steganabara | ||
stegsolve | ||
xortool | ||
README.md |
#CTF Tools
Since I lost my laptop a month back, with that I lost all the collection of my important CTF solving softwares and tools. It takes time to build up the collection. So I am adding them all here, just in case.
If you know a tool that isn't present here, feel free to open a pull request.
In case of tools/repos with huge code, I will add tool title and description to readme only.
Requirements
- java
- python
List
-
Stegano
- Stegsolve
- Steganabara
- Steghide
- pngtools - For various analysis related to PNGs
apt-get install pngtools
- SmartDeblur Used to deblur and fix defocused images
-
Crypto
- XORTool
- RSATool - Generate private key with knowledge of p and q
-
Forensics
- Volatility - To investigate memory dumps
- Shellbags - Investigate NT_USER.dat files
- Foremost - Extract particular kind of files using headers
- `apt-get install foremost
- Wireshark - Analyze the network dumps
apt-get install wireshark
- Audacity - Analyze sound files (mp3, m4a, whatever)
apt-get install audacity
- extundelete - Used for recovering lost data from mountable images
- fsck.ext4 - Used to fix corrupt filesystems
- RegistryViewer - Used to view windows registries
- bkhive and samdump2 - Dump SYSTEM and SAM files
- creddump - Dump windows credentials
- UsbForensics - Contains many tools for usb forensics
- [ResourcesExtract] - Extract various filetypes from exes
-
Bruteforcers
- John The Ripper
- John The Jumbo
- Ophcrack
-
Reversing
-
Krakatau - Java decompiler and disassembler
-
IDA Pro - Ultimate solution to reversing needs
-
Uncompyle - Decompile Python 2.7 binaries (.pyc)
-
JavaScript Deobfustcators
-
BinWalk - Analyze, reverse engineer, and extract firmware images.
-
Jadx - Decompile Android files
-
ApkTool - Android Decompiler
-
apk2Gold - Yet another Android decompiler
-
Boomerang - Decompile x86 binaries to C
-
-
Web
-
Exploits
- Metasploit - Most used penetration testing software
- pwntools - CTF Framework for writing exploits
-
Attacks
- Layer 2 attacks - Attack various protocols on layer 2
Services
- Request Bin - Lets you inspect http requests to a particular url
- CSWSH - Cross-Site WebSocket Hijacking Tester
Tools used for creation
-
JavaScript Obfustcators
- Metasploit JavaScript Obfustcator
- Uglify
-
Registry Dumper - Dump your registry