2015-08-06 03:54:09 +00:00
# Awesome CTF [![Build Status](https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master)](https://travis-ci.org/apsdehal/awesome-ctf) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
2015-02-28 05:48:21 +00:00
2016-05-13 12:59:28 +00:00
A curated list of [Capture The Flag ](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security ) (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.
2015-02-28 05:48:21 +00:00
2015-04-26 05:50:19 +00:00
### Contributing
2015-02-28 05:51:44 +00:00
2015-04-26 06:33:39 +00:00
Please take a quick look at the [contribution guidelines ](https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md ) first.
2015-04-26 05:50:19 +00:00
#### _If you know a tool that isn't present here, feel free to open a pull request._
2015-03-19 08:42:06 +00:00
2015-04-26 06:27:07 +00:00
### Why?
It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.
2015-04-26 05:50:45 +00:00
### Contents
2015-04-26 20:02:50 +00:00
- [Awesome CTF ](#awesome-ctf )
2015-04-26 05:50:45 +00:00
- [Create ](#create )
2015-04-27 22:26:04 +00:00
- [Forensics ](#forensics )
2016-05-11 17:54:23 +00:00
- [Platforms ](#platforms )
2016-06-10 18:01:55 +00:00
- [Steganography ](#steganography )
2015-04-27 22:26:04 +00:00
- [Web ](#web )
2015-04-26 05:50:45 +00:00
- [Solve ](#solve )
2015-04-27 22:26:04 +00:00
- [Attacks ](#attacks )
- [Bruteforcers ](#bruteforcers )
- [Cryptography ](#crypto )
- [Exploits ](#exploits )
- [Forensics ](#forensics-1 )
2016-09-28 20:15:13 +00:00
- [Networking ](#networking )
2015-04-27 22:26:04 +00:00
- [Reversing ](#reversing )
- [Services ](#services )
2016-09-29 18:11:47 +00:00
- [Steganography ](#steganography-1 )
2015-04-27 22:26:04 +00:00
- [Web ](#web-1 )
2015-04-26 05:51:01 +00:00
2015-04-26 05:57:15 +00:00
- [Resources ](#resources )
2016-09-28 07:48:08 +00:00
- [Operating Systems ](#operating-systems )
2015-09-08 18:26:17 +00:00
- [Starter Packs ](#starter-packs )
2015-04-27 22:26:04 +00:00
- [Tutorials ](#tutorials )
- [Wargames ](#wargames )
- [Websites ](#websites )
- [Wikis ](#wikis )
2015-09-08 18:26:17 +00:00
- [Writeups Collections ](#writeups-collections )
2015-04-26 05:57:15 +00:00
2015-04-26 05:52:43 +00:00
# Create
2015-04-26 05:51:01 +00:00
*Tools used for creating CTF challenges*
2019-06-30 03:22:42 +00:00
- [Kali Linux CTF Blueprints ](https://doc.lagout.org/security/Packt.Kali.Linux.CTF.Blueprints.Jul.2014.ISBN.1783985984.pdf ) - Online book on building, testing, and customizing your own Capture the Flag challenges.
2015-04-26 05:51:01 +00:00
## Forensics
*Tools used for creating Forensics challenges*
2017-02-15 03:54:29 +00:00
- [Dnscat ](https://wiki.skullsecurity.org/Dnscat ) - Hosts communication through DNS
2017-03-16 17:11:49 +00:00
- [Registry Dumper ](http://www.kahusecurity.com/downloads/RegistryDumper_v0.2.7z ) - Dump your registry
2015-04-26 05:51:01 +00:00
2016-05-11 17:54:23 +00:00
## Platforms
2016-05-13 12:59:28 +00:00
*Projects that can be used to host a CTF*
2016-05-12 08:32:36 +00:00
- [CTFd ](https://github.com/isislab/CTFd ) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon
2016-09-29 18:11:47 +00:00
- [FBCTF ](https://github.com/facebook/fbctf ) - Platform to host Capture the Flag competitions from Facebook
2019-08-29 06:48:49 +00:00
- [Haaukins ](https://github.com/aau-network-security/haaukins )- A Highly Accessible and Automated Virtualization Platform for Security Education
2017-02-15 03:58:14 +00:00
- [HackTheArch ](https://github.com/mcpa-stlouis/hack-the-arch ) - CTF scoring platform
2016-05-12 08:32:36 +00:00
- [Mellivora ](https://github.com/Nakiami/mellivora ) - A CTF engine written in PHP
2016-09-28 07:44:53 +00:00
- [NightShade ](https://github.com/UnrealAkama/NightShade ) - A simple security CTF framework
2017-04-09 17:20:32 +00:00
- [OpenCTF ](https://github.com/easyctf/openctf ) - CTF in a box. Minimal setup required
2017-04-09 16:49:04 +00:00
- [PicoCTF Platform 2 ](https://github.com/picoCTF/picoCTF-Platform-2 ) - A genericized version of picoCTF 2014 that can be easily adapted to host CTF or programming competitions.
2017-04-09 17:21:43 +00:00
- [PyChallFactory ](https://github.com/pdautry/py_chall_factory ) - Small framework to create/manage/package jeopardy CTF challenges
2017-11-14 17:52:58 +00:00
- [RootTheBox ](https://github.com/moloch--/RootTheBox ) - A Game of Hackers (CTF Scoreboard & Game Manager)
2016-05-12 08:32:36 +00:00
- [Scorebot ](https://github.com/legitbs/scorebot ) - Platform for CTFs by Legitbs (Defcon)
2017-08-21 21:00:04 +00:00
- [SecGen ](https://github.com/cliffe/SecGen ) - Security Scenario Generator. Creates randomly vulnerable virtual machines
2016-05-11 17:54:23 +00:00
2016-09-28 07:44:53 +00:00
2016-06-10 18:01:55 +00:00
## Steganography
*Tools used to create stego challenges*
Check solve section for steganography.
2015-04-26 05:51:01 +00:00
## Web
*Tools used for creating Web challenges*
*JavaScript Obfustcators*
2018-10-10 22:10:52 +00:00
- [Metasploit JavaScript Obfuscator ](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit )
2015-04-26 06:47:33 +00:00
- [Uglify ](http://marijnhaverbeke.nl//uglifyjs )
2015-04-26 05:51:01 +00:00
2015-04-26 05:52:43 +00:00
# Solve
2015-04-26 05:51:19 +00:00
*Tools used for solving CTF challenges*
2015-04-26 06:11:06 +00:00
## Attacks
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
*Tools used for performing various kinds of attacks*
2015-04-26 05:51:19 +00:00
2018-03-11 07:47:47 +00:00
- [Bettercap ](https://github.com/bettercap/bettercap ) - Framework to perform MITM (Man in the Middle) attacks.
2015-04-26 06:11:06 +00:00
- [Layer 2 attacks ](https://github.com/tomac/yersinia ) - Attack various protocols on layer 2
2015-04-26 05:51:19 +00:00
## Crypto
*Tools used for solving Crypto challenges*
2016-10-31 02:12:11 +00:00
- [FeatherDuster ](https://github.com/nccgroup/featherduster ) - An automated, modular cryptanalysis tool
2017-09-25 18:43:08 +00:00
- [Hash Extender ](https://github.com/iagox86/hash_extender ) - A utility tool for performing hash length extension attacks
2019-09-11 19:40:05 +00:00
- [padding-oracle-attacker ](https://github.com/KishanBagaria/padding-oracle-attacker ) - A CLI tool to execute padding oracle attacks
2015-11-11 00:17:51 +00:00
- [PkCrack ](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html ) - A tool for Breaking PkZip-encryption
2017-10-19 18:14:25 +00:00
- [RSACTFTool ](https://github.com/Ganapati/RsaCtfTool ) - A tool for recovering RSA private key with various attack
2015-04-26 05:51:19 +00:00
- [RSATool ](https://github.com/ius/rsatool ) - Generate private key with knowledge of p and q
2015-04-26 08:05:02 +00:00
- [XORTool ](https://github.com/hellman/xortool ) - A tool to analyze multi-byte xor cipher
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
## Bruteforcers
*Tools used for various kind of bruteforcing (passwords etc.)*
2017-02-15 03:53:58 +00:00
- [Hashcat ](https://hashcat.net/hashcat/ ) - Password Cracker
2015-04-26 06:47:33 +00:00
- [John The Jumbo ](https://github.com/magnumripper/JohnTheRipper ) - Community enhanced version of John the Ripper
2015-04-26 08:05:02 +00:00
- [John The Ripper ](http://www.openwall.com/john/ ) - Password Cracker
2017-03-22 04:38:18 +00:00
- [Nozzlr ](https://github.com/intrd/nozzlr ) - Nozzlr is a bruteforce framework, trully modular and script-friendly.
2015-04-26 06:47:33 +00:00
- [Ophcrack ](http://ophcrack.sourceforge.net/ ) - Windows password cracker based on rainbow tables.
2017-03-22 04:38:18 +00:00
- [Patator ](https://github.com/lanjelot/patator ) - Patator is a multi-purpose brute-forcer, with a modular design.
2015-04-26 06:11:06 +00:00
## Exploits
*Tools used for solving Exploits challenges*
2016-07-01 10:56:26 +00:00
- [DLLInjector ](https://github.com/OpenSecurityResearch/dllinjector ) - Inject dlls in processes
2017-02-15 03:55:01 +00:00
- [libformatstr ](https://github.com/hellman/libformatstr ) - Simplify format string exploitation.
2015-04-26 06:47:33 +00:00
- [Metasploit ](http://www.metasploit.com/ ) - Penetration testing software
2019-09-05 17:45:22 +00:00
- [Cheatsheet ](https://www.comparitech.com/net-admin/metasploit-cheat-sheet/ )
2017-06-12 01:46:05 +00:00
- [one_gadget ](https://github.com/david942j/one_gadget ) - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call
- `gem install one_gadget`
2016-09-29 18:11:47 +00:00
- [Pwntools ](https://github.com/Gallopsled/pwntools ) - CTF Framework for writing exploits
- [Qira ](https://github.com/BinaryAnalysisPlatform/qira ) - QEMU Interactive Runtime Analyser
2015-10-28 04:58:48 +00:00
- [ROP Gadget ](https://github.com/JonathanSalwan/ROPgadget ) - Framework for ROP exploitation
2016-11-20 15:07:11 +00:00
- [V0lt ](https://github.com/P1kachu/v0lt ) - Security CTF Toolkit
2015-04-26 06:11:06 +00:00
2015-04-26 05:51:19 +00:00
## Forensics
*Tools used for solving Forensics challenges*
2015-04-30 12:58:43 +00:00
- [Aircrack-Ng ](http://www.aircrack-ng.org/ ) - Crack 802.11 WEP and WPA-PSK keys
- `apt-get install aircrack-ng`
2015-04-26 06:25:12 +00:00
- [Audacity ](http://sourceforge.net/projects/audacity/ ) - Analyze sound files (mp3, m4a, whatever)
2015-04-26 05:51:19 +00:00
- `apt-get install audacity`
2016-09-29 18:11:47 +00:00
- [Bkhive and Samdump2 ](http://sourceforge.net/projects/ophcrack/files/samdump2/ ) - Dump SYSTEM and SAM files
2015-04-26 06:25:12 +00:00
- `apt-get install samdump2 bkhive`
2015-04-26 05:51:19 +00:00
- [CFF Explorer ](http://www.ntcore.com/exsuite.php ) - PE Editor
2016-09-29 18:11:47 +00:00
- [Creddump ](https://github.com/moyix/creddump ) - Dump windows credentials
2015-09-19 20:05:00 +00:00
- [DVCS Ripper ](https://github.com/kost/dvcs-ripper ) - Rips web accessible (distributed) version control systems
2015-07-18 09:52:30 +00:00
- [Exif Tool ](http://www.sno.phy.queensu.ca/~phil/exiftool/ ) - Read, write and edit file metadata
2016-09-29 18:11:47 +00:00
- [Extundelete ](http://extundelete.sourceforge.net/ ) - Used for recovering lost data from mountable images
2016-06-20 16:46:14 +00:00
- [Fibratus ](https://github.com/rabbitstack/fibratus ) - Tool for exploration and tracing of the Windows kernel
2015-04-26 06:25:12 +00:00
- [Foremost ](http://foremost.sourceforge.net/ ) - Extract particular kind of files using headers
2015-04-26 06:18:50 +00:00
- `apt-get install foremost`
2016-09-29 18:11:47 +00:00
- [Fsck.ext4 ](http://linux.die.net/man/8/fsck.ext3 ) - Used to fix corrupt filesystems
2015-04-26 06:15:02 +00:00
- [Malzilla ](http://malzilla.sourceforge.net/ ) - Malware hunting tool
2015-07-18 10:02:00 +00:00
- [NetworkMiner ](http://www.netresec.com/?page=NetworkMiner ) - Network Forensic Analysis Tool
2015-04-26 06:15:02 +00:00
- [PDF Streams Inflater ](http://malzilla.sourceforge.net/downloads.html ) - Find and extract zlib files compressed in PDF files
2015-04-26 06:25:12 +00:00
- [ResourcesExtract ](http://www.nirsoft.net/utils/resources_extract.html ) - Extract various filetypes from exes
2015-04-26 06:18:50 +00:00
- [Shellbags ](https://github.com/williballenthin/shellbags ) - Investigate NT\_USER.dat files
- [UsbForensics ](http://www.forensicswiki.org/wiki/USB_History_Viewing ) - Contains many tools for usb forensics
- [Volatility ](https://github.com/volatilityfoundation/volatility ) - To investigate memory dumps
2016-09-28 20:15:13 +00:00
2015-04-26 06:18:50 +00:00
*Registry Viewers*
- [RegistryViewer ](http://www.gaijin.at/en/getitpage.php?id=regview ) - Used to view windows registries
2015-04-26 08:05:02 +00:00
- [Windows Registry Viewers ](http://www.forensicswiki.org/wiki/Windows_Registry ) - More registry viewers
2015-04-26 05:51:19 +00:00
2016-09-28 20:15:13 +00:00
## Networking
*Tools used for solving Networking challenges*
2017-12-12 05:40:14 +00:00
- [Bro ](https://www.bro.org/ ) - An open-source network security monitor.
2017-12-12 05:36:33 +00:00
- [Masscan ](https://github.com/robertdavidgraham/masscan ) - Mass IP port scanner, TCP port scanner.
2017-12-12 05:40:14 +00:00
- [Monit ](https://linoxide.com/monitoring-2/monit-linux/ ) - A linux tool to check a host on the network (and other non-network activities).
2016-12-21 06:28:06 +00:00
- [Nipe ](https://github.com/GouveaHeitor/nipe ) - Nipe is a script to make Tor Network your default gateway.
2017-12-12 05:40:14 +00:00
- [Nmap ](https://nmap.org/ ) - An open source utility for network discovery and security auditing.
2017-12-12 05:36:33 +00:00
- [Wireshark ](https://www.wireshark.org/ ) - Analyze the network dumps.
2016-09-28 20:15:13 +00:00
- `apt-get install wireshark`
2017-12-12 05:40:14 +00:00
- [Zmap ](https://zmap.io/ ) - An open-source network scanner.
2016-09-28 20:15:13 +00:00
2015-04-26 05:51:19 +00:00
## Reversing
*Tools used for solving Reversing challenges*
2015-04-26 06:11:06 +00:00
- [Androguard ](https://github.com/androguard/androguard ) - Reverse engineer Android applications
2016-09-29 18:11:47 +00:00
- [Angr ](https://github.com/angr/angr ) - platform-agnostic binary analysis framework
2015-04-26 06:11:06 +00:00
- [Apk2Gold ](https://github.com/lxdvs/apk2gold ) - Yet another Android decompiler
- [ApkTool ](http://ibotpeaches.github.io/Apktool/ ) - Android Decompiler
2016-06-07 08:31:28 +00:00
- [Barf ](https://github.com/programa-stic/barf-project ) - Binary Analysis and Reverse engineering Framework
2016-10-31 01:58:10 +00:00
- [Binary Ninja ](https://binary.ninja/ ) - Binary analysis framework
2015-04-30 12:58:43 +00:00
- [BinUtils ](http://www.gnu.org/software/binutils/binutils.html ) - Collection of binary tools
2015-04-26 06:18:50 +00:00
- [BinWalk ](https://github.com/devttys0/binwalk ) - Analyze, reverse engineer, and extract firmware images.
- [Boomerang ](https://github.com/nemerle/boomerang ) - Decompile x86 binaries to C
2017-01-03 07:36:43 +00:00
- [ctf_import ](https://github.com/docileninja/ctf_import ) – run basic functions from stripped binaries cross platform
2019-07-04 06:45:14 +00:00
- [cwe_checker ](https://github.com/fkie-cad/cwe_checker ) - cwe_checker finds vulnerable patterns in binary executables
2019-01-08 15:13:33 +00:00
- [Frida ](https://github.com/frida/ ) - Dynamic Code Injection
2015-10-29 18:36:20 +00:00
- [GDB ](https://www.gnu.org/software/gdb/ ) - The GNU project debugger
2016-10-31 01:58:10 +00:00
- [GEF ](https://github.com/hugsy/gef ) - GDB plugin
2019-04-15 17:50:50 +00:00
- [Ghidra ](https://ghidra-sre.org/ ) - Open Source suite of reverse engineering tools. Similar to IDA Pro.
2016-06-10 17:58:39 +00:00
- [Hopper ](http://www.hopperapp.com/ ) - Reverse engineering tool (disassembler) for OSX and Linux
2015-04-26 06:47:33 +00:00
- [IDA Pro ](https://www.hex-rays.com/products/ida/ ) - Most used Reversing software
2015-04-26 06:18:50 +00:00
- [Jadx ](https://github.com/skylot/jadx ) - Decompile Android files
2016-10-31 02:06:31 +00:00
- [Java Decompilers ](http://www.javadecompilers.com ) - An online decompiler for Java and Android APKs
2015-04-26 06:11:06 +00:00
- [Krakatau ](https://github.com/Storyyeller/Krakatau ) - Java decompiler and disassembler
2019-01-08 15:13:33 +00:00
- [Objection ](https://github.com/sensepost/objection ) - Runtime Mobile Exploration
2016-10-31 01:58:10 +00:00
- [PEDA ](https://github.com/longld/peda ) - GDB plugin (only python2.7)
2017-10-23 03:49:51 +00:00
- [Pin ](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool ) A dynamic binary instrumentaion tool by Intel
2016-12-04 19:39:15 +00:00
- [Plasma ](https://github.com/joelpx/plasma ) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
2017-02-09 00:59:29 +00:00
- [Pwndbg ](https://github.com/pwndbg/pwndbg ) - A GDB plugin that provides a suite of utilities to hack around GDB easily.
2015-10-11 01:51:27 +00:00
- [radare2 ](https://github.com/radare/radare2 ) - A portable reversing framework
2019-01-08 15:13:33 +00:00
- [Triton ](https://github.com/JonathanSalwan/Triton/ ) - Dynamic Binary Analysis (DBA) framework
2015-04-26 07:38:16 +00:00
- [Uncompyle ](https://github.com/gstarnberger/uncompyle ) - Decompile Python 2.7 binaries (.pyc)
2015-10-28 04:53:34 +00:00
- [WinDbg ](http://www.windbg.org/ ) - Windows debugger distributed by Microsoft
2017-09-25 18:40:45 +00:00
- [Xocopy ](http://reverse.lostrealm.com/tools/xocopy.html ) - Program that can copy executables with execute, but no read permission
2016-09-29 18:11:47 +00:00
- [Z3 ](https://github.com/Z3Prover/z3 ) - a theorem prover from Microsoft Research
2015-04-26 06:11:06 +00:00
2018-10-10 22:10:52 +00:00
*JavaScript Deobfuscators*
2015-04-26 06:11:06 +00:00
2015-04-26 06:47:33 +00:00
- [Detox ](http://relentless-coding.org/projects/jsdetox/install ) - A Javascript malware analysis tool
- [Revelo ](http://www.kahusecurity.com/tools/Revelo_v0.6.zip ) - Analyze obfuscated Javascript code
2015-04-26 05:51:19 +00:00
2015-07-18 10:02:00 +00:00
*SWF Analyzers*
2015-07-18 10:03:42 +00:00
- [RABCDAsm ](https://github.com/CyberShadow/RABCDAsm ) - Collection of utilities including an ActionScript 3 assembler/disassembler.
2016-09-29 18:11:47 +00:00
- [Swftools ](http://www.swftools.org/ ) - Collection of utilities to work with SWF files
- [Xxxswf ](https://bitbucket.org/Alexander_Hanel/xxxswf ) - A Python script for analyzing Flash files.
2015-07-18 10:02:00 +00:00
2015-04-26 06:11:06 +00:00
## Services
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
*Various kind of useful services available around the internet*
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
- [CSWSH ](http://ironwasp.org/cswsh.html ) - Cross-Site WebSocket Hijacking Tester
2015-04-26 06:18:50 +00:00
- [Request Bin ](http://requestb.in/ ) - Lets you inspect http requests to a particular url
2015-04-26 05:51:19 +00:00
2016-09-29 18:11:47 +00:00
## Steganography
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
*Tools used for solving Steganography challenges*
2015-04-26 05:51:19 +00:00
2016-06-10 17:58:39 +00:00
- [Convert ](http://www.imagemagick.org/script/convert.php ) - Convert images b/w formats and apply filters
2016-09-29 18:11:47 +00:00
- [Exif ](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html ) - Shows EXIF information in JPEG files
- [Exiftool ](https://linux.die.net/man/1/exiftool ) - Read and write meta information in files
- [Exiv2 ](http://www.exiv2.org/manpage.html ) - Image metadata manipulation tool
2016-06-10 17:58:39 +00:00
- [ImageMagick ](http://www.imagemagick.org/script/index.php ) - Tool for manipulating images
2016-09-29 18:11:47 +00:00
- [Outguess ](https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html ) - Universal steganographic tool
- [Pngtools ](http://www.stillhq.com/pngtools/ ) - For various analysis related to PNGs
2015-04-26 06:11:06 +00:00
- `apt-get install pngtools`
2015-04-26 06:47:33 +00:00
- [SmartDeblur ](https://github.com/Y-Vladimir/SmartDeblur ) - Used to deblur and fix defocused images
- [Steganabara ](https://www.openhub.net/p/steganabara ) - Tool for stegano analysis written in Java
2016-09-29 18:11:47 +00:00
- [Stegbreak ](https://linux.die.net/man/1/stegbreak ) - Launches brute-force dictionary attacks on JPG image
2018-10-01 17:12:23 +00:00
- [StegCracker ](https://github.com/Paradoxis/StegCracker ) - Steganography brute-force utility to uncover hidden data inside files
- [stegextract ](https://github.com/evyatarmeged/stegextract ) - Detect hidden files and text in images
2015-04-26 06:47:33 +00:00
- [Steghide ](http://steghide.sourceforge.net/ ) - Hide data in various kind of images
- [Stegsolve ](http://www.caesum.com/handbook/Stegsolve.jar ) - Apply various steganography techniques to images
2019-01-08 15:13:33 +00:00
- [Zsteg ](https://github.com/zed-0xff/zsteg/ ) - PNG/BMP analysis
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
## Web
2015-04-26 05:51:19 +00:00
2015-04-26 06:11:06 +00:00
*Tools used for solving Web challenges*
2017-12-12 05:46:07 +00:00
- [BurpSuite]() - A graphical tool to testing website security.
2016-11-17 12:30:56 +00:00
- [Commix ](https://github.com/commixproject/commix ) - Automated All-in-One OS Command Injection and Exploitation Tool.
2016-10-31 02:15:41 +00:00
- [Hackbar ](https://addons.mozilla.org/en-US/firefox/addon/hackbar/ ) - Firefox addon for easy web exploitation
2017-02-15 03:52:42 +00:00
- [OWASP ZAP ](https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project ) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
2016-10-31 02:15:41 +00:00
- [Postman ](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en ) - Add on for chrome for debugging network requests
2018-10-01 17:12:23 +00:00
- [Raccoon ](https://github.com/evyatarmeged/Raccoon ) - A high performance offensive security tool for reconnaissance and vulnerability scanning
2015-04-26 06:11:06 +00:00
- [SQLMap ](https://github.com/sqlmapproject/sqlmap ) - Automatic SQL injection and database takeover tooli
2016-09-29 18:11:47 +00:00
- [W3af ](https://github.com/andresriancho/w3af ) - Web Application Attack and Audit Framework.
2015-04-26 06:18:50 +00:00
- [XSSer ](http://xsser.sourceforge.net/ ) - Automated XSS testor
2015-04-26 05:57:15 +00:00
# Resources
2015-04-26 06:05:05 +00:00
*Where to discover about CTF*
2016-09-28 20:48:26 +00:00
## Operating Systems
*Penetration testing and security lab Operating Systems*
2018-10-08 22:31:46 +00:00
- [Android Tamer ](https://androidtamer.com/ ) - Based on Debian
2016-09-29 18:11:47 +00:00
- [BackBox ](https://backbox.org/ ) - Based on Ubuntu
- [BlackArch Linux ](https://blackarch.org/ ) - Based on Arch Linux
- [Fedora Security Lab ](https://labs.fedoraproject.org/security/ ) - Based on Fedora
- [Kali Linux ](https://www.kali.org/ ) - Based on Debian
- [Parrot Security OS ](https://www.parrotsec.org/ ) - Based on Debian
- [Pentoo ](http://www.pentoo.ch/ ) - Based on Gentoo
- [URIX OS ](http://urix.us/ ) - Based on openSUSE
- [Wifislax ](http://www.wifislax.com/ ) - Based on Slackware
2016-09-28 20:48:26 +00:00
*Malware analysts and reverse-engineering*
2019-01-08 15:09:37 +00:00
- [Flare VM ](https://github.com/fireeye/flare-vm/ ) - Based on Windows
2016-09-29 18:11:47 +00:00
- [REMnux ](https://remnux.org/ ) - Based on Debian
2016-09-28 20:48:26 +00:00
2015-09-08 18:20:52 +00:00
## Starter Packs
*Collections of installer scripts, useful tools*
- [CTF Tools ](https://github.com/zardus/ctf-tools ) - Collection of setup scripts to install various security research tools.
2016-10-31 01:58:41 +00:00
- [LazyKali ](https://github.com/jlevitsk/lazykali ) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
2015-09-08 18:20:52 +00:00
2015-04-27 16:25:32 +00:00
## Tutorials
*Tutorials to learn how to play CTFs*
- [CTF Field Guide ](https://trailofbits.github.io/ctf/ ) - Field Guide by Trails of Bits
2015-04-28 22:49:40 +00:00
- [CTF Resources ](http://ctfs.github.io/resources/ ) - Start Guide maintained by community
2016-10-31 02:01:59 +00:00
- [Damn Vulnerable Web Application ](http://www.dvwa.co.uk/ ) PHP/MySQL web application that is damn vulnerable
2015-06-29 07:17:28 +00:00
- [How to Get Started in CTF ](https://www.endgame.com/blog/how-get-started-ctf ) - Short guideline for CTF beginners by Endgame
2015-09-02 13:28:35 +00:00
- [MIPT CTF ](https://github.com/xairy/mipt-ctf ) - A small course for beginners in CTFs (in Russian)
2015-04-27 16:25:32 +00:00
## Wargames
*Always online CTFs*
2015-10-27 00:28:44 +00:00
- [Backdoor ](https://backdoor.sdslabs.co/ ) - Security Platform by SDSLabs.
2019-01-08 15:54:55 +00:00
- [Crackmes ](https://crackmes.one/ ) - Reverse Engineering Challenges
2016-03-30 06:14:16 +00:00
- [Ctfs.me ](http://ctfs.me ) - CTF All the time
2015-10-27 00:28:44 +00:00
- [Exploit Exercises ](https://exploit-exercises.com/ ) - Variety of VMs to learn variety of computer security issues.
2016-06-07 08:31:28 +00:00
- [Gracker ](http://gracker.org ) - Binary challenges having a slow learning curve, and write-ups for each level.
2017-10-12 14:11:12 +00:00
- [Hack The Box ](https://www.hackthebox.eu ) - Weekly CTFs for all types of security enthusiasts.
2015-04-27 16:25:32 +00:00
- [Hack This Site ](https://www.hackthissite.org/ ) - Training ground for hackers.
2018-06-23 23:03:30 +00:00
- [Hacking-Lab ](https://hacking-lab.com/ ) - Ethical hacking, computer network and security challenge platform.
2018-06-11 04:43:57 +00:00
- [Hone Your Ninja Skills ](https://honeyourskills.ninja/ ) - Web challenges starting from basic ones.
2016-06-07 08:31:28 +00:00
- [IO ](http://io.netgarage.org/ ) - Wargame for binary challenges.
2018-07-06 05:27:54 +00:00
- [Microcorruption ](https://microcorruption.com ) - Embedded security CTF
2015-04-27 16:25:32 +00:00
- [Over The Wire ](http://overthewire.org/wargames/ ) - Wargame maintained by OvertheWire Community
2017-03-15 17:33:34 +00:00
- [Pwnable.kr ](http://pwnable.kr/ ) - Pwn Game
2018-10-10 22:07:13 +00:00
- [Pwnable.tw ](https://pwnable.tw/ ) - Binary wargame
2019-01-08 15:54:55 +00:00
- [Pwnable.xyz ](https://pwnable.xyz/ ) - Binary Exploitation Wargame
2018-10-10 22:07:13 +00:00
- [Reversin.kr ](http://reversing.kr/ ) - Reversing challenge
2018-10-11 00:15:06 +00:00
- [Ringzer0Team ](https://ringzer0team.com/ ) - Ringzer0 Team Online CTF
2018-02-09 23:50:49 +00:00
- [Root-Me ](https://www.root-me.org/ ) - Hacking and Information Security learning platform.
2017-10-25 17:31:08 +00:00
- [ROP Wargames ](https://game.rop.sh/ ) - ROP Wargames
2015-10-27 05:50:35 +00:00
- [SmashTheStack ](http://smashthestack.org/ ) - A variety of wargames maintained by the SmashTheStack Community.
2015-07-18 09:52:30 +00:00
- [VulnHub ](https://www.vulnhub.com/ ) - VM-based for practical in digital security, computer application & network administration.
2017-11-14 17:59:37 +00:00
- [W3Challs ](https://w3challs.com ) - A penetration testing training platform, which offers various computer challenges, in various categories.
2016-05-13 12:59:28 +00:00
- [WebHacking ](http://webhacking.kr ) - Hacking challenges for web.
2015-10-27 00:28:44 +00:00
- [WeChall ](https://www.wechall.net/ ) - Always online challenge site.
2017-11-14 17:59:37 +00:00
- [WTHack OnlineCTF ](https://onlinectf.com ) - CTF Practice platform for every level of cyber security enthusiasts.
2015-10-27 05:48:24 +00:00
2018-06-11 04:43:57 +00:00
2017-02-03 21:40:06 +00:00
*Self-hosted CTFs*
- [Juice Shop CTF ](https://github.com/bkimminich/juice-shop-ctf ) - Scripts and tools for hosting a CTF on [OWASP Juice Shop ](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project ) easily.
2015-04-26 05:57:15 +00:00
## Websites
2015-04-26 06:05:05 +00:00
*Various general websites about and on ctf*
- [CTF Time ](https://ctftime.org/ ) - General information on CTF occuring around the worlds
2015-04-27 16:25:32 +00:00
- [Reddit Security CTF ](http://www.reddit.com/r/securityctf ) - Reddit CTF category
## Wikis
*Various Wikis available for learning about CTFs*
2016-03-02 16:11:51 +00:00
- [Bamboofox ](https://bamboofox.torchpad.com/ ) - Chinese resources to learn CTF
2015-04-27 16:25:32 +00:00
- [ISIS Lab ](https://github.com/isislab/Project-Ideas/wiki ) - CTF Wiki by Isis lab
2016-05-12 10:10:28 +00:00
- [OpenToAll ](http://wiki.opentoallctf.com/ ) - Open To All Knowledge Base
2016-05-13 12:59:28 +00:00
2015-04-26 06:05:05 +00:00
## Writeups Collections
2015-04-28 05:07:58 +00:00
*Collections of CTF write-ups*
2015-04-26 06:05:05 +00:00
2015-06-29 07:17:28 +00:00
- [Captf ](http://captf.com/ ) - Dumped CTF challenges and materials by psifertex
2015-04-28 05:07:58 +00:00
- [CTF write-ups (community) ](https://github.com/ctfs/ ) - CTF challenges + write-ups archive maintained by the community
2017-08-30 16:10:09 +00:00
- [CTFTime Scrapper ](https://github.com/abdilahrf/CTFWriteupScrapper ) - Scraps all writeup from ctf time and organize which to read first
2015-04-28 21:09:32 +00:00
- [pwntools writeups ](https://github.com/Gallopsled/pwntools-write-ups ) - A collection of CTF write-ups all using pwntools
2018-10-04 07:38:46 +00:00
- [Shell Storm ](http://shell-storm.org/repo/CTF/ ) - CTF challenge archive maintained by Jonathan Salwan
2015-04-28 05:07:58 +00:00
- [Smoke Leet Everyday ](https://github.com/smokeleeteveryday/CTF_WRITEUPS ) - CTF write-ups repo maintained by SmokeLeetEveryday team.
2015-04-26 05:57:15 +00:00
2015-04-26 06:35:02 +00:00
### LICENSE
2016-07-09 17:41:46 +00:00
CC0 :)