covering RSA attacks, symmetric cipher identification, classical cipher decoding, hash extension, and elliptic curve weaknesses. Triggers on crypto keywords, ciphertext descriptions, or decrypt requests.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:ctf-cryptoThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Tool-first: use `suggest_for_ctf("crypto")` first, then this checklist for depth.
Tool-first: use suggest_for_ctf("crypto") first, then this checklist for depth.
file <input>
xxd <input> | head -50
strings <input> | head -50
.pem, .pub → public key crypto (RSA/ECC)BEGIN CERTIFICATE → x509 — extract pubkey with openssl x509 -in cert -pubkey -nooutExtract n, e, c:
openssl rsa -in pubkey.pem -pubin -text -noout
Then route by what n and e look like:
| Symptom | Attack | Tool |
|---|---|---|
Small e (3, 5), small message | Cube root attack | RsaCtfTool, python3 -c "from gmpy2 import iroot..." |
n factorable on FactorDB | Factor + decrypt | RsaCtfTool --uncipher c -n n -e e |
Two ciphertexts, same n, coprime e | Common modulus | RsaCtfTool --attack commonmodulus |
Multiple users, small e=k, k pubkeys | Håstad broadcast | RsaCtfTool --attack hastads |
Close p and q | Fermat factorization | RsaCtfTool --attack fermat |
Wiener-applicable (d small) | Wiener's | RsaCtfTool --attack wiener |
Partial p known | Coppersmith | sage / RsaCtfTool --attack boneh_durfee |
Same m, two keys | Common plaintext | manual gcd |
Default first move: throw n at FactorDB (run_tool("curl", "http://factordb.com/api?query=<n>")) and at RsaCtfTool with all attacks enabled.
| Symptom | Attack | Tool |
|---|---|---|
| ECB mode (identical blocks) | Block-shuffle / chosen plaintext | manual python with Crypto.Cipher |
| CBC + bit-flipping with padding oracle | Padding oracle | padbuster, custom python |
| CTR/OFB with key reuse | XOR streams (crib drag) | xortool |
| Stream cipher reused key | Crib drag | xortool -l <len> |
| AES-GCM nonce reuse | Forbidden attack | nonce-disrespect (clone if not in registry) |
# Auto-detect
echo "ciphertext" | python3 -c "import sys; from cryptanalysis import all_decoders; ..."
Tools in registry: cipey, ciphey (auto-decode), quipqiup (substitution), dcode.fr (web), cryptii.com (web). For classical/Caesar/Vigenère: try ciphey first.
| Symptom | Attack |
|---|---|
| Length-extension on MD5/SHA1/SHA256 | hash_extender, hashpump |
| Hash with collision (MD5 chosen-prefix) | hashclash |
| Weak hash + known structure | hashcat with mask |
sage for any non-trivial ECC. Install if missing.If you see modular linear equations, low-density knapsacks, or HNP-shaped problems — go to sage with fpylll or flatter. The pattern: small unknowns, lots of equations, modular constraint.
<comp>{...} or platform-specific formatUse the writeup-template skill.
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitPerforms cryptanalysis for CTF and pentest engagements: lattice attacks, padding-oracle attacks, weak-RNG exploitation, signature forgery, and secret-sharing recovery over non-prime moduli.
Solves CTF cryptography challenges in binaries by identifying weak implementations, extracting keys, decrypting data. For custom ciphers, weak RNGs, algorithm identification.
Analyzes ransomware encryption algorithms like AES, RSA, ChaCha20; evaluates key management, decryption feasibility, and implementation weaknesses for recovery.