icoa-cli 1.0.0

package/refs/pillow.txt

@@ -0,0 +1,67 @@
+Pillow (PIL) Quick Reference
+============================
+
+INSTALLATION
+  pip install pillow
+
+BASIC USAGE
+  from PIL import Image
+
+  img = Image.open("image.png")
+  img.save("output.png")
+  img.show()
+
+IMAGE INFO
+  img.size                 (width, height)
+  img.mode                 "RGB", "RGBA", "L", "1"
+  img.format               "PNG", "JPEG", etc.
+  img.info                 Metadata dict
+
+PIXEL ACCESS
+  px = img.load()          Get pixel access
+  px[x, y]                 Get pixel value
+  px[x, y] = (R, G, B)    Set pixel value
+
+  # Get all pixels
+  pixels = list(img.getdata())
+
+CONVERSIONS
+  img.convert("L")         Grayscale
+  img.convert("RGB")       RGB
+  img.convert("RGBA")      RGBA
+  img.convert("1")         Black and white
+
+OPERATIONS
+  img.resize((w, h))       Resize
+  img.crop((l, t, r, b))   Crop (left, top, right, bottom)
+  img.rotate(90)           Rotate
+  img.transpose(Image.FLIP_LEFT_RIGHT)   Flip horizontal
+
+CREATE NEW IMAGE
+  img = Image.new("RGB", (width, height), (255, 255, 255))
+
+COMMON CTF PATTERNS
+  # LSB steganography extraction
+  img = Image.open("steg.png")
+  px = img.load()
+  bits = ""
+  for y in range(img.height):
+      for x in range(img.width):
+          r, g, b = px[x, y][:3]
+          bits += str(r & 1)  # Extract LSB
+  # Convert bits to bytes
+  message = bytes(int(bits[i:i+8], 2) for i in range(0, len(bits), 8))
+
+  # Hide data in pixels
+  for i, byte in enumerate(data):
+      x, y = i % img.width, i // img.width
+      r, g, b = px[x, y][:3]
+      px[x, y] = ((r & 0xFE) | (byte >> 7 & 1), g, b)
+
+  # Visual comparison
+  from PIL import ImageChops
+  diff = ImageChops.difference(img1, img2)
+  diff.save("diff.png")
+
+  # Extract text from image regions
+  region = img.crop((10, 10, 200, 50))

package/refs/pwntools.txt

@@ -0,0 +1,79 @@
+Pwntools Quick Reference
+========================
+
+INSTALLATION
+  pip install pwntools
+
+CONNECTION
+  from pwn import *
+
+  # Remote connection
+  r = remote("host", port)
+
+  # Local process
+  p = process("./binary")
+
+  # SSH
+  s = ssh("user", "host", password="pass")
+
+SEND / RECEIVE
+  r.send(b"data")               Send raw bytes
+  r.sendline(b"data")           Send + newline
+  r.sendafter(b"prompt", data)  Send after receiving
+  r.sendlineafter(b">", data)   Sendline after prompt
+
+  r.recv(1024)                  Receive up to N bytes
+  r.recvline()                  Receive one line
+  r.recvuntil(b":")             Receive until delimiter
+  r.recvall()                   Receive everything
+  r.interactive()               Interactive mode
+
+PACKING / UNPACKING
+  p32(0x41414141)               Pack 32-bit (little-endian)
+  p64(0x41414141)               Pack 64-bit
+  u32(b"\x41\x41\x41\x41")     Unpack 32-bit
+  u64(data)                     Unpack 64-bit
+  p32(addr, endian='big')       Big-endian pack
+
+ELF ANALYSIS
+  e = ELF("./binary")
+  e.symbols["main"]             Function address
+  e.got["puts"]                 GOT entry
+  e.plt["puts"]                 PLT entry
+  e.search(b"/bin/sh")          Search for bytes
+  e.address                     Base address
+
+ROP
+  rop = ROP(e)
+  rop.call("puts", [got_puts])  Call function
+  rop.raw(gadget_addr)          Raw gadget
+  rop.chain()                   Build chain
+  rop.find_gadget(["pop rdi"])  Find gadget
+
+SHELLCODE
+  shellcraft.sh()               /bin/sh shellcode
+  shellcraft.cat("flag.txt")    cat file
+  asm(shellcraft.sh())          Assemble shellcode
+
+CRYPTO
+  xor(data, key)                XOR data with key
+  xor_key(plain, cipher)        Find XOR key
+
+CONTEXT
+  context.arch = "amd64"        Set architecture
+  context.os = "linux"          Set OS
+  context.log_level = "debug"   Debug output
+  context.terminal = ["tmux", "splitw", "-h"]
+
+FORMAT STRING
+  fmtstr_payload(offset, {addr: value})
+
+COMMON PATTERNS
+  # Buffer overflow
+  payload = b"A" * offset
+  payload += p64(ret_addr)
+  r.sendline(payload)
+
+  # Leak address
+  r.recvuntil(b"output: ")
+  leak = u64(r.recv(6).ljust(8, b"\x00"))

package/refs/pycrypto.txt

@@ -0,0 +1,77 @@
+PyCryptodome Quick Reference
+============================
+
+INSTALLATION
+  pip install pycryptodome
+
+AES
+  from Crypto.Cipher import AES
+  from Crypto.Util.Padding import pad, unpad
+
+  # AES-ECB
+  cipher = AES.new(key, AES.MODE_ECB)
+  ct = cipher.encrypt(pad(data, 16))
+  pt = unpad(cipher.decrypt(ct), 16)
+
+  # AES-CBC
+  cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+  ct = cipher.encrypt(pad(data, 16))
+  cipher2 = AES.new(key, AES.MODE_CBC, iv=iv)
+  pt = unpad(cipher2.decrypt(ct), 16)
+
+  # AES-CTR
+  cipher = AES.new(key, AES.MODE_CTR, nonce=nonce)
+  ct = cipher.encrypt(data)   # no padding needed
+
+  # AES-GCM
+  cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
+  ct, tag = cipher.encrypt_and_digest(data)
+
+RSA
+  from Crypto.PublicKey import RSA
+  from Crypto.Cipher import PKCS1_OAEP
+
+  # Generate key
+  key = RSA.generate(2048)
+  pub = key.publickey()
+
+  # Encrypt / Decrypt
+  cipher = PKCS1_OAEP.new(pub)
+  ct = cipher.encrypt(data)
+  cipher = PKCS1_OAEP.new(key)
+  pt = cipher.decrypt(ct)
+
+  # RSA math
+  key = RSA.import_key(open("key.pem").read())
+  n = key.n    # modulus
+  e = key.e    # public exponent
+  d = key.d    # private exponent
+  p = key.p    # prime 1
+  q = key.q    # prime 2
+
+  # Textbook RSA
+  ct = pow(m, e, n)    # encrypt
+  pt = pow(ct, d, n)   # decrypt
+
+HASHING
+  from Crypto.Hash import SHA256, MD5, SHA1
+
+  h = SHA256.new(data)
+  print(h.hexdigest())
+
+  h = MD5.new(data)
+  print(h.hexdigest())
+
+RANDOM
+  from Crypto.Random import get_random_bytes
+  key = get_random_bytes(16)  # 16 random bytes
+  iv  = get_random_bytes(16)
+
+USEFUL MATH
+  from Crypto.Util.number import *
+  long_to_bytes(n)          Number → bytes
+  bytes_to_long(b)          Bytes → number
+  getPrime(1024)            Random 1024-bit prime
+  isPrime(n)                Primality test
+  inverse(e, phi)           Modular inverse
+  GCD(a, b)                 Greatest common divisor

package/refs/python.txt

@@ -0,0 +1,94 @@
+Python 3 Quick Reference
+========================
+
+DATA TYPES
+  x = 42                  int
+  x = 3.14                float
+  s = "hello"             str
+  b = b"\x41\x42"         bytes
+  L = [1, 2, 3]           list
+  T = (1, 2, 3)           tuple
+  D = {"a": 1}            dict
+  S = {1, 2, 3}           set
+
+STRINGS
+  s.upper() / s.lower()   Case conversion
+  s.strip()               Remove whitespace
+  s.split(",")            Split to list
+  ",".join(L)             Join list to string
+  s.replace("a", "b")     Replace
+  s.startswith("he")      Check prefix
+  s.encode()              str → bytes
+  b.decode()              bytes → str
+  f"Value: {x}"           F-string formatting
+
+BYTES & ENCODING
+  bytes.fromhex("4142")   Hex string → bytes
+  b.hex()                 Bytes → hex string
+  import base64
+  base64.b64encode(b)     Base64 encode
+  base64.b64decode(s)     Base64 decode
+
+LIST OPERATIONS
+  L.append(x)             Add to end
+  L.extend([4,5])         Extend list
+  L.pop()                 Remove last
+  L[1:3]                  Slice
+  L[::-1]                 Reverse
+  sorted(L)               Sort (new list)
+  [x*2 for x in L]        List comprehension
+  len(L)                  Length
+
+DICT OPERATIONS
+  D["key"]                Get value
+  D.get("key", default)   Get with default
+  D.keys()                All keys
+  D.values()              All values
+  D.items()               Key-value pairs
+  {**D1, **D2}            Merge dicts
+
+FILE I/O
+  with open("f.txt") as f:
+      content = f.read()
+
+  with open("f.txt", "w") as f:
+      f.write("data")
+
+  with open("f.bin", "rb") as f:
+      data = f.read()
+
+USEFUL MODULES
+  import os                OS operations
+  import sys               System-specific
+  import re                Regular expressions
+  import json              JSON parsing
+  import hashlib           Hash functions
+  import struct            Binary packing
+  import socket            Network sockets
+  import subprocess        Run commands
+  import itertools         Iteration tools
+  import collections       Specialized containers
+
+COMMON PATTERNS
+  # Read binary file
+  data = open("file", "rb").read()
+
+  # Hex dump
+  print(data.hex())
+
+  # XOR bytes
+  result = bytes(a ^ b for a, b in zip(d1, d2))
+
+  # HTTP request
+  import requests
+  r = requests.get(url)
+  r = requests.post(url, data={"key": "val"})
+
+  # Run command
+  import subprocess
+  out = subprocess.check_output(["cmd", "arg"])
+
+  # Regex
+  import re
+  m = re.search(r"pattern", text)
+  matches = re.findall(r"pattern", text)

package/refs/r2.txt

@@ -0,0 +1,85 @@
+Radare2 Quick Reference
+=======================
+
+STARTING
+  r2 binary                      Open binary
+  r2 -d binary                   Debug mode
+  r2 -A binary                   Auto-analyze on open
+  r2 -w binary                   Write mode
+
+ANALYSIS
+  aaa                            Full analysis
+  afl                            List functions
+  afl~main                       Find main function
+  afn name addr                  Rename function
+  axt addr                       Cross-references to
+  axf addr                       Cross-references from
+
+NAVIGATION
+  s main                         Seek to function
+  s 0x401000                     Seek to address
+  s+10 / s-10                    Seek forward/back
+
+DISASSEMBLY
+  pd 20                          Disassemble 20 instructions
+  pdf                            Disassemble current function
+  pdf @ main                     Disassemble main
+  pD 100                         Disassemble 100 bytes
+
+PRINT DATA
+  px 64                          Hex dump 64 bytes
+  ps @ addr                      Print string
+  pf d @ addr                    Print as integer
+  p8 16                          Print 16 hex bytes
+
+VISUAL MODE
+  V                              Enter visual mode
+  VV                             Graph mode
+  p/P                            Cycle views in visual
+  q                              Quit visual
+
+SEARCHING
+  / string                       Search for string
+  /x 90909090                    Search hex pattern
+  /R pop rdi                     Search ROP gadget
+  iz                             List strings in data
+  izz                            List all strings
+
+INFORMATION
+  i                              File info
+  ie                             Entry point
+  iS                             Sections
+  ii                             Imports
+  iE                             Exports
+  is                             Symbols
+  il                             Libraries
+
+FLAGS / COMMENTS
+  f name @ addr                  Set flag (bookmark)
+  CC comment @ addr              Add comment
+  CCu                            Remove comment
+
+WRITE MODE (r2 -w)
+  wx 9090 @ addr                 Write hex bytes
+  wa "nop" @ addr                Write assembly
+
+DEBUG
+  db addr                        Breakpoint
+  dc                             Continue
+  ds                             Step
+  dr                             Show registers
+  dr rax=0                       Set register
+
+COMMON CTF PATTERNS
+  # Quick analysis
+  r2 -A binary
+  afl              # list functions
+  s main           # go to main
+  pdf              # disassemble
+
+  # Find strings
+  iz~flag
+  iz~password
+
+  # Decompile (with r2ghidra)
+  pdg @ main       # Ghidra decompiler output

package/refs/regex.txt

@@ -0,0 +1,73 @@
+Regular Expressions Quick Reference
+====================================
+
+BASIC PATTERNS
+  .                 Any character (except newline)
+  \d                Digit [0-9]
+  \D                Non-digit
+  \w                Word character [a-zA-Z0-9_]
+  \W                Non-word character
+  \s                Whitespace
+  \S                Non-whitespace
+  \b                Word boundary
+
+ANCHORS
+  ^                 Start of string/line
+  $                 End of string/line
+  \A                Start of string only
+  \Z                End of string only
+
+QUANTIFIERS
+  *                 0 or more
+  +                 1 or more
+  ?                 0 or 1
+  {n}               Exactly n
+  {n,}              n or more
+  {n,m}             Between n and m
+  *?  +?  ??        Non-greedy versions
+
+CHARACTER CLASSES
+  [abc]             a, b, or c
+  [a-z]             Lowercase letters
+  [A-Z]             Uppercase letters
+  [0-9]             Digits
+  [^abc]            NOT a, b, or c
+  [a-zA-Z0-9]      Alphanumeric
+
+GROUPS & REFERENCES
+  (pattern)         Capture group
+  (?:pattern)       Non-capture group
+  (?P<name>pat)     Named group (Python)
+  \1                Back-reference to group 1
+  (?=pattern)       Lookahead
+  (?!pattern)       Negative lookahead
+  (?<=pattern)      Lookbehind
+  (?<!pattern)      Negative lookbehind
+
+ALTERNATION
+  a|b               a or b
+  (cat|dog)         cat or dog
+
+COMMON CTF PATTERNS
+  # Flag format
+  icoa\{[^}]+\}
+
+  # IP address
+  \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}
+
+  # Hex string
+  [0-9a-fA-F]+
+
+  # Base64
+  [A-Za-z0-9+/]+=*
+
+  # Email
+  [\w.+-]+@[\w-]+\.[\w.]+
+
+  # URL
+  https?://[^\s]+
+
+GREP EXAMPLES
+  grep -E "icoa\{.*\}" file       Find flags
+  grep -oP "\d+\.\d+\.\d+\.\d+" f   Extract IPs
+  grep -rn "password" .           Search recursively

package/refs/requests.txt

@@ -0,0 +1,83 @@
+Python Requests Quick Reference
+===============================
+
+INSTALLATION
+  pip install requests
+
+BASIC REQUESTS
+  import requests
+
+  r = requests.get(url)
+  r = requests.post(url, data={"key": "val"})
+  r = requests.put(url, json={"key": "val"})
+  r = requests.delete(url)
+  r = requests.head(url)
+  r = requests.options(url)
+
+RESPONSE
+  r.status_code            HTTP status code
+  r.text                   Response body (str)
+  r.content                Response body (bytes)
+  r.json()                 Parse JSON response
+  r.headers                Response headers
+  r.cookies                Response cookies
+  r.url                    Final URL (after redirects)
+  r.elapsed                Time elapsed
+  r.history                Redirect history
+
+PARAMETERS
+  # URL parameters
+  r = requests.get(url, params={"q": "search"})
+
+  # Headers
+  r = requests.get(url, headers={"Authorization": "Bearer tok"})
+
+  # Cookies
+  r = requests.get(url, cookies={"session": "abc"})
+
+  # POST data (form-encoded)
+  r = requests.post(url, data={"user": "admin"})
+
+  # POST JSON
+  r = requests.post(url, json={"user": "admin"})
+
+  # File upload
+  r = requests.post(url, files={"file": open("f", "rb")})
+
+  # Timeout
+  r = requests.get(url, timeout=5)
+
+  # Disable SSL verification
+  r = requests.get(url, verify=False)
+
+  # Follow redirects
+  r = requests.get(url, allow_redirects=False)
+
+  # Proxy
+  r = requests.get(url, proxies={"http": "http://127.0.0.1:8080"})
+
+SESSIONS (persist cookies, headers)
+  s = requests.Session()
+  s.headers.update({"Authorization": "Bearer tok"})
+  s.get(url)              # cookies persist
+  s.post(url, data=data)  # same session
+
+AUTH
+  from requests.auth import HTTPBasicAuth
+  r = requests.get(url, auth=HTTPBasicAuth("user", "pass"))
+  # shorthand:
+  r = requests.get(url, auth=("user", "pass"))
+
+CTF PATTERNS
+  # SQL injection test
+  r = requests.get(url, params={"id": "1' OR '1'='1"})
+
+  # Cookie manipulation
+  r = requests.get(url, cookies={"admin": "true"})
+
+  # Brute force
+  for word in open("wordlist.txt"):
+      r = requests.post(url, data={"pass": word.strip()})
+      if "Success" in r.text:
+          print(f"Found: {word}")
+          break

package/refs/rules.txt

@@ -0,0 +1,28 @@
+ICOA 2026 Competition Rules
+===========================
+
+FORMAT
+  Jeopardy-style CTF
+  Categories: Crypto, Web, Pwn, Reverse, Forensics
+  Day 1: AI4CTF — Classic CTF with AI-assisted solving
+  Day 2: CTF4AI — Attacking AI models
+
+HINT BUDGET
+  Level A (General Guidance):   50 uses
+  Level B (Deep Analysis):      10 uses
+  Level C (Critical Assist):     2 uses
+  Token Cap:                    50,000 tokens
+
+RULES
+  - All tools must run inside the Docker sandbox
+  - Flag format: icoa{...}
+  - No collaboration between teams during competition
+  - All AI prompts are logged and auditable
+  - Competition times are enforced server-side
+  - Submitting after competition ends is not allowed
+
+SCORING
+  - Each challenge has fixed point value
+  - First-blood bonus may apply
+  - Final ranking by total score
+  - Ties broken by submission time

package/refs/scapy.txt

@@ -0,0 +1,80 @@
+Scapy Quick Reference
+=====================
+
+INSTALLATION
+  pip install scapy
+
+BASIC USAGE
+  from scapy.all import *
+
+PACKET CREATION
+  # IP packet
+  pkt = IP(dst="10.0.0.1")
+
+  # TCP SYN
+  pkt = IP(dst="10.0.0.1")/TCP(dport=80, flags="S")
+
+  # UDP packet
+  pkt = IP(dst="10.0.0.1")/UDP(dport=53)/DNS()
+
+  # ICMP ping
+  pkt = IP(dst="10.0.0.1")/ICMP()
+
+  # HTTP request
+  pkt = IP(dst="10.0.0.1")/TCP(dport=80)/Raw(b"GET / HTTP/1.1\r\n\r\n")
+
+SEND / RECEIVE
+  send(pkt)                Layer 3 send (no response)
+  sr(pkt)                  Send and receive (layer 3)
+  sr1(pkt)                 Send and receive 1 packet
+  sendp(pkt)               Layer 2 send
+  srp(pkt)                 Layer 2 send and receive
+
+READING PCAP
+  pkts = rdpcap("capture.pcap")
+  pkts.summary()
+  pkts[0].show()
+
+  # Filter packets
+  tcp_pkts = [p for p in pkts if TCP in p]
+  http = [p for p in pkts if p.haslayer(Raw)]
+
+  # Extract data
+  for p in pkts:
+      if Raw in p:
+          print(p[Raw].load)
+
+WRITING PCAP
+  wrpcap("output.pcap", pkts)
+
+PACKET INSPECTION
+  pkt.show()               Show packet details
+  pkt.summary()            One-line summary
+  ls(TCP)                  List TCP fields
+  pkt[TCP].sport           Access field
+  pkt.haslayer(TCP)        Check layer exists
+  hexdump(pkt)             Hex dump
+
+SNIFFING
+  pkts = sniff(count=10)
+  pkts = sniff(filter="tcp port 80", count=10)
+  sniff(prn=lambda p: p.summary())
+
+COMMON CTF PATTERNS
+  # Extract HTTP data from pcap
+  pkts = rdpcap("capture.pcap")
+  for p in pkts:
+      if TCP in p and Raw in p:
+          data = p[Raw].load
+          if b"flag" in data or b"icoa{" in data:
+              print(data)
+
+  # DNS exfiltration
+  dns_pkts = [p for p in pkts if DNS in p]
+  for p in dns_pkts:
+      if DNSQR in p:
+          print(p[DNSQR].qname)
+
+  # Reconstruct TCP stream
+  from scapy.layers.http import *
+  load_layer("http")