aeondave/rsactftool
offensive-tools/cryptography/rsactftool/SKILL.md
Auth/lab ref: RSA testing automation tool for weak public keys. For targeting RSA key recovery or plaintext recovery from public data (n, e, ciphertext, partial leaks).
$ install --global
skillsauthnpx skillsauth add aeondave/malskill rsactftoolInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 3:44 AM130.3s4 files scanned
SKILL.md
- name:
- rsactftool
- description:
- Auth/lab ref: RSA testing automation tool for weak public keys. For targeting RSA key recovery or plaintext recovery from public data (n, e, ciphertext, partial leaks).
- license:
- MIT
- compatibility:
- Python 3.9+; Linux/macOS/WSL recommended.
- author:
- AeonDave
- version:
- 1.0
RsaCtfTool
Multi-attack RSA solver for weak RSA scenarios. Best used as a triage engine: feed known key material, run constrained attacks first, escalate only when signal supports it.
Core workflow
- Normalize input (
.pem, OpenSSH pubkey, or rawn/e). - Inspect key parameters and weakness indicators.
- Select attack families by signal (not brute-force all blindly).
- Recover private key and/or decrypt ciphertext.
- Verify output format and cryptographic consistency.
Quick commands
# Recover private key (auto attack selection)
RsaCtfTool --publickey key.pub --private
# Force a specific attack
RsaCtfTool --publickey key.pub --attack wiener --private
# Decrypt a ciphertext file once key is recoverable
RsaCtfTool --publickey key.pub --decryptfile ciphertext.bin
# Build pubkey from n/e (for problem specifications that give integers only)
RsaCtfTool --createpub -n <n> -e <e>
# Dump key parameters for triage
RsaCtfTool --dumpkey --ext --key key.pub
Attack selection heuristics
- Start with non-factorization attacks when evidence indicates weak
d, broadcast, sharedn, or partial leakage. - Prioritize factorization when
nstructure suggests close primes, smoothness, reused factors, or vulnerable keygen. - Use scenario-specific methods when custom prime construction or non-standard modulus generation is suspected.
Practical attack loop
# 1) Parse and inspect
RsaCtfTool --dumpkey --ext --key key.pub
# 2) Run fast specific checks first
RsaCtfTool --publickey key.pub --attack wiener --private
RsaCtfTool --publickey key.pub --attack hastads --private
RsaCtfTool --publickey key.pub --attack common_factors --private
# 3) Escalate to broader runs
RsaCtfTool --publickey key.pub --private
# 4) If key recovered, decrypt material
RsaCtfTool --publickey key.pub --decryptfile ct.bin
Output validation checklist
- Decrypted bytes decode cleanly (UTF-8/ASCII) or have expected binary structure.
- PKCS#1 padding assumptions are consistent with implementation.
- If multiple candidate plaintexts appear, test all against oracle verification or remote service.
- Never trust a single lucky decode without re-encryption consistency checks.
Boundaries
- Tool scope is RSA semiprime attacks on weak public keys (standard asymmetric key scenarios).
- Hash cracking (MD5/SHA/bcrypt) is intentionally out of scope here (covered by
hashcatskills).
Resources
references/factorization-attacks.md— RSA attacks based on factoringn(Fermat, Pollard variants, ECM, QS, etc.).references/non-factorization-attacks.md— RSA attacks without directly factoringn(Wiener, Hastad, Boneh-Durfee, partial leaks, lattice).references/challenge-specific-attacks.md— scenario-specific attacks for non-standard RSA key patterns and triage patterns.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026