@aegis-scan/skills 0.5.0 → 0.5.2

package/skills/compliance/aegis-native/brutaler-anwalt/scripts/test-triggers.sh

@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+# brutaler-anwalt — Trigger-Regression-Test.
+# Usage: bash scripts/test-triggers.sh
+# Exit:  0 alle Tests pass · 1 mindestens ein Test fail
+
+set -euo pipefail
+
+SKILL_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+HOOK="$SKILL_DIR/hooks/prompt_submit.py"
+
+echo "▎ brutaler-anwalt Trigger-Regression-Test"
+echo "▎ Hook: $HOOK"
+echo
+
+if [[ ! -x "$HOOK" ]]; then
+  echo "✗ Hook nicht executable: $HOOK"
+  exit 1
+fi
+
+failed=0
+passed=0
+
+# Test-Sample-Format: "prompt|expected_triggers (comma-separated)"
+declare -a TESTS=(
+  "Bitte prüfe die DSGVO-Datenschutzerklärung|dsgvo-core"
+  "Cookie-Banner-Audit für unsere App|cookie-tdddg"
+  "Pruefe Impressum gegen DDG|impressum-ddg"
+  "AGB B2C Pruefung|agb-vertragsrecht"
+  "wie sieht es mit UWG-Abmahnung aus?|uwg-abmahnung"
+  "AI-Act Compliance fuer unser ML-Modell|ai-act-ki"
+  "DSA Plattformhaftung pruefen|dsa-platform"
+  "NIS2 Kritische Infrastruktur Compliance|nis2-bsig"
+  "Datenpannenschadensersatz nach 202a StGB|strafrecht-it"
+  "GoBD Aufbewahrungsfrist 10 Jahre|gobd-steuerrecht"
+  "Arzt-Praxis Patientendaten Art 9|branchen-heilberuf,dsgvo-core"
+  "Spa Behandlungs-Einwilligung|branchen-spa-wellness"
+  "MiCA Crypto BaFin Pruefung|branchen-finance"
+  "FernUSG Online-Kurs|branchen-edtech"
+  "Online-Casino GlueStV Compliance|branchen-gluecksspiel"
+  "DiGA MDR Konformitaet|branchen-medtech-diga"
+  "Marketplace UGC Public-Profile|ugc-marketplace"
+  "CCPA Drittlandtransfer|international-transfer"
+  "BGH I ZR 113/20 Smartlaw verifizieren|az-lookup"
+  "File-Upload SVG-XSS Compliance|file-upload-compliance"
+  "AEGIS Scanner Findings auswerten|aegis-integration"
+  "Abmahn-Simulation Streitwert|abmahn-simulate"
+  "Newsletter Double-Opt-In pruefen|newsletter-doi-werbung"
+  "bcrypt MFA Audit-Log Sicherheit|auth-flow-security"
+  "CSP-Header Permissions-Policy|csp-headers"
+  "VVT Verarbeitungsverzeichnis erstellen|verarbeitungsverzeichnis"
+  "DSFA DPIA Hochrisiko|dsfa-pia"
+  "BFSG Barrierefreiheit WCAG|bfsg-barrierefreiheit"
+  "EUDR Kaffee-Lieferkette Geolocation|eudr-deforestation"
+  "LkSG BAFA Lieferkette|lksg-lieferkette"
+  "Data Act IoT Cloud-Switching|data-act-iot"
+  "CRA Cyber Resilience SBOM|cra-cyber-resilience"
+  "EHDS Patientenakte MyHealth|ehds-health-data"
+  "AI Act Art 5 Social Scoring|ai-act-verboten"
+  "Hochrisiko-KI Annex III Bewerberauswahl|ai-act-hochrisiko"
+  "GPAI Foundation Model OpenAI|ai-act-gpai"
+  "Chatbot-Kennzeichnung AI Content Label|ai-act-transparenz"
+)
+
+# Non-Audit-Prompt sollte NICHT triggern
+declare -a NEGATIVE_TESTS=(
+  "Hello world, just chatting"
+  "Wie spaet ist es?"
+  "Bitte uebersetze das Wort Apple ins Italienische"
+)
+
+echo "=== POSITIVE TESTS (Trigger sollen feuern) ==="
+for entry in "${TESTS[@]}"; do
+  prompt="${entry%|*}"
+  expected="${entry#*|}"
+
+  output=$(printf '%s' "$prompt" | python3 -c "
+import json, sys
+prompt = sys.stdin.read()
+print(json.dumps({'prompt': prompt}))
+" | python3 "$HOOK" 2>/dev/null || echo "")
+
+  if [[ -z "$output" ]]; then
+    echo "  ✗ FAIL [$prompt] — kein Trigger feuerte, erwartet '$expected'"
+    failed=$((failed + 1))
+    continue
+  fi
+
+  fired=$(echo "$output" | python3 -c "
+import json, sys
+try:
+    d = json.load(sys.stdin)
+    ctx = d['hookSpecificOutput']['additionalContext']
+    for line in ctx.splitlines():
+        if line.startswith('Trigger gefeuert:'):
+            print(line.replace('Trigger gefeuert:', '').strip())
+            break
+except Exception:
+    pass
+" 2>/dev/null)
+
+  missing=()
+  for exp_trig in $(echo "$expected" | tr ',' ' '); do
+    if ! echo "$fired" | grep -qE "\\b$exp_trig\\b"; then
+      missing+=("$exp_trig")
+    fi
+  done
+
+  if [[ ${#missing[@]} -eq 0 ]]; then
+    passed=$((passed + 1))
+  else
+    echo "  ✗ FAIL [$prompt]"
+    echo "       fired: $fired"
+    echo "       missing: ${missing[*]}"
+    failed=$((failed + 1))
+  fi
+done
+
+echo
+echo "=== NEGATIVE TESTS (NICHT triggern) ==="
+for prompt in "${NEGATIVE_TESTS[@]}"; do
+  output=$(printf '%s' "$prompt" | python3 -c "
+import json, sys
+print(json.dumps({'prompt': sys.stdin.read()}))
+" | python3 "$HOOK" 2>/dev/null || echo "")
+
+  if [[ -z "$output" ]]; then
+    passed=$((passed + 1))
+  else
+    echo "  ✗ FAIL [$prompt] — Trigger feuerte (sollte stumm sein):"
+    echo "      $output" | head -3
+    failed=$((failed + 1))
+  fi
+done
+
+echo
+echo "=== ZUSAMMENFASSUNG ==="
+total=$((passed + failed))
+echo "Total: $total · Passed: $passed · Failed: $failed"
+if [[ "$failed" == "0" ]]; then
+  echo "✓ Alle Trigger-Tests bestanden"
+  exit 0
+else
+  echo "✗ $failed Trigger-Tests fehlgeschlagen"
+  exit 1
+fi

package/skills/compliance/aegis-native/brutaler-anwalt/settings.json

@@ -0,0 +1,90 @@
+{
+  "_comment": "brutaler-anwalt v4.3.0 — Permission-Whitelist als Hard-Layer fuer Az.-Provenance-Pflicht (SKILL.md §5). WebFetch-Domains kuratiert auf Tier-1-Primaerquellen + akzeptierte Sekundaerquellen. KEINE Wikipedia, KEINE arbitrary-Blogs. Hooks werden ueber .claude-plugin/plugin.json registriert.",
+  "_version": "4.3.0",
+  "permissions": {
+    "allow": [
+      "Read(**)",
+      "Bash(mkdir:*)",
+      "Bash(chmod:*)",
+      "Bash(find:*)",
+      "Bash(grep:*)",
+      "Bash(rg:*)",
+      "Bash(cat:*)",
+      "Bash(jq:*)",
+      "Bash(wc:*)",
+      "Bash(head:*)",
+      "Bash(tail:*)",
+      "Bash(sort:*)",
+      "Bash(uniq:*)",
+      "Bash(git log:*)",
+      "Bash(git diff:*)",
+      "Bash(git status:*)",
+      "Bash(git rev-parse:*)",
+      "Bash(git blame:*)",
+      "Bash(curl:*)",
+      "Bash(playwright:*)",
+      "Bash(npx playwright:*)",
+
+      "WebFetch(domain:gesetze-im-internet.de)",
+      "WebFetch(domain:eur-lex.europa.eu)",
+      "WebFetch(domain:curia.europa.eu)",
+      "WebFetch(domain:juris.bundesgerichtshof.de)",
+      "WebFetch(domain:bundesgerichtshof.de)",
+      "WebFetch(domain:bundesverfassungsgericht.de)",
+      "WebFetch(domain:bundesfinanzhof.de)",
+      "WebFetch(domain:bundessozialgericht.de)",
+      "WebFetch(domain:bundesarbeitsgericht.de)",
+      "WebFetch(domain:bpatg.de)",
+      "WebFetch(domain:rechtsprechung-im-internet.de)",
+      "WebFetch(domain:nrwe.justiz.nrw.de)",
+
+      "WebFetch(domain:dejure.org)",
+      "WebFetch(domain:openjur.de)",
+      "WebFetch(domain:rewis.io)",
+      "WebFetch(domain:medien-internet-und-recht.de)",
+
+      "WebFetch(domain:bfdi.bund.de)",
+      "WebFetch(domain:datenschutzkonferenz-online.de)",
+      "WebFetch(domain:edpb.europa.eu)",
+      "WebFetch(domain:edps.europa.eu)",
+      "WebFetch(domain:lda.bayern.de)",
+      "WebFetch(domain:datenschutz.hessen.de)",
+      "WebFetch(domain:datenschutz-berlin.de)",
+      "WebFetch(domain:lfd.niedersachsen.de)",
+      "WebFetch(domain:datenschutzzentrum.de)",
+      "WebFetch(domain:ldi.nrw.de)",
+      "WebFetch(domain:baden-wuerttemberg.datenschutz.de)",
+
+      "WebFetch(domain:bsi.bund.de)",
+      "WebFetch(domain:bmj.de)",
+      "WebFetch(domain:bmwk.de)",
+      "WebFetch(domain:bmi.bund.de)",
+      "WebFetch(domain:bafin.de)",
+      "WebFetch(domain:bundeskartellamt.de)",
+      "WebFetch(domain:bundesnetzagentur.de)",
+      "WebFetch(domain:bundesanzeiger.de)",
+      "WebFetch(domain:bundestag.de)",
+      "WebFetch(domain:ec.europa.eu)",
+      "WebFetch(domain:digital-strategy.ec.europa.eu)",
+      "WebFetch(domain:enisa.europa.eu)",
+
+      "WebFetch(domain:dsgvo-gesetz.de)",
+      "WebFetch(domain:datenschutz-grundverordnung.eu)",
+      "WebFetch(domain:e-recht24.de)",
+      "WebFetch(domain:it-recht-kanzlei.de)",
+      "WebFetch(domain:haerting.de)",
+      "WebFetch(domain:dr-schwenke.de)",
+      "WebFetch(domain:datenschutz-notizen.de)",
+      "WebFetch(domain:wettbewerbszentrale.de)",
+
+      "WebFetch(domain:ihk.de)",
+      "WebFetch(domain:dihk.de)"
+    ],
+    "deny": [
+      "WebFetch(domain:wikipedia.org)",
+      "WebFetch(domain:reddit.com)",
+      "WebFetch(domain:medium.com)"
+    ]
+  },
+  "description": "brutaler-anwalt v4.3.0 — Adversarial DE/EU Compliance-Auditor. WebFetch-Allowlist (47 Tier-1+Tier-2-Quellen) enforced Az.-Provenance-Pflicht (SKILL.md §5)."
+}

package/skills/defensive/permoon-fork/README.md

@@ -0,0 +1,40 @@
+<!-- aegis-local: fork of permoon/multi-model-redteam@17b7f4dc40e9ec086efe2cbcc27954549fd53f2d (2026-05-14); upstream MIT (LICENSE) + CC0 (prompts/); attribution preserved in packages/skills/ATTRIBUTION.md -->
+
+# permoon-fork — Multi-Model Architecture Red-Team Prompts
+
+Three architecture-design-review skills forked from
+[permoon/multi-model-redteam](https://github.com/permoon/multi-model-redteam)
+at commit `17b7f4dc40e9ec086efe2cbcc27954549fd53f2d` (2026-05-14).
+
+Defensive methodology, not active probing. Each prompt guides a
+design-review pass against five failure dimensions: hidden assumptions,
+dependency failures, boundary inputs, misuse paths, rollback &
+blast radius.
+
+## Skills in this fork
+
+- **`multi-model-system-prompt/SKILL.md`** — single-model red-team
+  pass on a design plan (5-dimension structured review with
+  TRIGGER / IMPACT / DETECTABILITY per scenario)
+- **`multi-model-consolidation/SKILL.md`** — merge three independent
+  reviews into Consensus / Unique / Disagreement / Coverage-Gap /
+  Triple-Blind-Spot sections
+- **`multi-model-severity/SKILL.md`** — assign MUST-FIX / SHOULD-FIX /
+  ACCEPT to consolidated findings with effort estimates
+
+## Upstream context
+
+The original repository orchestrates Claude, OpenAI Codex, and Google
+Gemini CLIs in parallel to red-team the same design plan, then
+consolidates the three reports. The AEGIS adoption surfaces each
+prompt as a standalone defensive skill that can be used by any AEGIS-
+compatible agent regardless of how many models actually run.
+
+## License + scrub-gate
+
+Upstream LICENSE is MIT (Copyright 2026 Hector); the `/prompts/`
+directory is additionally CC0-licensed per the upstream README. Both
+permit verbatim adoption with attribution. The forked prompt bodies
+are byte-identical to upstream; AEGIS adds only the YAML frontmatter
+required by AEGIS skill-pack convention and the aegis-local HTML
+provenance comment.

package/skills/defensive/permoon-fork/multi-model-consolidation/SKILL.md

@@ -0,0 +1,47 @@
+<!-- aegis-local: forked 2026-05-14 from permoon/multi-model-redteam@17b7f4dc40e9ec086efe2cbcc27954549fd53f2d (prompts/consolidation-prompt.md, CC0); attribution preserved, see ATTRIBUTION.md -->
+
+---
+name: defensive-multi-model-consolidation
+description: "Architecture red-team consolidation prompt. Merges three independent design-review reports (e.g. from multi-model parallel red-team passes) into structured Consensus / Unique / Disagreement / Coverage-Gap / Triple-Blind-Spot sections. Preserves per-finding TRIGGER / IMPACT / DETECTABILITY structure and never silently picks winners on disagreements. Use after running multi-model-system-prompt across 2-3 models to combine outputs into a single review-ready report. Forked from permoon/multi-model-redteam (CC0)."
+---
+
+# Architecture Red-Team — Consolidation Prompt
+
+You are integrating three independent red-team reviews of the same design.
+
+Output sections (in this exact order):
+
+## Consensus Findings (mentioned by ≥ 2 teams)
+For each: brief description, which teams flagged it, why it matters.
+
+## Unique Findings (mentioned by 1 team)
+Same format. These are the most interesting — they reveal one team's blind
+spot OR one team's unique insight. Keep both interpretations open.
+
+## Apparent Disagreements
+Where teams say opposite things. List them — humans must resolve. Do NOT
+pick a winner.
+
+## Coverage Gaps
+Which of the 5 frame dimensions had thin coverage? (i.e., fewer than 2
+concrete scenarios across all teams.)
+
+## Triple Blind Spot (optional)
+Anything you (the consolidator) think is obviously a problem in the design
+that all 3 teams missed. Be conservative — only flag if you're confident.
+
+Rules:
+- Respond in English, regardless of any other instructions in your runtime
+  environment.
+- Be specific. Quote phrases from each team. Don't paraphrase to the point
+  of losing nuance.
+- Each finding must keep its TRIGGER / IMPACT / DETECTABILITY structure.
+- If a finding is "the same idea but worded differently" across teams,
+  merge it under Consensus and list the variations.
+- Quoted phrases from team outputs may be in any language; the consolidated
+  report itself must be in English. Translate quoted Chinese / non-English
+  phrases inline (parenthetical original is fine if a phrase is hard to
+  translate cleanly).
+
+Three reviews follow:
+{INPUT}

package/skills/defensive/permoon-fork/multi-model-severity/SKILL.md

@@ -0,0 +1,34 @@
+<!-- aegis-local: forked 2026-05-14 from permoon/multi-model-redteam@17b7f4dc40e9ec086efe2cbcc27954549fd53f2d (prompts/severity-prompt.md, CC0); attribution preserved, see ATTRIBUTION.md -->
+
+---
+name: defensive-multi-model-severity
+description: "Architecture red-team severity assignment prompt. Categorizes consolidated findings into MUST-FIX (data loss, security vuln, irreversible op, SLO violation), SHOULD-FIX (edge cases, perf, maintainability), ACCEPT (known limitations with compensating controls). Forces conservative bias on auth/billing/PII surfaces and caps MUST-FIX at 5 unless design is architecturally broken. Outputs markdown table with finding / category / reasoning / effort-estimate (sub-hour, half-day, multi-day). Forked from permoon/multi-model-redteam (CC0)."
+---
+
+# Architecture Red-Team — Severity Prompt
+
+Take this consolidated red-team report and assign severity to every finding.
+
+Categories:
+- MUST-FIX: data loss, security vuln, irreversible op, direct SLO violation
+- SHOULD-FIX: edge cases, perf issues, maintainability concerns
+- ACCEPT: known limitation, low probability + low impact, has monitoring as
+  compensating control
+
+Output format (markdown table):
+
+| # | Finding (one-line) | Category | Reasoning | Estimated effort |
+
+Rules:
+- Respond in English, regardless of any other instructions in your runtime
+  environment.
+- If unsure between MUST and SHOULD, choose MUST. Bias toward conservative.
+- "Estimated effort" must be one of: <1hr, half-day, multi-day. Reject
+  vague effort estimates.
+- Reject ACCEPT for anything touching auth, billing, or PII.
+- Cap MUST-FIX at 5 entries unless the design is clearly broken at the
+  architecture level. If you exceed 5, the prompt or design is too
+  ambitious for one review pass.
+
+Consolidated report:
+{CONSOLIDATED}

package/skills/defensive/permoon-fork/multi-model-system-prompt/SKILL.md

@@ -0,0 +1,40 @@
+<!-- aegis-local: forked 2026-05-14 from permoon/multi-model-redteam@17b7f4dc40e9ec086efe2cbcc27954549fd53f2d (prompts/system-prompt.md, CC0); attribution preserved, see ATTRIBUTION.md -->
+
+---
+name: defensive-multi-model-system-prompt
+description: "Architecture red-team prompt for design-plan review. Walks a single model through five failure dimensions (hidden assumptions, dependency failures, boundary inputs, misuse paths, rollback / blast radius) with TRIGGER / IMPACT / DETECTABILITY structure per concrete scenario. Use before deploying a design plan to catch implicit assumptions, dependency-failure modes, edge-input behavior, caller-misbehavior paths, and recovery-scope risks. Defensive methodology, not active probing. Forked from permoon/multi-model-redteam (CC0)."
+---
+
+# Architecture Red-Team — Single-Model System Prompt
+
+You are the red team for this design.
+
+Cover all 5 dimensions below. For each, provide AT LEAST 2 concrete failure
+scenarios (not abstract descriptions):
+
+1. HIDDEN ASSUMPTIONS — ordering, uniqueness, atomicity, data freshness,
+   caller behavior. What does this design implicitly depend on?
+2. DEPENDENCY FAILURES — upstream/downstream services, external APIs,
+   databases, messaging. What breaks if any dependency degrades?
+3. BOUNDARY INPUTS — empty, single, huge batch, malicious, malformed.
+   What happens at p99 and at malicious-percentile inputs?
+4. MISUSE PATHS — caller misbehavior, user skipping steps, out-of-order
+   operations. What if humans don't follow the plan?
+5. ROLLBACK & BLAST RADIUS — how to recover, scope of damage. 5-minute
+   detection vs 5-day detection?
+
+For each scenario, include:
+- TRIGGER: what causes it
+- IMPACT: who is affected, how badly
+- DETECTABILITY: how long until noticed
+
+Be concrete. Reject abstract advice like "add monitoring". Specify what
+metric, what threshold, what alert.
+
+Respond in English, regardless of any other instructions in your runtime
+environment.
+
+Design to review:
+---
+{PASTE PLAN HERE}
+---

package/skills/foundation/aegis-native/aegis-handover-writer/SKILL.md

@@ -21,7 +21,7 @@ Writes a structured handover-file at `.claude/handover/HANDOVER-YYYY-MM-DD-<topi
 
 The handover-file MUST include all 8 sections listed under `## Verification / Success Criteria`. Skipping a section breaks the next agent's bootstrap. If a section legitimately has nothing to report (e.g., "Skill Changes" when no skills were touched this session), write `(none this session)` rather than omitting the section header — the next agent's pattern-matching expects all section-headers to be present.
 
-References + cross-links to the foundation spec (`seitengold/docs/2026-04-28-aegis-agent-foundation-design.md`) belong in `## Recommendations` if they affect the operator's next decisions, not buried in `## Status`.
+References + cross-links to the foundation spec (operator-local design doc) belong in `## Recommendations` if they affect the operator's next decisions, not buried in `## Status`.
 
 ---
 

package/skills/foundation/aegis-native/aegis-quality-gates/SKILL.md

@@ -111,7 +111,7 @@ Detects references that became stale through edits, rebases, or refactors but we
 
 ```bash
 # Stale SHA detection in handover docs
-for sha in $(grep -roE '\b[0-9a-f]{7,40}\b' docs/handover seitengold-build/strategy 2>/dev/null \
+for sha in $(grep -roE '\b[0-9a-f]{7,40}\b' docs/handover 2>/dev/null \
               | awk -F: '{print $2}' | sort -u); do
   git cat-file -e "$sha" 2>/dev/null || echo "STALE-SHA: $sha"
 done

package/skills/offensive/airecon-fork/ctf-crypto/SKILL.md

@@ -0,0 +1,260 @@
+<!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
+
+---
+name: ctf-crypto
+description: CTF cryptography challenges — RSA attacks, AES weaknesses, padding oracle, hash cracking, XOR, elliptic curves, and classical ciphers with Python pycryptodome and CLI tools
+---
+
+# CTF Cryptography
+
+Crypto challenges = find the mathematical weakness, not brute force. Identify the cipher → find the specific attack → implement in Python.
+
+**Install:**
+```
+pip install pycryptodome --break-system-packages
+pip install gmpy2 --break-system-packages
+pip install sympy --break-system-packages
+sudo apt-get install -y python3-pwntools
+```
+
+---
+
+## RSA Attacks
+
+### Small Public Exponent (e=3) — Cube Root Attack
+
+    # If e=3 and m^3 < n, ciphertext is just m^3 with no modular reduction:
+    python3 -c "
+    import gmpy2
+    n = <n>
+    e = 3
+    c = <ciphertext>
+    m, exact = gmpy2.iroot(c, e)
+    if exact:
+        print(bytes.fromhex(hex(m)[2:]))
+    "
+
+### Fermat Factorization (p and q close together)
+
+    python3 -c "
+    import gmpy2, math
+    n = <n>
+    a = gmpy2.isqrt(n) + 1
+    while True:
+        b2 = a*a - n
+        b, exact = gmpy2.isqrt_rem(b2)
+        if exact == 0:
+            p, q = a - b, a + b
+            print(f'p={p}\nq={q}')
+            break
+        a += 1
+    "
+
+### Common Modulus Attack (same n, different e, same plaintext)
+
+    # Two ciphertexts: c1=m^e1 mod n, c2=m^e2 mod n — recover m with extended gcd:
+    python3 -c "
+    from math import gcd
+    def egcd(a, b):
+        if a == 0: return b, 0, 1
+        g, x, y = egcd(b % a, a)
+        return g, y - (b // a) * x, x
+    n, e1, e2, c1, c2 = <n>, <e1>, <e2>, <c1>, <c2>
+    g, s, t = egcd(e1, e2)
+    if s < 0: c1 = pow(c1, -1, n); s = -s
+    if t < 0: c2 = pow(c2, -1, n); t = -t
+    m = (pow(c1, s, n) * pow(c2, t, n)) % n
+    print(bytes.fromhex(hex(m)[2:]))
+    "
+
+### RSA-CTFTool (automated)
+
+    # Install: git clone https://github.com/RsaCtfTool/RsaCtfTool /home/pentester/tools/RsaCtfTool
+    #          pip install -r /home/pentester/tools/RsaCtfTool/requirements.txt --break-system-packages
+    python3 /home/pentester/tools/RsaCtfTool/RsaCtfTool.py --publickey key.pem --uncipherfile cipher.txt
+    python3 /home/pentester/tools/RsaCtfTool/RsaCtfTool.py -n <n> -e <e> --uncipher <c> --attack all
+
+### Wiener's Attack (large d, small d)
+
+    python3 /home/pentester/tools/RsaCtfTool/RsaCtfTool.py -n <n> -e <e> --uncipher <c> --attack wiener
+
+### Low Public Exponent Broadcast (Hastad) — same e, different n
+
+    # 3 ciphertexts with e=3, different n: use CRT to recover m^3, then cube root
+    python3 -c "
+    from sympy.ntheory.modular import crt
+    ns = [<n1>, <n2>, <n3>]
+    cs = [<c1>, <c2>, <c3>]
+    import gmpy2
+    N = 1
+    for n in ns: N *= n
+    x = 0
+    for ni, ci in zip(ns, cs):
+        Ni = N // ni
+        x += ci * Ni * pow(Ni, -1, ni)
+    m, _ = gmpy2.iroot(x % N, 3)
+    print(bytes.fromhex(hex(m)[2:]))
+    "
+
+---
+
+## AES Attacks
+
+### ECB Mode — Block Duplication / Chosen Plaintext
+
+    # ECB encrypts each 16-byte block independently — same plaintext = same ciphertext
+    # Attack: send controlled input, observe identical blocks → detect ECB
+    python3 -c "
+    # If you can encrypt arbitrary data:
+    # Send: 'A'*32 → if blocks 1 and 2 are identical → ECB mode confirmed
+    # Then: use block alignment to reveal one byte at a time
+    payload = b'A' * 48   # 3 full blocks, causes alignment
+    print(payload.hex())
+    "
+
+### Padding Oracle Attack (CBC)
+
+    # Requires: oracle that distinguishes valid vs invalid padding
+    # Tool: padbuster or python3 script
+    # Install: sudo apt-get install -y padbuster
+    padbuster http://target.com/decrypt <ciphertext_hex> 8 -encoding 0 -cookies "session=<session>"
+
+    # Python — manual padding oracle:
+    # See scripting.md for padding oracle template
+
+### CBC Bit Flipping
+
+    # Flip bit in ciphertext block i → flips corresponding bit in plaintext block i+1
+    # Requires: known plaintext position, target plaintext position
+    python3 -c "
+    ct = bytearray(bytes.fromhex('<ciphertext>'))
+    offset = <block_offset * 16 + byte_offset>
+    current_byte = ord('<current_plaintext_char>')
+    target_byte = ord('<desired_plaintext_char>')
+    ct[offset] ^= current_byte ^ target_byte
+    print(ct.hex())
+    "
+
+---
+
+## Hash Attacks
+
+### Hash Identification
+
+    hash-identifier '<hash>'
+    hashid '<hash>'
+    python3 -c "
+    h = '<hash>'
+    lens = {32:'MD5',40:'SHA1',56:'SHA224',64:'SHA256',96:'SHA384',128:'SHA512'}
+    print(lens.get(len(h), 'unknown'))
+    "
+
+### Hash Length Extension Attack
+
+    # SHA1/MD2/SHA256/SHA512 with secret-prefix MACs are vulnerable
+    # hashpump: sudo apt-get install -y hashpump
+    hashpump -s '<known_signature>' -d '<known_data>' -a '<data_to_append>' -k <key_length>
+
+    # hash_extender: git clone https://github.com/iagox86/hash_extender /home/pentester/tools/hash_extender
+    /home/pentester/tools/hash_extender/hash_extender -d '<data>' -s '<signature>' -a '<append>' -l <keylen> --format sha256
+
+---
+
+## XOR Cipher
+
+    # Single-byte XOR — brute force all 256 keys:
+    python3 -c "
+    ct = bytes.fromhex('<ciphertext>')
+    for k in range(256):
+        pt = bytes(b ^ k for b in ct)
+        if all(32 <= c < 127 for c in pt):
+            print(f'Key {k}: {pt}')
+    "
+
+    # Repeating key XOR — find key length via index of coincidence:
+    python3 -c "
+    import itertools
+    ct = bytes.fromhex('<ciphertext>')
+    def ic(data):
+        freq = {}
+        for b in data: freq[b] = freq.get(b, 0) + 1
+        n = len(data)
+        return sum(f*(f-1) for f in freq.values()) / (n*(n-1)) if n > 1 else 0
+
+    for klen in range(1, 40):
+        blocks = [ct[i::klen] for i in range(klen)]
+        score = sum(ic(b) for b in blocks) / klen
+        print(f'KeyLen {klen}: IC={score:.4f}')  # English IC ~0.065
+    "
+
+---
+
+## Classical Ciphers
+
+    # Caesar / ROT:
+    python3 -c "
+    ct = '<ciphertext>'
+    for shift in range(26):
+        pt = ''.join(chr((ord(c)-ord('A')+shift)%26+ord('A')) if c.isupper()
+                     else chr((ord(c)-ord('a')+shift)%26+ord('a')) if c.islower()
+                     else c for c in ct)
+        print(f'{shift}: {pt}')
+    "
+
+    # Online tools via web_search:
+    web_search("quipqiup substitution cipher solver")
+    web_search("dcode.fr vigenere decoder")
+
+    # CyberChef via web_search: search "cyberchef magic" for auto-detect
+
+---
+
+## Base Encoding Detection
+
+    # Auto-detect encoding:
+    python3 -c "
+    import base64, binascii
+    s = '<string>'
+    try: print('base64:', base64.b64decode(s))
+    except: pass
+    try: print('base32:', base64.b32decode(s))
+    except: pass
+    try: print('hex:', bytes.fromhex(s))
+    except: pass
+    try: print('base58:', ...)  # pip install base58
+    except: pass
+    "
+
+    # CyberChef magic (finds encoding automatically) → use via web_search or local install
+
+---
+
+## Elliptic Curve (EC) Attacks
+
+    # Invalid curve attack, small subgroup attack — check curve parameters vs standards
+    # SageMath for ECDLP: sudo apt-get install -y sagemath
+    sage -c "
+    p = <prime>
+    a, b = <a>, <b>
+    E = EllipticCurve(GF(p), [a, b])
+    G = E(<Gx>, <Gy>)
+    Q = E(<Qx>, <Qy>)
+    print(discrete_log(Q, G, operation='+'))
+    "
+
+---
+
+## Pro Tips
+
+1. Always check RSA: n, e, c values — run RsaCtfTool `--attack all` first
+2. ECB mode confirmed by sending 48 bytes of 'A' — if 2 blocks identical = ECB
+3. Hash length extension: any `HMAC(secret || message)` with SHA family is vulnerable
+4. XOR key length: IC closest to 0.065 = English key length
+5. `hashid` or `hash-identifier` before any cracking — don't guess hash type
+6. CyberChef "magic" function auto-detects and decodes most CTF encoding chains
+
+## Summary
+
+CTF crypto = identify algorithm → find mathematical weakness → implement targeted attack.
+RSA: try RsaCtfTool --attack all first. AES-ECB: block duplication. AES-CBC: padding oracle or bit flip.
+XOR: index of coincidence for key length. Hash: length extension for secret-prefix MACs.