ctf-osint
The ctf-osint skill provides a collection of techniques and commands for gathering open source intelligence during Capture The Flag competitions. It covers social media analysis, geolocation, DNS reconnaissance, username enumeration, and metadata extraction.
Is ctf-osint safe to install?
Review the source first: our audit of ctf-osint's source files found 21 shell commands, 8 external URLs, file reads and writes (high risk). Every command and URL listed appears verbatim in the skill's source. The skill executes shell commands and makes network requests to external APIs and services for OSINT lookups.
How we audit skills: our security review methodology.
Who is this skill for?
CTF participants and security researchers performing information gathering tasks.
What can you do with it?
- Gathering information from public sources and social media
- Performing geolocation of images and landmarks
- Conducting DNS reconnaissance and WHOIS lookups
- Enumerating usernames across platforms
- Extracting metadata from images, PDFs, and videos
- Analyzing web archives and historical snapshots
- Identifying unknown data like hashes and coordinates
How good is this skill?
Quality score: 5/10. The skill provides clear, actionable commands and categorizes techniques by domain. It includes specific prerequisites and clear guidance on when to pivot to other tools.
What does the skill file contain?
# CTF OSINT Quick reference for OSINT CTF challenges. Each technique has a one-liner here; see supporting files for full details. ## Prerequisites **Python packages (all platforms):** ```bash pip install shodan Pillow ``` **Linux (apt):** ```bash apt install whois dnsutils nmap libimage-exiftool-perl imagemagick curl ``` **macOS (Homebrew):** ```bash brew install whois bind nmap exiftool imagemagick curl ``` ## Additional Resources - [social-media.md](social-media.md) - Twitter/X (user IDs, Snowflake timestamps, Nitter, memory.lol, Wayback CDX), Tumblr (blog checks, post JSON, avatars),...
Frequently asked questions
What software must I install to use this skill?
You need Python 3, pip packages (shodan, Pillow), and system tools including whois, dnsutils, nmap, exiftool, imagemagick, and curl.
Does this skill perform active exploitation?
No. The documentation instructs users to switch to a different skill if the task requires active exploitation of a live HTTP service.
How does the skill handle image metadata?
It uses exiftool, identify, and mediainfo to extract metadata from images, PDFs, and videos.
Related skills
openclaw-secure-linux-cloud
270.1KUsers deploying OpenClaw on remote Linux cloud servers or VMs who require secure, hardened configurations
This skill provides a secure deployment and hardening framework for self-hosting OpenClaw on Linux cloud servers. It prioritizes private control planes, loopback binding, and SSH tunneling over public exposure.
find-skills
225.2KUsers and AI agents seeking to discover, evaluate, and install third-party agent skills from public registries
The find-skills skill searches multiple agent skill registries (skills.sh, clawhub.ai, and GitHub) in parallel to help users discover, vet, and install relevant agent capabilities. It provides a comparative report based on native popularity metrics, performs a heuristic security scan on top candidates, and flags skills already present on the user's system.
supabase
153.8KDevelopers building applications with Supabase who require assistance with database schema design, security policy implementation, CLI operations, and integration troubleshooting
The Supabase skill provides guidance for developing with the Supabase platform, including database management, authentication, RLS policies, CLI usage, and MCP server integration. It emphasizes verifying implementation against current documentation, following security checklists, and using specific CLI commands for schema migrations.
firebase-auth-basics
98.6KDevelopers building applications with Firebase who need to implement user sign-in, management, or secure data access
This skill provides guidance for configuring and managing Firebase Authentication, including user identity providers, token handling, and deployment of authentication settings via the Firebase CLI.