Overview
Flagr is a multithreaded Python 3 framework that automates solving Capture the Flag challenges. Point it at a file, URL, or raw data and it runs through 96 built-in solver units covering crypto, stego, forensics, web, pwn, encoding, and more — reporting flags as it finds them.
It is a fork of Katana by John Hammond and Caleb Stewart, extended with additional units, CTF platform integration, and remote exploitation support.
Table of contents
Open Table of contents
Key Features
- 96 solver units across 17 categories: crypto, encoding, web, pwn, stego, forensics, esoteric languages, and more
- Recursive solving — extracted data and artifacts are automatically fed back as new targets, handling layered challenges (e.g., base64-encoded zip containing a steganographic image)
- Multithreaded execution with a priority queue so fast, high-success-rate units run first
- Interactive REPL with tab completion, history, batch queuing, directory monitoring, notes, and solution export
- CTF platform integration — connects to CTFd instances to list challenges, download files, and auto-submit flags
- Remote exploitation — pwn units can build and deliver exploits to remote targets via pwntools
- Docker support for a fully self-contained environment
Installation
One-liner (Ubuntu/Debian/Fedora/Arch)
curl -fsSL https://raw.githubusercontent.com/imattas/Flagr/main/install.sh | sudo bashThis installs system dependencies (python3, binwalk, steghide, foremost, tesseract, exiftool, etc.), Python packages, and optional stego tools automatically.
Manual
# System deps (Ubuntu/Debian)
sudo apt update && sudo apt install -y python3 python3-pip python3-dev python3-venv \
build-essential libffi-dev libssl-dev libgmp-dev libmpfr-dev libmpc-dev \
libmagic1 libenchant-2-dev tesseract-ocr libimage-exiftool-perl \
binwalk foremost steghide poppler-utils tcpflow unzip git nodejs ruby
# Clone and install
git clone https://github.com/imattas/Flagr.git && cd Flagr
pip3 install .Docker
cd docker
docker build -t flagr .
docker run -v "$(pwd)/ctf:/data" -it flagrUsage
Quick Start
# Solve a base64 challenge
flagr -f "FLAG{.*?}" "RkxBR3t0aGlzX2lzX2FfYmFzZTY0X2ZsYWd9"
# Solve a file
flagr -f "picoCTF{.*?}" challenge.png
# Solve a URL
flagr -f "FLAG{.*?}" "http://ctf.example.com/challenge"
# Run a specific unit only
flagr -f "FLAG{.*?}" -u steghide challenge.jpg
# Exploit a remote binary
flagr --remote host.ctf.com 1337 ./binaryInteractive REPL
Without arguments, Flagr drops into an interactive shell:
flagr - waiting - 0 units queued
> target add ./challenge.bin
[+] ./challenge.bin: queuing target
flagr - running - 14 units queued
> status
running - 14 units queued - 42 cases evaluated
> target list
./challenge.bin - completed
hash: 2f0a02add67b58de837c7be054ae9e77
Flag: FLAG{solved_it}Key REPL commands include target add/list/solution, batch, monitor add (watch a directory for new files), set (change config at runtime), export (save results as markdown/JSON), and ctf list/queue/submit for CTFd integration.
Configuration
Create a .ini file for persistent settings:
[manager]
flag-format = FLAG{.*?}
auto = yes
threads = 8
[ctf]
provider = ctfd
url = http://ctf.example.com
username = player1
password = supersecret
auto-submit = yesflagr -c ctf.iniSolver Unit Categories
| Category | Count | Examples |
|---|---|---|
| Crypto | 24 | caesar, vigenere, xor, rsa, affine, jwt, substitution |
| Encoding | 12 | base64, base32, base58, morse, hex, qrcode |
| Web | 15 | sqli, ssti, ssrf, xxe, robots, dirbuster, jwt_forge |
| PWN | 7 | checksec, overflow, ret2win, ret2libc, formatstring |
| Stego | 11 | steghide, lsb, png_chunks, zsteg, audio_spectrogram |
| Esoteric | 6 | brainfuck, malbolge, ook, jsfuck, pikalang |
| Forensics | 4 | binwalk, file_carve, foremost, pcap_creds |
| Other | 17+ | strings, exiftool, tesseract, pdfcrack, apktool, ltrace |
Units that depend on external binaries are skipped gracefully if the binary is not installed.