Hexstrike

Cybersecurity assistant for CTF challenges, penetration testing, network recon, vulnerability assessment, and security research. Use when: (1) solving CTF ch...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 35 · 0 current installs · 0 all-time installs

byJay Lane@jaylane

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the content: the skill is an instruction-first pentest/CTF assistant that documents and runs common security tools and workflows. It does not request unrelated credentials or configuration paths.

ℹ

Instruction Scope

SKILL.md instructs the agent to execute many offensive security CLI tools, save outputs to /tmp, and use background exec/polling for long scans. This is expected for the stated purpose but grants the agent broad ability to run local commands and create files; the skill also explicitly warns to only test authorized targets.

✓

Install Mechanism

There is no install spec (instruction-only plus a small local helper script). The included shell script merely checks for command availability; no external downloads or archive extraction are performed.

✓

Credentials

The skill does not require any environment variables, credentials, or config paths. Some workflows mention using existing profiles or tokens (e.g., AWS profile, wpscan API token) as optional inputs — this is appropriate and not requested by the skill itself.

✓

Persistence & Privilege

The skill is not force-included (always:false) and uses normal autonomous invocation semantics. It does not request persistent system privileges or attempt to modify other skills or global agent configuration.

Assessment

This skill is an instruction-rich pentest/CTF assistant that expects to run local CLI tools. Before installing, confirm you trust the skill owner and understand that the agent may execute system commands, create files in /tmp, and suggest installing packages (apt/pip/go). Do not allow the agent to run offensive scans against systems for which you lack explicit authorization. If you have strict security policies, either (1) run the skill in an isolated environment (VM/container) with only the tools you want available, or (2) review and restrict the agent's ability to execute commands. The included script merely checks for installed tools and appears benign.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

ctfvk97245v65dsqmbpz8jyp9tex7583x7nghexstrikevk97245v65dsqmbpz8jyp9tex7583x7nglatestvk97245v65dsqmbpz8jyp9tex7583x7ngpentestvk97245v65dsqmbpz8jyp9tex7583x7ngreconvk97245v65dsqmbpz8jyp9tex7583x7ngscanningvk97245v65dsqmbpz8jyp9tex7583x7ngvulnerabilityvk97245v65dsqmbpz8jyp9tex7583x7ng

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

HexStrike — Cybersecurity & CTF Skill

Overview

Execute security tools directly via exec. No middleware, no MCP server — direct CLI access to 150+ security tools with methodology-driven workflows.

First Step: Check Available Tools

Before starting any engagement, run the tool checker to see what's installed:

bash scripts/tool-check.sh           # All categories
bash scripts/tool-check.sh network   # Just network tools
bash scripts/tool-check.sh web       # Just web tools

Adapt the workflow to available tools. If a preferred tool is missing, suggest installation or use alternatives.

CTF Workflow

When given a CTF challenge:

Identify category from description/files (web, crypto, pwn, forensics, rev, misc, OSINT)
Read references/ctf-playbook.md for the matching category section
Triage — run quick identification commands before heavy tools
Iterate — CTF is exploratory; try the obvious first, escalate to specialized tools
Document findings as you go — note promising leads

Category Identification Hints

Indicators	Category
URL, web app, login page, cookies	web
Ciphertext, hash, encoded data, RSA, AES	crypto
Binary file, ELF, PE, segfault, nc connection	pwn
Image file, pcap, memory dump, disk image	forensics
Binary to analyze, "what does this do", crackme	rev
Username, location, social media, domain	OSINT
Encoding, QR code, audio file, esoteric	misc

Recon / Pentest Workflow

For reconnaissance or penetration testing engagements:

Read references/recon-methodology.md for the full phased approach
Phase 1: Passive recon (subdomains, DNS, WHOIS, certificate transparency)
Phase 2: Active recon (port scanning, service enumeration)
Phase 3: Vulnerability scanning (nuclei, nikto, nmap scripts)
Phase 4: Web app testing (directory brute-force, injection testing)
Phase 5: Credential attacks (only when authorized)

Tool Reference

For quick syntax lookup on any of the 80+ tools, read references/tool-reference.md.

Execution Guidelines

Output Handling

Pipe long outputs to files: nmap ... -oA /tmp/nmap_results
Use | head -50 or | tail -20 for initial review
Save important results: > /tmp/<tool>_<target>_results.txt

Safety

Never run offensive tools against targets without explicit authorization
Default to non-invasive scans first (passive recon, version detection)
Escalate to active testing only when confirmed authorized
Use --batch flags where available to avoid interactive prompts (e.g., sqlmap)
Set reasonable timeouts and rate limits to avoid disruption

Tool Installation

If critical tools are missing, suggest install commands:

Debian/Ubuntu: sudo apt install <package>
pip tools: pip3 install <package>
Go tools: go install <repo>@latest
Kali Linux: Most tools pre-installed; sudo apt install kali-tools-* for categories

Long-Running Scans

Use exec with background: true and yieldMs for scans that take minutes:

exec: nmap -sV -sC -p- <TARGET> -oA /tmp/full_scan
background: true, yieldMs: 30000

Check progress with process(action=poll).

Files

5 total

Select a file

Select a file to preview.

Comments

Loading comments…