RSA CTF Generator

20 Attack Types Native BigInt Client-Side

Generate RSA CTF challenges exploiting 20 real-world vulnerabilities: Wiener attack, Hastad broadcast, Fermat factorization, Pollard p-1, cube root, common modulus, twin primes, dp leak, Rabin, common factor, padding oracle, and more. Each challenge provides public parameters, a full JSON solution bundle, and progressive hints.

Configure RSA Challenge

No challenge yet

Pick an attack type and click Generate.

Solution will appear here

Generate a challenge first.

Hints will appear here

Generate a challenge to see progressive hints.

Raw JSON will appear here

Complete challenge bundle in JSON format.

Frequently Asked Questions

20 types across 4 difficulty levels. Easy: Even Modulus (p=2), Small Factor, Known phi/p+q Leak, Common Factor (batch GCD), Low Exponent (cube root), Common Modulus (same n, two e's), Twin Primes. Medium: Pollard p-1, Wiener's Attack, Multi-Prime RSA, Side-Channel, Hastad Broadcast (e=3/5/7), Fermat Factorization (close primes), dp Leak (CRT exponent), Rabin (e=2). Hard: Partial Key Leak (MSBs/LSBs of p, or MSBs of d), Partial PEM, ROCA Weak Primes, Franklin-Reiter. Pro: Padding Oracle (Bleichenbacher).
Each challenge type exploits a specific RSA vulnerability. Tools like Python (pycryptodome, sympy), SageMath, or RsaCtfTool can solve most of them. The progressive hints guide you toward the right approach. For example, Wiener's attack requires computing continued fractions of e/n.
256-512 bit keys for most client-side challenges — intentionally small so the intended vulnerability is exploitable with standard tools. The Padding Oracle type can use larger keys since it relies on a server-side decryption oracle.
100% free, no signup. Key generation and encryption run client-side using native JavaScript BigInt and the Web Crypto API for hashing. Only the Padding Oracle challenge type uses a server endpoint for the decryption oracle.
Absolutely. Download the JSON bundle which contains challenge parameters, the complete solution (private key, factorization, method), and progressive hints. Use the seed option to generate the same challenge reproducibly.

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 𝕏 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.