ecc
179.0k·2.3K·
Battle-tested Claude Code plugin for engineering teams — 50 agents, 188 skills, 68 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
today
affaan-mSolve CTF challenges using AI-assisted skills and multi-agent teams specialized in crypto, forensics, stego, web, pwn, reversing, OSINT, and misc categories. Automatically triage files to detect type and assign parallel solvers, track progress, submit flags, and manage live competitions under time pressure.
npx claudepluginhub mysterionrise/ctf-kitAnalyze the current challenge and suggest approaches.
Help solve cryptography challenges.
Help solve forensics challenges.
Help solve binary exploitation (pwn) challenges.
Help solve reverse engineering challenges.
Help solve steganography challenges.
Help solve web security challenges.
Analyze CTF challenge files to detect category and suggest next steps. Use when starting a new challenge, receiving unknown files, or needing triage. Triggers: file, strings, xxd, binwalk output, unknown binaries, .bin .dat .raw .enc files, "what is this file", "analyze this", "identify challenge type". Routes to crypto/forensics/stego/web/pwn/ reverse/osint/misc skills based on detection.
Manage a live CTF competition with an agent team. Auto-triages challenges, assigns them to teammates, and tracks progress. Use during live CTF competitions when you have multiple challenges to solve in parallel. Triggers: "competition mode", "live CTF", "start competition", "manage CTF", "assign challenges". Requires agent teams enabled.
Solve CTF cryptography challenges including encryption, hashing, and encoding. Use when you see: Base64 (trailing ==), hex strings (32/40/64 chars for MD5/SHA1/SHA256), RSA parameters (n=, e=, c=, p=, q=), XOR-encrypted data, .pem .key .enc files, classical ciphers (Caesar, Vigenere, substitution), encoding chains, or "crack this hash". Tools: xortool, hashid, hashcat, john, RsaCtfTool, openssl.
Submit and validate CTF flags. Saves the flag to flag.txt, marks the challenge as solved, and validates against expected flag formats. Triggers: "submit flag", "found the flag", "flag is", "capture flag", "got the flag", "flag{", "CTF{", "picoCTF{".
Solve CTF forensics challenges: memory dumps, network captures, disk images, and file carving. Use when you see: .vmem .raw .dmp memory dumps, .pcap .pcapng network captures, .dd .E01 disk images, or embedded/hidden files. Triggers: "memory dump", "packet capture", "disk image", "file carving", "deleted files", "volatility". Tools: volatility3, binwalk, foremost, tshark, sleuthkit. NOT for steganography (use stego) or binary exploitation (use pwn).
Set competition context for the current challenge directory. Initializes .ctf/ folder, detects files, guesses category, and saves metadata. Use when starting work on a new challenge, entering a challenge directory, or setting up context for AI analysis. Triggers: "start challenge", "set context", "initialize challenge", "ctf here", "begin working on", "new challenge".
Solve CTF misc challenges: encoding chains, esoteric programming languages, QR codes, logic puzzles, and anything that doesn't fit crypto/forensics/stego/web/pwn/reverse/osint. Use when you see: Brainfuck (+[->), Ook!, Whitespace, JSFuck, QR/barcodes, multi-layer encoding (Base64->hex->ROT13), or "what encoding is this". Triggers: "decode this", "esoteric language", "QR code", "barcode", "encoding chain", "CyberChef", unusual character sets. Tools: CyberChef, zbarimg, dcode.fr, online interpreters.
Solve CTF OSINT (open source intelligence) challenges: username enumeration, domain recon, social media investigation, geolocation from images, and public records research. Use when given a username, email, domain, or photo to investigate. Triggers: "find this person", "username lookup", "who is", "geolocation", "reverse image search", "EXIF GPS", "whois", "domain recon", "social media". Tools: sherlock, theHarvester, exiftool, whois, dig. NOT for web app exploitation (use web).
Solve CTF binary exploitation (pwn) challenges: buffer overflows, format strings, ROP chains, heap exploitation, and shellcoding. Use when given ELF/PE binaries with a remote service to exploit. Triggers: "buffer overflow", "format string", "ROP", "shellcode", "checksec", "NX", "canary", "PIE", "GOT overwrite", "ret2libc", pwntools scripts, .elf files, nc/netcat connection targets. Tools: checksec, ROPgadget, pwntools, gdb, one_gadget. NOT for static reverse engineering (use reverse).
Solve CTF reverse engineering challenges: disassembly, decompilation, key/password finding, algorithm analysis, and anti-debug bypass. Use when given binaries to analyze statically — crackmes, keygens, obfuscated code. Triggers: .exe .elf .apk .jar .pyc files, "disassemble", "decompile", "keygen", "crackme", "find the password", "anti-debugging", radare2/Ghidra output, assembly code. Tools: radare2, Ghidra, objdump, ltrace, strace, jadx, uncompyle6. NOT for exploitation/pwn (use pwn) or malware triage (use forensics).
Show CTF challenge or competition progress dashboard. Displays challenge metadata, file listing, solve status, and points. For competition directories, shows an overview of all challenges. Triggers: "show status", "progress", "dashboard", "how many solved", "challenge status", "competition overview", "scoreboard".
Solve CTF steganography challenges: hidden data in images, audio, and media files. Use when you see: .png .jpg .bmp .gif images, .wav .mp3 .flac audio, or suspect LSB encoding, appended data after EOF, hidden metadata, spectrogram messages. Triggers: "hidden message", "LSB", "steganography", "hidden in image", "zsteg", "steghide", "exiftool". Tools: zsteg, steghide, exiftool, binwalk, stegsolve. NOT for file carving from disk images (use forensics).
Orchestrate a multi-agent team to solve a CTF challenge. Use when a challenge is complex enough to benefit from parallel investigation — multiple possible approaches, layered encoding, or unclear category. Spawns 3 specialized teammates based on triage results. Each teammate gets a focused role within the detected category. Requires agent teams enabled (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1). Triggers: "team solve", "parallel solve", "spawn team", "multi-agent", "use a team for this".
Solve CTF web security challenges: SQL injection, XSS, authentication bypass, SSTI, path traversal, and source code audit. Use when given a URL, web app source code, or HTTP traffic. Triggers: .php .html .js files, "SQL injection", "XSS", "SSTI", "LFI", "RFI", "cookie", "JWT", "robots.txt", "directory enumeration", http:// or https:// targets. Tools: sqlmap, gobuster, ffuf, nikto, burpsuite. NOT for network packet analysis (use forensics).
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Comprehensive PR review agents specializing in comments, tests, error handling, type design, code quality, and code simplification
Develop, test, build, and deploy Godot 4.x games with Claude Code. Includes GdUnit4 testing, web/desktop exports, CI/CD pipelines, and deployment to Vercel/GitHub Pages/itch.io.
Uses power tools
Uses Bash, Write, or Edit tools
Share bugs, ideas, or general feedback.
Battle-tested Claude Code plugin for engineering teams — 50 agents, 188 skills, 68 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
affaan-mUpstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge.
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge.
Sign in to claim