CTF Writeup Generator
Description
This skill helps CTF players, security researchers, and cybersecurity educators automatically generate professional writeups from their solving sessions. It intelligently detects flag formats, categorizes challenges, structures the writeup with proper headings, and includes code blocks with syntax highlighting.
Perfect for:
- - Creating platform-specific writeups (HackTheBox, TryHackMe, OffSec, etc.)
- Documenting Jeopardy-style CTF solutions
- Generating educational content for training materials
- Building a portfolio of security research
When to Use
Use this skill when the user:
- - Says "generate a CTF writeup"
- Mentions "document my CTF solution"
- Asks to "create a writeup for [challenge name]"
- References completing a CTF challenge and needs documentation
- Wants to format their solving process professionally
- Needs to extract and format flags from their notes
Features
Flag Format Detection
Automatically detects and validates common CTF flag formats:
- -
CTF{...}, FLAG{...}, �INLINECODE2 - Platform-specific:
HTB{...}, THM{...}, SHAASTRA{...}, �INLINECODE6 - Custom regex patterns for competition-specific formats
- Case-sensitive validation support
Challenge Categories
Automatically categorizes based on keywords and tools used:
- - Web Exploitation: SQL injection, XSS, CSRF, authentication bypass
- Binary Exploitation: Buffer overflow, ROP, format strings, heap exploitation
- Reverse Engineering: Binary analysis, decompilation, obfuscation
- Cryptography: Classical ciphers, modern crypto, hash cracking
- Forensics: Steganography, memory forensics, network analysis, disk imaging
- OSINT: Information gathering, social media analysis
- PWN: Exploitation, shellcode, privilege escalation
- Miscellaneous: Mixed or unique challenge types
Structured Output
Generates properly formatted markdown writeups with:
- - Challenge metadata (name, category, difficulty, points)
- Executive summary
- Reconnaissance findings
- Step-by-step solution with code blocks
- Tools used section
- Flag submission
- Key learnings and takeaways
- Optional: Additional resources and references
Code Formatting
Proper syntax highlighting for:
- - Python, Bash, JavaScript, C/C++
- Assembly (x86, ARM)
- SQL queries
- Command-line tools output
- Network packet analysis
Instructions
When a user requests a CTF writeup, follow this workflow:
- 1. Gather Information
Ask the user for:
- Challenge name
- Platform/CTF name (e.g., "HackTheBox", "Shaastra CTF")
- Category (or detect from description)
- Difficulty level (Easy/Medium/Hard or points value)
- Flag format if non-standard
- Their solving process/notes
- 2. Process the Content
- Extract technical steps from their description
- Identify tools and commands used
- Detect flag format and validate
- Categorize the challenge
- Structure the flow logically
- 3. Generate the Writeup
Create a markdown document with this structure:
CODEBLOCK0�bash
# Commands used
### Step 2: [Next phase]
[Continue with logical progression]
## Tools Used
- Tool 1: Purpose
- Tool 2: Purpose
## Flag
FLAG{...}
�CODEBLOCK2
- 4. Validate and Enhance
- Check flag format matches the platform
- Ensure code blocks have proper syntax highlighting
- Add explanatory comments to complex commands
- Include alternative approaches if mentioned
- 5. Save the Writeup
Save the generated writeup to a markdown file named:
�INLINECODE7
Example Usage
User: "I just solved the 'Binary Bash' challenge from Shaastra CTF. It was a buffer overflow where I had to overwrite the return address. The flag was Shaastra{buff3r0v3rfl0wm4st3r}. Can you generate a writeup?"
Agent Response:
- 1. Asks for additional details (tools used, exact exploit steps)
- Generates a professional writeup with:
- Proper challenge metadata
- Binary exploitation category
- Step-by-step buffer overflow explanation
- Code blocks with assembly/C code
- GDB commands used
- Flag in correct format
- Learning points about memory safety
Platform-Specific Templates
HackTheBox
- - Include machine IP, OS, and difficulty rating
- Add user/root flag sections
- Include attack path diagram if complex
OffSec/OSCP
- - Focus on enumeration methodology
- Document privilege escalation chains
- Include proof screenshots references
Jeopardy CTF
- - List point values and solve times
- Include team strategy if relevant
- Categorize by challenge type
Advanced Features
Multi-Tool Integration
- - Reference other skills for specific tasks:
-
ghidra-skill for reverse engineering analysis
-
burpsuite-skill for web exploitation
-
volatility-skill for memory forensics
Writeup Templates
Support for different writeup styles:
- - Academic: Detailed with theoretical background
- Speedrun: Concise with just essential steps
- Tutorial: Beginner-friendly with extra explanations
- Portfolio: Professional format for job applications
Export Formats
- - Standard Markdown (.md)
- PDF via pandoc
- HTML with custom CSS
- Platform-specific formats (HTB Academy, Medium, dev.to)
Security Considerations
- - Never include actual credentials or sensitive API keys
- Sanitize paths that might reveal system information
- Respect competition rules (don't publish during active CTF)
- Add spoiler warnings for recent challenges
- Verify flag sharing is allowed by platform
Configuration
Users can customize via environment variables:
CODEBLOCK3
Dependencies
- - Basic markdown processor (built-in)
- Optional: pandoc (for PDF export)
- Optional: pygments (for enhanced syntax highlighting)
Tips for Best Results
- 1. Provide detailed solving notes - the more context, the better
- Include command outputs when relevant
- Mention dead-ends and why they failed (valuable learning)
- Reference CVEs and tool documentation
- Add your unique insights and methodology
- Keep flag formats consistent with the platform
Example Writeup Structure
For a web exploitation challenge:
CODEBLOCK4�bash
ffuf -w common.txt -u http://target.com/FUZZ
admin/
backup/
config/
## Solution
### Step 1: Identifying the Injection Point
Testing the login form with basic SQL injection payloads:
sql
' OR '1'='1' --
admin' --
' UNION SELECT NULL--
### Step 2: Database Enumeration
Used SQLMap to automate extraction:
bash
sqlmap -u "http://target.com/login.php" --data="username=admin&password=test" \
--technique=U --dump --batch
[Continue with detailed steps...]
## Flag
SHAASTRA{sql
inj3ct10npr0}
�CODEBLOCK8
Contributing
Users can improve this skill by:
- - Adding new flag format patterns
- Contributing platform-specific templates
- Enhancing categorization logic
- Sharing example writeups
License
MIT License - Free to use and modify
Support
For issues or suggestions, contact the skill maintainer or file an issue on the GitHub repository.
CTF Writeup 生成器
描述
此技能可帮助CTF玩家、安全研究人员和网络安全教育工作者,自动从解题过程中生成专业的Writeup。它能智能检测Flag格式、对挑战进行分类、使用适当的标题构建Writeup结构,并包含带有语法高亮的代码块。
完美适用于:
- - 创建特定平台的Writeup(HackTheBox、TryHackMe、OffSec等)
- 记录Jeopardy风格的CTF解题方案
- 为培训材料生成教育内容
- 构建安全研究作品集
使用时机
当用户出现以下情况时使用此技能:
- - 说“生成一个CTF Writeup”
- 提到“记录我的CTF解题方案”
- 要求“为[挑战名称]创建Writeup”
- 提到完成了CTF挑战并需要文档记录
- 希望以专业格式整理解题过程
- 需要从笔记中提取并格式化Flag
功能特性
Flag格式检测
自动检测并验证常见的CTF Flag格式:
- - CTF{...}、FLAG{...}、flag{...}
- 平台特定:HTB{...}、THM{...}、SHAASTRA{...}、picoCTF{...}
- 针对比赛特定格式的自定义正则表达式模式
- 支持大小写敏感验证
挑战分类
根据关键词和使用的工具自动分类:
- - Web漏洞利用:SQL注入、XSS、CSRF、认证绕过
- 二进制漏洞利用:缓冲区溢出、ROP、格式化字符串、堆利用
- 逆向工程:二进制分析、反编译、混淆
- 密码学:经典密码、现代密码、哈希破解
- 取证分析:隐写术、内存取证、网络分析、磁盘镜像
- OSINT:信息收集、社交媒体分析
- PWN:漏洞利用、Shellcode、权限提升
- 其他:混合或独特的挑战类型
结构化输出
生成格式正确的Markdown Writeup,包含:
- - 挑战元数据(名称、分类、难度、分值)
- 执行摘要
- 侦察发现
- 带代码块的逐步解决方案
- 使用的工具部分
- Flag提交
- 关键经验与收获
- 可选:额外资源和参考
代码格式化
为以下内容提供正确的语法高亮:
- - Python、Bash、JavaScript、C/C++
- 汇编(x86、ARM)
- SQL查询
- 命令行工具输出
- 网络数据包分析
操作说明
当用户请求CTF Writeup时,遵循以下工作流程:
- 1. 收集信息
向用户询问:
- 挑战名称
- 平台/CTF名称(例如“HackTheBox”、“Shaastra CTF”)
- 分类(或根据描述检测)
- 难度级别(简单/中等/困难或分值)
- 非标准Flag格式
- 他们的解题过程/笔记
- 2. 处理内容
- 从描述中提取技术步骤
- 识别使用的工具和命令
- 检测并验证Flag格式
- 对挑战进行分类
- 逻辑地组织流程
- 3. 生成Writeup
创建具有以下结构的Markdown文档:
markdown
# [挑战名称] - [平台] CTF Writeup
作者:[作者名称或昵称]
日期:[当前日期]
分类:[分类]
难度:[难度]
分值:[分值,如适用]
## 摘要
[2-3句挑战和解决方案概述]
## 挑战描述
[原始挑战描述,如提供]
## 侦察
[初始枚举和信息收集]
## 解决方案
### 步骤1:[阶段名称]
[带命令/代码的详细解释]
bash
# 使用的命令
### 步骤2:[下一阶段]
[按逻辑顺序继续]
## 使用的工具
- 工具1:用途
- 工具2:用途
## Flag
FLAG{...}
## 关键收获
- 学习点1
- 学习点2
## 参考
- [相关链接]
- 4. 验证与增强
- 检查Flag格式是否与平台匹配
- 确保代码块具有正确的语法高亮
- 为复杂命令添加解释性注释
- 如提及,包含替代方法
- 5. 保存Writeup
将生成的Writeup保存为Markdown文件,命名为:
[平台]
[挑战名称]writeup.md
使用示例
用户:“我刚解了Shaastra CTF的‘Binary Bash’挑战。这是一个缓冲区溢出,我需要覆盖返回地址。Flag是Shaastra{buff3r0v3rfl0wm4st3r}。你能生成一个Writeup吗?”
智能体响应:
- 1. 询问额外细节(使用的工具、确切的利用步骤)
- 生成专业Writeup,包含:
- 正确的挑战元数据
- 二进制漏洞利用分类
- 逐步的缓冲区溢出解释
- 带汇编/C代码的代码块
- 使用的GDB命令
- 正确格式的Flag
- 关于内存安全的学习点
平台特定模板
HackTheBox
- - 包含机器IP、操作系统和难度评级
- 添加用户/根Flag部分
- 如复杂,包含攻击路径图
OffSec/OSCP
- - 重点放在枚举方法论上
- 记录权限提升链
- 包含证明截图参考
Jeopardy CTF
- - 列出分值和解题时间
- 如相关,包含团队策略
- 按挑战类型分类
高级功能
多工具集成
- ghidra-skill用于逆向工程分析
- burpsuite-skill用于Web漏洞利用
- volatility-skill用于内存取证
Writeup模板
支持不同的Writeup风格:
- - 学术型:详细,包含理论背景
- 速通型:简洁,仅包含必要步骤
- 教程型:适合初学者,包含额外解释
- 作品集型:适合求职的专业格式
导出格式
- - 标准Markdown(.md)
- 通过pandoc导出PDF
- 带自定义CSS的HTML
- 平台特定格式(HTB Academy、Medium、dev.to)
安全考虑
- - 绝不包含实际凭据或敏感API密钥
- 清理可能泄露系统信息的路径
- 遵守比赛规则(活跃CTF期间不发布)
- 为近期挑战添加剧透警告
- 验证平台是否允许共享Flag
配置
用户可通过环境变量自定义:
bash
设置默认作者名称
export CTF_AUTHOR=akm626
设置默认CTF平台
export CTF_PLATFORM=HackTheBox
设置首选Writeup风格
export CTF
WRITEUPSTYLE=tutorial
启用自动截图嵌入
export CTF
AUTOSCREENSHOTS=true
依赖项
- - 基本Markdown处理器(内置)
- 可选:pandoc(用于PDF导出)
- 可选:pygments(用于增强语法高亮)
最佳实践提示
- 1. 提供详细的解题笔记——上下文越多越好
- 相关时包含命令输出
- 提及死胡同及其失败原因(有价值的学习)
- 引用CVE和工具文档
- 添加你独特的见解和方法论
- 保持Flag格式与平台一致
Writeup结构示例
对于Web漏洞利用挑战:
markdown
SQL注入大师 - Shaastra CTF 2026
作者:akm626
日期:2026年2月8日
分类:Web漏洞利用
难度:中等
分值:300
摘要
此挑战涉及利用登录表单中的SQL注入漏洞来提取数据库内容并获取Flag。应用程序使用了客户端过滤,但很容易被绕过。
挑战描述
[原始描述...]
侦察
初始枚举发现一个基于PHP的登录门户,运行在Apache上。基本目录模糊测试发现:
bash
ffuf -w common.txt -u http://target.com/FUZZ
admin/
backup/
config/
解决方案
步骤1:识别注入点
使用基本SQL注入载荷测试登录表单:
sql
OR 1=1 --
admin --
UNION SELECT NULL--
步骤2:数据库枚举
使用SQLMap自动化提取:
bash
sqlmap -u http://target.com/login.php --data=username=admin&password=test \
--technique=U --dump --batch
[继续
