awesome-ctf/README.md

CTF Tools

A curated list of awesome CTF frameworks, libraries and software.

Contributing

Please take a quick gander at the contribution guidelines first.

If you know a tool that isn't present here, feel free to open a pull request.

Contents

• CTF Tools

  • Create

    • Web
    • Forensics

  • Solve

    • Attacks
    • Bruteforcers
    • Creation Tools
    • Cryptography
    • Exploits
    • Forensics
    • Miscellaneous
    • Reversing
    • Services
    • Steganography
    • Web

Create

Tools used for creating CTF challenges

Forensics

Tools used for creating Forensics challenges

• Registry Dumper - Dump your registry

Web

Tools used for creating Web challenges

JavaScript Obfustcators

• Metasploit JavaScript Obfustcator
• Uglify

Solve

Tools used for solving CTF challenges

Stegano

Tools used for solving Steganography challenges

• Stegsolve
• Steganabara
• Steghide
• pngtools - For various analysis related to PNGs
  • apt-get install pngtools
• SmartDeblur Used to deblur and fix defocused images

Crypto

Tools used for solving Crypto challenges

• XORTool
• RSATool - Generate private key with knowledge of p and q

Forensics

Tools used for solving Forensics challenges

• Volatility - To investigate memory dumps
• Shellbags - Investigate NT_USER.dat files
• Foremost - Extract particular kind of files using headers
  • apt-get install foremost
• Wireshark - Analyze the network dumps
  • apt-get install wireshark
• Audacity - Analyze sound files (mp3, m4a, whatever)
  • apt-get install audacity
• extundelete - Used for recovering lost data from mountable images
• fsck.ext4 - Used to fix corrupt filesystems
• RegistryViewer - Used to view windows registries
  • More registry viewers
• bkhive and samdump2 - Dump SYSTEM and SAM files
• creddump - Dump windows credentials
• UsbForensics - Contains many tools for usb forensics
• [ResourcesExtract] - Extract various filetypes from exes
• CFF Explorer - PE Editor

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

• John The Ripper
• John The Jumbo
• Ophcrack

Reversing

Tools used for solving Reversing challenges

• Krakatau - Java decompiler and disassembler

• IDA Pro - Ultimate solution to reversing needs

• Uncompyle - Decompile Python 2.7 binaries (.pyc)

• JavaScript Deobfustcators

• Detox

• Malzilla

• Revelo

• Further you can put a breakpoint before return statement in debuggers to find the final code to be executed

• BinWalk - Analyze, reverse engineer, and extract firmware images.

• Jadx - Decompile Android files

• ApkTool - Android Decompiler

• apk2Gold - Yet another Android decompiler

• Boomerang - Decompile x86 binaries to C

Web

Tools used for solving Web challenges

• XSSer - Automated XSS testor
• SQLMap - Automatic SQL injection and database takeover tooli

Exploits

Tools used for solving Exploits challenges

• Metasploit - Most used penetration testing software
• pwntools - CTF Framework for writing exploits

Attacks

Tools used for performing various kinds of attacks

• Layer 2 attacks - Attack various protocols on layer 2

Services

Various kind of useful services available around the internet

• Request Bin - Lets you inspect http requests to a particular url
• CSWSH - Cross-Site WebSocket Hijacking Tester