SkillHub
SkillHubagent skills marketplace
Menu
All SkillsStacksKOLHotRankings
Sign inGet Pro
Back to skills
SkillHub ClubShip Full StackFull Stack

pentest-ctf-crypto

Cryptography tools for solving CTF challenges involving ciphers, hashing, and weak encryption.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars
191
Hot score
97
Updated
March 20, 2026
Overall rating
C3.0
Composite score
3.0
Best-practice grade
B77.6

Install command

npx @skill-hub/cli install jd-opensource-joysafeter-pentest-ctf-crypto

Repository

jd-opensource/JoySafeter

Skill path: skills/pentest-ctf-crypto

Cryptography tools for solving CTF challenges involving ciphers, hashing, and weak encryption.

Open repository

Best for

Primary workflow: Ship Full Stack.

Technical facets: Full Stack.

Target audience: everyone.

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: jd-opensource.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

  • Install pentest-ctf-crypto into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
  • Review https://github.com/jd-opensource/JoySafeter before adding pentest-ctf-crypto to shared team environments
  • Use pentest-ctf-crypto for development workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

Original source / Raw SKILL.md

---
name: pentest-ctf-crypto
description: Cryptography tools for solving CTF challenges involving ciphers, hashing, and weak encryption.
---

# Pentest CTF Crypto

## Purpose
Analyze and break cryptographic implementations, including classical ciphers, RSA weak keys, and hash extensions.

## Core Workflow
1. **Cipher Identification**: Identify the type of encryption or encoding used (e.g., Base64, Caesar, RSA).
2. **Classical Cracking**: Brute-force or analyze frequency for classical ciphers using `ciphey` or online tools.
3. **RSA Attacks**: Check for common RSA weaknesses (small e, small factors) using `RsaCtfTool`.
4. **Hash Analysis**: Identify hash types and attempt cracking or length extension attacks using `hashcat` or `hashpump`.
5. **Math/Primes**: Solve mathematical problems related to cryptography using `sagemath`.

## References
- `references/tools.md`
- `references/workflows.md`


---

## Referenced Files

> The following files are referenced in this skill and included for context.

### references/tools.md

```markdown
# Cryptography Tools (Pentest MCP)

## Common response fields
- success: boolean
- stdout, stderr: command output
- recovery_info: recovery actions applied (when present)

## RSA and Asymmetric Crypto

- RsaCtfTool_attack(public_key, cipher="", attack_type="", additional_args=""): Automated RSA attacks (factordb, wiener, hastads, fermat, boneh_durfee, etc.).
- openssl_rsa_analyze(key_file, additional_args=""): Extract RSA key parameters (n, e, d) for manual analysis.
- factordb_lookup(n): Check if modulus n is already factored in FactorDB.

## Hash and MAC Attacks

- hashpump_attack(signature, data, key_length, append_data, additional_args=""): Hash length extension attacks (MD5, SHA1, SHA256).
- hashcat_crack(hash_file, hash_type, attack_mode="0", wordlist="/usr/share/wordlists/rockyou.txt", mask="", additional_args=""): GPU hash cracking.
- john_crack(hash_file, wordlist="/usr/share/wordlists/rockyou.txt", format_type="", additional_args=""): CPU hash cracking with rules.
- hash_identifier(hash_string): Identify hash type from sample.

## Classical Ciphers

- ciphey_auto_decrypt(ciphertext): Automated cipher detection and decryption (Caesar, Vigenere, Base64, etc.).
- xortool_analyze(file_path, key_length="", args=""): XOR key analysis and brute-force.
- featherduster_analyze(ciphertext): Automated classical crypto analysis.

## Encoding and Decoding

- base64_decode(data): Standard Base64 decoding.
- base_decode(data, base=64): Decode various bases (32, 58, 85, etc.).
- rot_decode(data, shift=13): ROT-N decryption.

## Math and Prime Analysis

- sagemath_execute(script_content): Run SageMath scripts for number theory (CRT, modular arithmetic, elliptic curves).
- factorize(n): Attempt to factor large integers using various methods.
- discrete_log(g, h, p): Solve discrete logarithm problems.

## JWT and Token Attacks

- jwt_analyzer(jwt_token, target_url=""): Analyze JWT structure, algorithm confusion, and weak secrets.
- jwt_tool_attack(jwt_token, attack_type="none_alg", wordlist=""): JWT attacks (none algorithm, key confusion, brute-force).

## Padding Oracle

- padding_oracle_attack(url, cipher_param, block_size=16, additional_args=""): Automated padding oracle exploitation.

## Fallback execution

- execute_command(command, use_cache=True): Run crypto tools not exposed as MCP endpoints (e.g., `sage`, `openssl`).

```

### references/workflows.md

```markdown
# Cryptography Workflows

## 1. RSA CTF Challenge Workflow

### When to use
- Given: public key (n, e) and ciphertext
- Goal: Decrypt the flag

### Steps
1. **Extract key parameters**: Use `openssl_rsa_analyze` or manual parsing to get n and e.
2. **Check FactorDB**: Use `factordb_lookup(n)` to see if n is already factored.
3. **Run RsaCtfTool**: Use `RsaCtfTool_attack(public_key, cipher)` with automatic attack selection.
4. **If fails, try specific attacks**:
   - Small e (e=3): Cube root attack
   - Close primes: Fermat factorization
   - Large e: Wiener/Boneh-Durfee
   - Multiple keys: Common modulus attack
5. **Decrypt**: Once factors (p, q) are found, compute d and decrypt.

---

## 2. Hash Length Extension Workflow

### When to use
- Given: MAC = H(secret || message), length of secret, original message
- Goal: Forge valid MAC for extended message

### Steps
1. **Identify hash type**: Check if MD5, SHA1, or SHA256 (vulnerable types).
2. **Determine secret length**: May need to brute-force (8-32 bytes typical).
3. **Run hashpump**: `hashpump_attack(signature, data, key_length, append_data)`
4. **Submit forged payload**: Use the new signature and padded message.

---

## 3. Classical Cipher Breaking Workflow

### When to use
- Given: Ciphertext that looks like encoded/encrypted text
- Goal: Recover plaintext

### Steps
1. **Auto-detect with Ciphey**: `ciphey_auto_decrypt(ciphertext)` handles most common cases.
2. **If XOR suspected**: Use `xortool_analyze` to guess key length and recover key.
3. **If substitution cipher**: Frequency analysis + manual tweaking.
4. **If Vigenere**: Kasiski examination or known plaintext attack.

---

## 4. JWT Attack Workflow

### When to use
- Given: JWT token from web application
- Goal: Bypass authentication or escalate privileges

### Steps
1. **Analyze structure**: `jwt_analyzer(token)` to see header, payload, algorithm.
2. **Check for "none" algorithm**: Try `jwt_tool_attack(token, "none_alg")`.
3. **Check for algorithm confusion**: RS256 → HS256 with public key as secret.
4. **Brute-force weak secrets**: `jwt_tool_attack(token, "brute", wordlist)`.

---

## 5. Padding Oracle Workflow

### When to use
- Given: Encrypted cookie/parameter, server responds differently to padding errors
- Goal: Decrypt ciphertext or forge new values

### Steps
1. **Confirm oracle**: Send modified ciphertext, check for distinct error responses.
2. **Run automated attack**: `padding_oracle_attack(url, param, block_size)`.
3. **Decrypt block by block**: Tool will recover plaintext and allow forging.

```