awesome-ctf/README.md
2015-07-13 17:01:40 -04:00

9 KiB

Awesome CTF Build Status

A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.

Contributing

Please take a quick look at the contribution guidelines first.

If you know a tool that isn't present here, feel free to open a pull request.

Why?

It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.

Contents

Create

Tools used for creating CTF challenges

Forensics

Tools used for creating Forensics challenges

Web

Tools used for creating Web challenges

JavaScript Obfustcators

Solve

Tools used for solving CTF challenges

Attacks

Tools used for performing various kinds of attacks

Crypto

Tools used for solving Crypto challenges

  • RSATool - Generate private key with knowledge of p and q
  • XORTool - A tool to analyze multi-byte xor cipher

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

Exploits

Tools used for solving Exploits challenges

  • binjitsu - CTF framework and exploit development library
  • Metasploit - Penetration testing software
  • pwntools - CTF Framework for writing exploits

Forensics

Tools used for solving Forensics challenges

Registry Viewers

Reversing

Tools used for solving Reversing challenges

  • Androguard - Reverse engineer Android applications
  • Apk2Gold - Yet another Android decompiler
  • ApkTool - Android Decompiler
  • BinUtils - Collection of binary tools
  • BinWalk - Analyze, reverse engineer, and extract firmware images.
  • Boomerang - Decompile x86 binaries to C
  • IDA Pro - Most used Reversing software
  • Jadx - Decompile Android files
  • Krakatau - Java decompiler and disassembler
  • Uncompyle - Decompile Python 2.7 binaries (.pyc)

JavaScript Deobfustcators

  • Detox - A Javascript malware analysis tool
  • Revelo - Analyze obfuscated Javascript code

Services

Various kind of useful services available around the internet

  • CSWSH - Cross-Site WebSocket Hijacking Tester
  • Request Bin - Lets you inspect http requests to a particular url

Stegano

Tools used for solving Steganography challenges

  • pngtools - For various analysis related to PNGs
    • apt-get install pngtools
  • SmartDeblur - Used to deblur and fix defocused images
  • Steganabara - Tool for stegano analysis written in Java
  • Steghide - Hide data in various kind of images
  • Stegsolve - Apply various steganography techniques to images

Web

Tools used for solving Web challenges

  • SQLMap - Automatic SQL injection and database takeover tooli
  • w3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor

Resources

Where to discover about CTF

Tutorials

Tutorials to learn how to play CTFs

Wargames

Always online CTFs

  • Backdoor - Security Platform by SDSLabs
  • Exploit Exercises - Variety of VMs to learn variety of computer security issues
  • Hack This Site - Training ground for hackers.
  • Over The Wire - Wargame maintained by OvertheWire Community
  • VulnHub - VM-based for practical in digital security, computer application & network administration.
  • WeChall - Always online challenge site

Websites

Various general websites about and on ctf

Wikis

Various Wikis available for learning about CTFs

Writeups Collections

Collections of CTF write-ups

LICENSE

MIT :)