# Awesome CTF [![Build Status](https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master)](https://travis-ci.org/apsdehal/awesome-ctf) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) A curated list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place. ### Contributing Please take a quick look at the [contribution guidelines](https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md) first. #### _If you know a tool that isn't present here, feel free to open a pull request._ ### Why? It takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place. ### Contents - [Awesome CTF](#awesome-ctf) - [Create](#create) - [Forensics](#forensics) - [Platforms](#platforms) - [Steganography](#steganography) - [Web](#web) - [Solve](#solve) - [Attacks](#attacks) - [Bruteforcers](#bruteforcers) - [Cryptography](#crypto) - [Exploits](#exploits) - [Forensics](#forensics-1) - [Networking](#networking) - [Reversing](#reversing) - [Services](#services) - [Steganography](#steganography-1) - [Web](#web-1) - [Resources](#resources) - [Operating Systems](#operating-systems) - [Starter Packs](#starter-packs) - [Tutorials](#tutorials) - [Wargames](#wargames) - [Websites](#websites) - [Wikis](#wikis) - [Writeups Collections](#writeups-collections) # Create *Tools used for creating CTF challenges* - [Kali Linux CTF Blueprints](https://doc.lagout.org/security/Packt.Kali.Linux.CTF.Blueprints.Jul.2014.ISBN.1783985984.pdf) - Online book on building, testing, and customizing your own Capture the Flag challenges. ## Forensics *Tools used for creating Forensics challenges* - [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS. - [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Dump your registry. ## Platforms *Projects that can be used to host a CTF* - [CTFd](https://github.com/isislab/CTFd) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon. - [FBCTF](https://github.com/facebook/fbctf) - Platform to host Capture the Flag competitions from Facebook. - [Haaukins](https://github.com/aau-network-security/haaukins)- A Highly Accessible and Automated Virtualization Platform for Security Education. - [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - CTF scoring platform. - [Mellivora](https://github.com/Nakiami/mellivora) - A CTF engine written in PHP. - [NightShade](https://github.com/UnrealAkama/NightShade) - A simple security CTF framework. - [OpenCTF](https://github.com/easyctf/openctf) - CTF in a box. Minimal setup required. - [PicoCTF](https://github.com/picoCTF/picoCTF) - The platform used to run picoCTF. A great framework to host any CTF. - [PyChallFactory](https://github.com/pdautry/py_chall_factory) - Small framework to create/manage/package jeopardy CTF challenges. - [RootTheBox](https://github.com/moloch--/RootTheBox) - A Game of Hackers (CTF Scoreboard & Game Manager). - [Scorebot](https://github.com/legitbs/scorebot) - Platform for CTFs by Legitbs (Defcon). - [SecGen](https://github.com/cliffe/SecGen) - Security Scenario Generator. Creates randomly vulnerable virtual machines. ## Steganography *Tools used to create stego challenges* Check solve section for steganography. ## Web *Tools used for creating Web challenges* *JavaScript Obfustcators* - [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit) - [Uglify](https://github.com/mishoo/UglifyJS) # Solve *Tools used for solving CTF challenges* ## Attacks *Tools used for performing various kinds of attacks* - [Bettercap](https://github.com/bettercap/bettercap) - Framework to perform MITM (Man in the Middle) attacks. - [Yersinia](https://github.com/tomac/yersinia) - Attack various protocols on layer 2. ## Crypto *Tools used for solving Crypto challenges* - [CyberChef](https://gchq.github.io/CyberChef) - Web app for analysing and decoding data. - [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool. - [Hash Extender](https://github.com/iagox86/hash_extender) - A utility tool for performing hash length extension attacks. - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - A CLI tool to execute padding oracle attacks. - [PkCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - A tool for Breaking PkZip-encryption. - [QuipQuip](https://quipqiup.com) - An online tool for breaking substitution ciphers or vigenere ciphers (without key). - [RSACTFTool](https://github.com/Ganapati/RsaCtfTool) - A tool for recovering RSA private key with various attack. - [RSATool](https://github.com/ius/rsatool) - Generate private key with knowledge of p and q. - [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher. ## Bruteforcers *Tools used for various kind of bruteforcing (passwords etc.)* - [Hashcat](https://hashcat.net/hashcat/) - Password Cracker - [Hydra](https://tools.kali.org/password-attacks/hydra) - A parallelized login cracker which supports numerous protocols to attack - [John The Jumbo](https://github.com/magnumripper/JohnTheRipper) - Community enhanced version of John the Ripper. - [John The Ripper](http://www.openwall.com/john/) - Password Cracker. - [Nozzlr](https://github.com/intrd/nozzlr) - Nozzlr is a bruteforce framework, trully modular and script-friendly. - [Ophcrack](http://ophcrack.sourceforge.net/) - Windows password cracker based on rainbow tables. - [Patator](https://github.com/lanjelot/patator) - Patator is a multi-purpose brute-forcer, with a modular design. ## Exploits *Tools used for solving Exploits challenges* - [DLLInjector](https://github.com/OpenSecurityResearch/dllinjector) - Inject dlls in processes. - [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation. - [Metasploit](http://www.metasploit.com/) - Penetration testing software. - [Cheatsheet](https://www.comparitech.com/net-admin/metasploit-cheat-sheet/) - [one_gadget](https://github.com/david942j/one_gadget) - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call. - `gem install one_gadget` - [Pwntools](https://github.com/Gallopsled/pwntools) - CTF Framework for writing exploits. - [Qira](https://github.com/BinaryAnalysisPlatform/qira) - QEMU Interactive Runtime Analyser. - [ROP Gadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation. - [V0lt](https://github.com/P1kachu/v0lt) - Security CTF Toolkit. ## Forensics *Tools used for solving Forensics challenges* - [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys. - `apt-get install aircrack-ng` - [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever). - `apt-get install audacity` - [Bkhive and Samdump2](http://sourceforge.net/projects/ophcrack/files/samdump2/) - Dump SYSTEM and SAM files. - `apt-get install samdump2 bkhive` - [CFF Explorer](http://www.ntcore.com/exsuite.php) - PE Editor. - [Creddump](https://github.com/moyix/creddump) - Dump windows credentials. - [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rips web accessible (distributed) version control systems. - [Exif Tool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and edit file metadata. - [Extundelete](http://extundelete.sourceforge.net/) - Used for recovering lost data from mountable images. - [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. - [Foremost](http://foremost.sourceforge.net/) - Extract particular kind of files using headers. - `apt-get install foremost` - [Fsck.ext4](http://linux.die.net/man/8/fsck.ext3) - Used to fix corrupt filesystems. - [Malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool. - [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - Network Forensic Analysis Tool. - [PDF Streams Inflater](http://malzilla.sourceforge.net/downloads.html) - Find and extract zlib files compressed in PDF files. - [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form. - `apt-get install pngcheck` - [ResourcesExtract](http://www.nirsoft.net/utils/resources_extract.html) - Extract various filetypes from exes. - [Shellbags](https://github.com/williballenthin/shellbags) - Investigate NT\_USER.dat files. - [Snow](https://sbmlabs.com/notes/snow_whitespace_steganography_tool) - A Whitespace Steganography Tool. - [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux. - [Volatility](https://github.com/volatilityfoundation/volatility) - To investigate memory dumps. - [Wireshark](https://www.wireshark.org) - Used to analyze pcap or pcapng files *Registry Viewers* - [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format. - [Registry Viewer®](https://accessdata.com/product-download/registry-viewer-2-0-0) - Used to view Windows registries. ## Networking *Tools used for solving Networking challenges* - [Masscan](https://github.com/robertdavidgraham/masscan) - Mass IP port scanner, TCP port scanner. - [Monit](https://linoxide.com/monitoring-2/monit-linux/) - A linux tool to check a host on the network (and other non-network activities). - [Nipe](https://github.com/GouveaHeitor/nipe) - Nipe is a script to make Tor Network your default gateway. - [Nmap](https://nmap.org/) - An open source utility for network discovery and security auditing. - [Wireshark](https://www.wireshark.org/) - Analyze the network dumps. - `apt-get install wireshark` - [Zeek](https://www.zeek.org) - An open-source network security monitor. - [Zmap](https://zmap.io/) - An open-source network scanner. ## Reversing *Tools used for solving Reversing challenges* - [Androguard](https://github.com/androguard/androguard) - Reverse engineer Android applications. - [Angr](https://github.com/angr/angr) - platform-agnostic binary analysis framework. - [Apk2Gold](https://github.com/lxdvs/apk2gold) - Yet another Android decompiler. - [ApkTool](http://ibotpeaches.github.io/Apktool/) - Android Decompiler. - [Barf](https://github.com/programa-stic/barf-project) - Binary Analysis and Reverse engineering Framework. - [Binary Ninja](https://binary.ninja/) - Binary analysis framework. - [BinUtils](http://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools. - [BinWalk](https://github.com/devttys0/binwalk) - Analyze, reverse engineer, and extract firmware images. - [Boomerang](https://github.com/BoomerangDecompiler/boomerang) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C. - [ctf_import](https://github.com/docileninja/ctf_import) – run basic functions from stripped binaries cross platform. - [cwe_checker](https://github.com/fkie-cad/cwe_checker) - cwe_checker finds vulnerable patterns in binary executables. - [demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries. - [Frida](https://github.com/frida/) - Dynamic Code Injection. - [GDB](https://www.gnu.org/software/gdb/) - The GNU project debugger. - [GEF](https://github.com/hugsy/gef) - GDB plugin. - [Ghidra](https://ghidra-sre.org/) - Open Source suite of reverse engineering tools. Similar to IDA Pro. - [Hopper](http://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux. - [IDA Pro](https://www.hex-rays.com/products/ida/) - Most used Reversing software. - [Jadx](https://github.com/skylot/jadx) - Decompile Android files. - [Java Decompilers](http://www.javadecompilers.com) - An online decompiler for Java and Android APKs. - [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler and disassembler. - [Objection](https://github.com/sensepost/objection) - Runtime Mobile Exploration. - [PEDA](https://github.com/longld/peda) - GDB plugin (only python2.7). - [Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) - A dynamic binary instrumentaion tool by Intel. - [PINCE](https://github.com/korcankaraokcu/PINCE) - GDB front-end/reverse engineering tool, focused on game-hacking and automation. - [PinCTF](https://github.com/ChrisTheCoolHut/PinCTF) - A tool which uses intel pin for Side Channel Analysis. - [Plasma](https://github.com/joelpx/plasma) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax. - [Pwndbg](https://github.com/pwndbg/pwndbg) - A GDB plugin that provides a suite of utilities to hack around GDB easily. - [radare2](https://github.com/radare/radare2) - A portable reversing framework. - [Triton](https://github.com/JonathanSalwan/Triton/) - Dynamic Binary Analysis (DBA) framework. - [Uncompyle](https://github.com/gstarnberger/uncompyle) - Decompile Python 2.7 binaries (.pyc). - [WinDbg](http://www.windbg.org/) - Windows debugger distributed by Microsoft. - [Xocopy](http://reverse.lostrealm.com/tools/xocopy.html) - Program that can copy executables with execute, but no read permission. - [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research. *JavaScript Deobfuscators* - [Detox](http://relentless-coding.org/projects/jsdetox/install) - A Javascript malware analysis tool. - [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code. *SWF Analyzers* - [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - Collection of utilities including an ActionScript 3 assembler/disassembler. - [Swftools](http://www.swftools.org/) - Collection of utilities to work with SWF files. - [Xxxswf](https://bitbucket.org/Alexander_Hanel/xxxswf) - A Python script for analyzing Flash files. ## Services *Various kind of useful services available around the internet* - [CSWSH](http://cow.cat/cswsh.html) - Cross-Site WebSocket Hijacking Tester. - [Request Bin](https://requestbin.com/) - Lets you inspect http requests to a particular url. ## Steganography *Tools used for solving Steganography challenges* - [AperiSolve](https://aperisolve.fr/) - Aperi'Solve is a platform which performs layer analysis on image (open-source). - [Convert](http://www.imagemagick.org/script/convert.php) - Convert images b/w formats and apply filters. - [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files. - [Exiftool](https://linux.die.net/man/1/exiftool) - Read and write meta information in files. - [Exiv2](http://www.exiv2.org/manpage.html) - Image metadata manipulation tool. - [Image Steganography](https://sourceforge.net/projects/image-steg/) - Embeds text and files in images with optional encryption. Easy-to-use UI. - [Image Steganography Online](https://incoherency.co.uk/image-steganography) - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images - [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images. - [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html) - Universal steganographic tool. - [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs. - `apt-get install pngtools` - [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Used to deblur and fix defocused images. - [Steganabara](https://www.openhub.net/p/steganabara) - Tool for stegano analysis written in Java. - [SteganographyOnline](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder. - [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image. - [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files. - [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images. - [Steghide](http://steghide.sourceforge.net/) - Hide data in various kind of images. - [Stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) - Apply various steganography techniques to images. - [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis. ## Web *Tools used for solving Web challenges* - [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security. - [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection and Exploitation Tool. - [Hackbar](https://addons.mozilla.org/en-US/firefox/addon/hackbartool/) - Firefox addon for easy web exploitation. - [OWASP ZAP](https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses - [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Add on for chrome for debugging network requests. - [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning. - [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool. ```pip install sqlmap``` - [W3af](https://github.com/andresriancho/w3af) - Web Application Attack and Audit Framework. - [XSSer](http://xsser.sourceforge.net/) - Automated XSS testor. # Resources *Where to discover about CTF* ## Operating Systems *Penetration testing and security lab Operating Systems* - [Android Tamer](https://androidtamer.com/) - Based on Debian. - [BackBox](https://backbox.org/) - Based on Ubuntu. - [BlackArch Linux](https://blackarch.org/) - Based on Arch Linux. - [Fedora Security Lab](https://labs.fedoraproject.org/security/) - Based on Fedora. - [Kali Linux](https://www.kali.org/) - Based on Debian. - [Parrot Security OS](https://www.parrotsec.org/) - Based on Debian. - [Pentoo](http://www.pentoo.ch/) - Based on Gentoo. - [URIX OS](http://urix.us/) - Based on openSUSE. - [Wifislax](http://www.wifislax.com/) - Based on Slackware. *Malware analysts and reverse-engineering* - [Flare VM](https://github.com/fireeye/flare-vm/) - Based on Windows. - [REMnux](https://remnux.org/) - Based on Debian. ## Starter Packs *Collections of installer scripts, useful tools* - [CTF Tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools. - [LazyKali](https://github.com/jlevitsk/lazykali) - A 2016 refresh of LazyKali which simplifies install of tools and configuration. ## Tutorials *Tutorials to learn how to play CTFs* - [CTF Field Guide](https://trailofbits.github.io/ctf/) - Field Guide by Trails of Bits. - [CTF Resources](http://ctfs.github.io/resources/) - Start Guide maintained by community. - [Damn Vulnerable Web Application](http://www.dvwa.co.uk/) PHP/MySQL web application that is damn vulnerable. - [How to Get Started in CTF](https://www.endgame.com/blog/how-get-started-ctf) - Short guideline for CTF beginners by Endgame - [LiveOverFlow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Video tutorials on Exploitation. - [MIPT CTF](https://github.com/xairy/mipt-ctf) - A small course for beginners in CTFs (in Russian). ## Wargames *Always online CTFs* - [Backdoor](https://backdoor.sdslabs.co/) - Security Platform by SDSLabs. - [Crackmes](https://crackmes.one/) - Reverse Engineering Challenges. - [Exploit Exercises](https://exploit-exercises.lains.space/) - Variety of VMs to learn variety of computer security issues. - [Exploit.Education](http://exploit.education) - Variety of VMs to learn variety of computer security issues. - [Gracker](https://github.com/Samuirai/gracker) - Binary challenges having a slow learning curve, and write-ups for each level. - [Hack The Box](https://www.hackthebox.eu) - Weekly CTFs for all types of security enthusiasts. - [Hack This Site](https://www.hackthissite.org/) - Training ground for hackers. - [Hacking-Lab](https://hacking-lab.com/) - Ethical hacking, computer network and security challenge platform. - [Hone Your Ninja Skills](https://honeyourskills.ninja/) - Web challenges starting from basic ones. - [IO](http://io.netgarage.org/) - Wargame for binary challenges. - [Microcorruption](https://microcorruption.com) - Embedded security CTF. - [Over The Wire](http://overthewire.org/wargames/) - Wargame maintained by OvertheWire Community. - [PentesterLab](https://pentesterlab.com/) - Variety of VM and online challenges (paid). - [PicoCTF](https://2019game.picoctf.com) - All year round ctf game. Questions from the yearly picoCTF competition. - [PWN Challenge](http://pwn.eonew.cn/) - Binary Exploitation Wargame. - [Pwnable.kr](http://pwnable.kr/) - Pwn Game. - [Pwnable.tw](https://pwnable.tw/) - Binary wargame. - [Pwnable.xyz](https://pwnable.xyz/) - Binary Exploitation Wargame. - [Reversin.kr](http://reversing.kr/) - Reversing challenge. - [Ringzer0Team](https://ringzer0team.com/) - Ringzer0 Team Online CTF. - [Root-Me](https://www.root-me.org/) - Hacking and Information Security learning platform. - [ROP Wargames](https://github.com/xelenonz/game) - ROP Wargames. - [SANS HHC](https://holidayhackchallenge.com/past-challenges/) - Challenges with a holiday theme released annually and maintained by SANS. - [SmashTheStack](http://smashthestack.org/) - A variety of wargames maintained by the SmashTheStack Community. - [Viblo CTF](https://ctf.viblo.asia) - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode. - [VulnHub](https://www.vulnhub.com/) - VM-based for practical in digital security, computer application & network administration. - [W3Challs](https://w3challs.com) - A penetration testing training platform, which offers various computer challenges, in various categories. - [WebHacking](http://webhacking.kr) - Hacking challenges for web. *Self-hosted CTFs* - [Juice Shop CTF](https://github.com/bkimminich/juice-shop-ctf) - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily. ## Websites *Various general websites about and on CTF* - [CTF Time](https://ctftime.org/) - General information on CTF occuring around the worlds. - [Reddit Security CTF](http://www.reddit.com/r/securityctf) - Reddit CTF category. ## Wikis *Various Wikis available for learning about CTFs* - [Bamboofox](https://bamboofox.github.io/) - Chinese resources to learn CTF. - [bi0s Wiki](https://teambi0s.gitlab.io/bi0s-wiki/) - Wiki from team bi0s. - [CTF Cheatsheet](https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/) - CTF tips and tricks. - [ISIS Lab](https://github.com/isislab/Project-Ideas/wiki) - CTF Wiki by Isis lab. - [OpenToAll](https://github.com/OpenToAllCTF/Tips) - CTF tips by OTA CTF team members. ## Writeups Collections *Collections of CTF write-ups* - [0e85dc6eaf](https://github.com/0e85dc6eaf/CTF-Writeups) - Write-ups for CTF challenges by 0e85dc6eaf - [Captf](http://captf.com/) - Dumped CTF challenges and materials by psifertex. - [CTF write-ups (community)](https://github.com/ctfs/) - CTF challenges + write-ups archive maintained by the community. - [CTFTime Scrapper](https://github.com/abdilahrf/CTFWriteupScrapper) - Scraps all writeup from CTF Time and organize which to read first. - [HackThisSite](https://github.com/HackThisSite/CTF-Writeups) - CTF write-ups repo maintained by HackThisSite team. - [Mzfr](https://github.com/mzfr/ctf-writeups/) - CTF competition write-ups by mzfr - [pwntools writeups](https://github.com/Gallopsled/pwntools-write-ups) - A collection of CTF write-ups all using pwntools. - [SababaSec](https://github.com/SababaSec/ctf-writeups) - A collection of CTF write-ups by the SababaSec team - [Shell Storm](http://shell-storm.org/repo/CTF/) - CTF challenge archive maintained by Jonathan Salwan. - [Smoke Leet Everyday](https://github.com/smokeleeteveryday/CTF_WRITEUPS) - CTF write-ups repo maintained by SmokeLeetEveryday team. ### LICENSE CC0 :)