Skip to content

MQ-xz/FlagHunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

23 Commits
ctf_platform
ctf_platform
Β 
Β 
tools
tools
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
app.py
app.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

FlagHunter πŸ€–πŸš©

An autonomous AI agent framework for solving CTF challenges automatically. More than just a tool - it's an extensible framework that you can customize for your specific use cases with plug-and-play architecture.

🚧 Development Status: This project is actively under development. Features and APIs may change as we continue to improve and expand capabilities.

✨ What It Does

  • 🎯 Automatically solves CTF challenges - Just give it a challenge URL
  • πŸ”§ Handles everything - Downloads files, analyzes code, runs exploits, submits flags
  • πŸ—οΈ Framework architecture - Not just a tool, but an extensible platform
  • πŸ”Œ Plug-and-play extensions - Easy to add new platforms, tools, and capabilities
  • πŸ“¦ Ready to use - Works out of the box with proper configuration

πŸš€ Quick Start

  1. Get the code:
git clone https://github.com/MQ-xz/FlagHunter.git
cd FlagHunter
pip install -r requirements.txt
  1. Setup configuration:
cp .env.example .env
# Edit .env with your API keys
  1. Run it:
python app.py "https://labs.hackthebox.com/challenges/your-challenge"

πŸŽ₯ Demo Videos

Solving Protein Cookies (HTB)

Solving Protein Cookies (HTB)

Solving RSAisEasy (HTB)

Solving RSAisEasy (HTB)

βš™οΈ Configuration

Getting HTB Token

  1. Login to Hack The Box
  2. Open browser dev tools (F12)
  3. Look at any API request
  4. Copy the Authorization header
  5. Add to .env as HTB_AUTH_TOKEN=Bearer your_token

πŸ€– How It Works

Built with LangChain, the AI agent automatically:

  1. πŸ“₯ Downloads challenge files
  2. πŸ” Analyzes the challenge
  3. πŸ› οΈ Creates and runs exploits
  4. 🚩 Finds and submits the flag

πŸ”Œ Extending the Agent

Adding New Platforms

Want to support TryHackMe, PicoCTF, or other platforms? It's easy!

  1. Create a new file in ctf_platform/your_platform.py
  2. Copy the structure from htb.py
  3. Update the API calls for your platform
  4. Add to app.py imports

The LangChain framework handles the rest automatically.

Adding New Tools

Need the agent to do something new?

  1. Add function to tools/ directory
  2. Import it in your platform file
  3. Add to TOOLS list

The AI will automatically learn to use your new tool! Check the LangChain documentation for more details on tool creation.

🀝 Contributing

We'd love your help! This project welcomes:

  • 🌐 New platform support (TryHackMe, PicoCTF, etc.)
  • πŸ› οΈ New tools and features
  • πŸ“š Better documentation
  • πŸ› Bug fixes and improvements

Just fork the repo, make your changes, and submit a PR!

οΏ½ Roadmap

  • More CTF platforms
  • Web interface
  • Better logging
  • Challenge difficulty assessment

πŸ”’ Security & Environment

⚠️ IMPORTANT: Always run FlagHunter in a sandboxed environment or virtual machine since the AI agent executes system commands. This protects your host system from potentially harmful commands generated during exploitation attempts.

Recommended environments:

  • Docker containers
  • Virtual machines (VMware, VirtualBox)
  • Sandboxed Linux environments
  • Cloud instances

We recommend using specialized distributions like Kali Linux which come with pre-installed security tools, reducing dependency installation issues.

πŸ“ž Support & Links

βš–οΈ Legal: For educational and authorized testing only. Always ensure you have permission before testing on any system.

About

πŸ€– Autonomous AI agent framework for solving CTF challenges - extensible and plug-and-play

Topics

ai hacking ctf

Resources

Readme
Activity

Stars

7 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases 1

v1 Latest
Mar 15, 2026

Packages

 
 
 

Contributors

Languages