How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does ctf-osint support?

ctf-osint works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is ctf-osint free to use?

Yes. ctf-osint is free to install and use. It is available from the open explainx.ai skill registry published by ljagiello.

Where can I read ratings and reviews for ctf-osint?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install ctf-osint?

Run `npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint` in your terminal. You need to have run `npx skills init` once in your project first.

Productivity

ctf-osint▌

ljagiello/ctf-skills · updated Apr 8, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint

0 commentsdiscussion

summary

Open source intelligence techniques for CTF challenges using public data sources.

›Covers social media OSINT (Twitter/X user tracking, Tumblr investigation, BlueSky API, Discord), username enumeration across 741+ platforms, and Unicode homoglyph steganography detection
›Includes geolocation methods: reverse image search, Street View panorama matching, road sign OCR, MGRS/Plus Code conversion, and infrastructure mapping via OpenRailwayMap
›Provides web reconnaissance: Google dorking with

skill.md

CTF OSINT

Quick reference for OSINT CTF challenges. Each technique has a one-liner here; see supporting files for full details.

Prerequisites

Python packages (all platforms):

pip install shodan Pillow

Linux (apt):

apt install whois dnsutils nmap libimage-exiftool-perl imagemagick curl

macOS (Homebrew):

brew install whois bind nmap exiftool imagemagick curl

Additional Resources

social-media.md - Twitter/X (user IDs, Snowflake timestamps, Nitter, memory.lol, Wayback CDX), Tumblr (blog checks, post JSON, avatars), BlueSky search + API, Unicode homoglyph steganography, Discord API, username OSINT (namechk, whatsmyname, Osint Industries), username metadata mining (postal codes), platform false positives, multi-platform chains, Strava fitness route OSINT
geolocation-and-media.md - Image analysis, reverse image search (including Baidu for China), Google Lens cropped region search, reflected/mirrored text reading, geolocation techniques (railroad signs, infrastructure maps, MGRS), Google Plus Codes, EXIF/metadata, hardware identification, newspaper archives, IP geolocation, Google Street View panorama matching, What3Words micro-landmark matching, Google Maps crowd-sourced photo verification, Overpass Turbo spatial queries, music-themed landmark geolocation with key encoding
web-and-dns.md - Google dorking (including TBS image filters), Google Docs/Sheets enumeration, DNS recon (TXT, zone transfers), Wayback Machine, FEC research, Tor relay lookups, GitHub repository analysis, Telegram bot investigation, WHOIS investigation (reverse WHOIS, historical WHOIS, IP/ASN lookup), fake service banner detection via nmap fingerprinting

When to Pivot

If you already have the files or packets locally and now need extraction or carving, switch to /ctf-forensics.
If the task becomes active exploitation of a live HTTP service, switch to /ctf-web.
If you uncover malware samples, beacons, or suspicious binaries during attribution, switch to /ctf-malware.

Quick Start Commands

# DNS recon
dig -t any target.com
dig -t txt target.com
dig axfr @ns.target.com target.com
whois target.com

# Image metadata
exiftool image.jpg
identify -verbose image.jpg | head -30

# Web archive
curl "https://web.archive.org/web/20230101*/target.com"

# Username lookup
curl -s "https://whatsmyname.app/api/lookup?username=<user>"

# Shodan
shodan search "hostname:target.com"
shodan host <ip>

String Identification

40 hex chars -> SHA-1 (Tor fingerprint)
64 hex chars -> SHA-256
32 hex chars -> MD5

Twitter/X Account Tracking

Persistent numeric User ID: https://x.com/i/user/<id> works even after renames.
Snowflake timestamps: (id >> 22) + 1288834974657 = Unix ms.
Wayback CDX, Nitter, memory.lol for historical data. See social-media.md.

Tumblr Investigation

Blog check: curl -sI for x-tumblr-user header. Avatar at /avatar/512. See social-media.md.

Username OSINT

whatsmyname.app (741+ sites), namechk.com. Watch for platform false positives. See social-media.md.

Image Analysis & Reverse Image Search

Google Lens (crop to region of interest), Google Images, TinEye, Yandex (faces). Check corners for visual stego. Twitter strips EXIF. See geolocation-and-media.md.
Cropped region search: Isolate distinctive elements (shop signs, building facades) and search via Google Lens for better results than full-scene search. See geolocation-and-media.md.
Reflected text: Flip mirrored/reflected text (water, glass) horizontally; search partial text with quoted strings. See geolocation-and-media.md.

Geolocation

Railroad signs, infrastructure maps (OpenRailwayMap, OpenInfraMap), process of elimination. See geolocation-and-media.md.
Street View panorama matching: Feature extraction + multi-metric image similarity ranking against candidate panoramas. Useful when challenge image is a crop of a Street View photo. See geolocation-and-media.md.
Road sign OCR: Extract text from directional signs (town names, route numbers) to pinpoint road corridors. Driving side + sign style + script identify the country. See geolocation-and-media.md.
Architecture + brand identification: Post-Soviet concrete = Russia/CIS; named businesses → search locations/branches → cross-reference with coastline/terrain. See geolocation-and-media.md.
Music-themed landmark geolocation: Multiple images of music-related landmarks worldwide; each yields a piano key number encoding one flag character. Identify all locations first, then decode the key sequence. See geolocation-and-media.md.

MGRS Coordinates

Grid format "4V FH 246 677" -> online converter -> lat/long -> Google Maps. See geolocation-and-media.md.

Google Plus Codes

Format XXXX+XXX (chars: 23456789CFGHJMPQRVWX). Drop a pin on Google Maps → Plus Code appears in details. Free, no API key needed. See geolocation-and-media.md.

Metadata Extraction

exiftool image.jpg           # EXIF data
pdfinfo document.pdf         # PDF metadata
mediainfo video.mp4          # Video metadata

Google Dorking

site:example.com filetype:pdf
intitle:"index of" password

Image TBS filters: Append &tbs=itp:face to Google Image URLs to filter for faces only (strips logos/banners). See web-and-dns.md.

Google Docs/Sheets

Try /export?format=csv, /pub, /gviz/tq?tqx=out:csv, /htmlview. See web-and-dns.md.

DNS Reconnaissance

dig -t txt subdomain.ctf.domain.com
dig axfr @ns.domain.com domain.com  # Zone transfer

Always check TXT, CNAME, MX for CTF domains. See web-and-dns.md.

Tor Relay Lookups

https://metrics.torproject.org/rs.html#simple/<FINGERPRINT> -- check family, sort by "first seen". See web-and-dns.md.

GitHub Repository Analysis

Check issue comments, PR reviews, commit messages, wiki edits via gh api. See web-and-dns.md.

Telegram Bot Investigation

Find bot references in browser history, interact via /start, answer verification questions. See web-and-dns.md.

FEC Political Donation Research

FEC.gov for committee receipts; 501(c)(4) orgs obscure original funders. See web-and-dns.md.

IP Geolocation

curl "http://ip-api.com/json/103.150.68.150"

See geolocation-and-media.md.

Unicode Homoglyph Steganography

Pattern: Visually-identical Unicode characters from different blocks (Cyrillic, Greek, Math) encode binary data in social media posts. ASCII = 0, homoglyph = 1. Group bits into bytes for flag. See social-media.md.

BlueSky Public API

No auth needed. Endpoints: public.api.bsky.app/xrpc/app.bsky.feed.searchPosts?q=..., app.bsky.actor.searchActors, app.bsky.feed.getAuthorFeed. Check all replies to official posts. See social-media.md.

Fake Service Banner Detection

Pattern: Port appears open on a standard service port (22/SSH, 80/HTTP) but runs a fake service. nmap -sV or nc host port reveals the flag in the banner. Never trust port numbers alone -- always fingerprint the service. See web-and-dns.md.

Shodan SSH Fingerprint Lookup

Search Shodan by SSH host key fingerprint to identify servers: shodan search "fingerprint:AA:BB:CC:...". See web-and-dns.md.

Gaming Platform OSINT

Lookup usernames across gaming platforms (Steam, Xbox, PSN, MMOs) for character profiles, activity, and linked accounts. See social-media.md.

Resources

Shodan - Internet-connected devices
Censys - Certificate and host search
VirusTotal - File/URL reputation
WHOIS - Domain registration
Wayback Machine - Historical snapshots

how to use ctf-osint

How to use ctf-osint on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your development machine
›Node.js version 16.0+ with npm package manager (verify with node --version)
›Active project directory or workspace where you want to add ctf-osint

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-osint

The skills CLI fetches ctf-osint from GitHub repository ljagiello/ctf-skills and configures it for Cursor.

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ── always included ────

│ • Amp

│ • Antigravity

│ • Cline

│ • Codex

│ ●Cursor(selected)

│ • Cursor

│ • Windsurf

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/ctf-osint

Reload or restart Cursor to activate ctf-osint. Access the skill through slash commands (e.g., /ctf-osint) or your agent's skill management interface.

⚠

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

›View source code on GitHub ›Skills CLI documentation ›Learn more about Cursor ›What are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases▌

User Story & Requirements Generation

Create detailed user stories, acceptance criteria, and feature specs

Example

Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios

✓

Reduce spec writing time by 50%, ensure comprehensive coverage

Competitive Analysis

Research competitors, compare features, identify gaps

Example

Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities

✓

Complete competitive research in 2 hours instead of 2 days

Roadmap Prioritization

Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs

Example

Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale

✓

Make data-driven prioritization decisions faster

Stakeholder Communication

Draft PRDs, status updates, and stakeholder presentations

Example

Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement

✓

Save 3-5 hours/week on communication overhead

Implementation Guide▌

Prerequisites

›Claude Desktop or compatible AI client
›Access to product documentation and roadmap tools (Jira, Notion, etc.)
›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
›Stakeholder contact information and communication channels

Time Estimate

30-60 minutes to see productivity improvements

Installation Steps

1.Install product management skill
2.Start with user story generation for known feature
3.Progress to competitive analysis: research 2-3 competitors
4.Use for roadmap prioritization: apply RICE/ICE scoring
5.Draft stakeholder communications and refine based on feedback
6.Build template library for recurring PM tasks
7.Share effective prompts with product team

Common Pitfalls

⚠Not validating competitive research—verify facts before sharing
⚠Accepting user stories without involving engineering team
⚠Over-relying on frameworks without qualitative judgment
⚠Not customizing outputs to company culture and communication style
⚠Skipping stakeholder validation of generated requirements

Best Practices▌

✓ Do

+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition

✗ Don't

−Don't publish competitive analysis without fact-checking
−Don't finalize user stories without engineering review
−Don't make prioritization decisions solely on AI scoring
−Don't skip customer validation of generated requirements
−Don't ignore company-specific context and culture

💡 Pro Tips

★Provide context: company goals, constraints, customer feedback
★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
★Use skill for 70% generation + 30% customization to company needs

When to Use This▌

✓ Use When

Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.

✗ Avoid When

Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.

Learning Path▌

1Basic: user stories, feature specs, status updates
2Intermediate: competitive analysis, prioritization frameworks, PRDs
3Advanced: product strategy, go-to-market planning, OKR setting
4Expert: product vision, market positioning, business model innovation

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.5★★★★★31 reviews

★★★★★Jin Diallo· Dec 4, 2024
Keeps context tight: ctf-osint is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Diya Gonzalez· Nov 23, 2024
ctf-osint has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Henry Kim· Nov 11, 2024
Keeps context tight: ctf-osint is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Maya Wang· Oct 14, 2024
Solid pick for teams standardizing on skills: ctf-osint is focused, and the summary matches what you get after install.
★★★★★Yash Thakker· Sep 25, 2024
ctf-osint is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Henry Okafor· Sep 17, 2024
Keeps context tight: ctf-osint is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Diya Khan· Sep 5, 2024
We added ctf-osint from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Maya Okafor· Aug 24, 2024
ctf-osint fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Dhruvi Jain· Aug 16, 2024
Keeps context tight: ctf-osint is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Charlotte Gupta· Aug 8, 2024
ctf-osint is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

showing 1-10 of 31

1 / 4