2015-05-07 20:29:51 +00:00
# ctf-tools
2015-11-30 21:09:44 +00:00
[![Build Status ](https://travis-ci.org/zardus/ctf-tools.svg?branch=master )](https://travis-ci.org/zardus/ctf-tools)
2015-12-18 04:20:22 +00:00
[![IRC ](https://img.shields.io/badge/freenode-%23ctf--tools-green.svg )](http://webchat.freenode.net/?channels=#ctf-tools)
2015-05-07 11:02:00 +00:00
This is a collection of setup scripts to create an install of various security research tools.
2015-05-07 20:25:48 +00:00
Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth.
Installers for the following tools are included:
| Category | Tool | Description |
|----------|------|-------------|
2015-11-04 07:14:43 +00:00
| binary | [afl ](http://lcamtuf.coredump.cx/afl/ ) | State-of-the-art fuzzer. | <!--tool--> <!--test-->
2015-11-04 07:32:10 +00:00
| binary | [angr ](http://angr.io ) | Next-generation binary analysis engine from Shellphish. | <!--tool--> <!--no-test-->
2015-11-04 07:47:00 +00:00
| binary | [barf ](https://github.com/programa-stic/barf-project ) | Binary Analysis and Reverse-engineering Framework. | <!--tool--><!--times-out-->
2015-11-04 07:14:43 +00:00
| binary | [bindead ](https://bitbucket.org/mihaila/bindead/wiki/Home ) | A static analysis tool for binaries. | <!--tool--><!--failing-->
| binary | [checksec ](https://github.com/slimm609/checksec.sh ) | Check binary hardening settings. | <!--tool--><!--test-->
2015-11-04 08:14:31 +00:00
| binary | [codereason ](https://github.com/trailofbits/codereason ) | Semantic Binary Code Analysis Framework. | <!--tool--><!--failing-->
2015-11-04 07:23:58 +00:00
| binary | [crosstool-ng ](http://crosstool-ng.org/ ) | Cross-compilers and cross-architecture tools. | <!--tool--><!--no-test-->
2016-02-04 09:16:52 +00:00
| binary | [cross2 ](http://kozos.jp/books/asm/asm.html ) | A set of cross-compilation tools from a Japanese book on C. | <!--tool--><!--no-test-->
2015-11-04 09:28:27 +00:00
| binary | [elfkickers ](http://www.muppetlabs.com/~breadbox/software/elfkickers.html ) | A set of utilities for working with ELF files. | <!--tool--><!--test-->
2015-12-17 23:19:17 +00:00
| binary | [elfparser ](http://www.elfparser.com/ ) | Quickly determine the capabilities of an ELF binary through static analysis. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [evilize ](http://www.mathstat.dal.ca/~selinger/md5collision/ ) | Tool to create MD5 colliding binaries | <!--tool--><!--test-->
2015-11-04 08:55:54 +00:00
| binary | [gdb ](http://www.gnu.org/software/gdb/ ) | Up-to-date gdb with python2 bindings. | <!--tool--><!--failing-->
2016-04-04 22:15:46 +00:00
| binary | [hongfuzz ](https://github.com/google/honggfuzz ) | A general-purpose, easy-to-use fuzzer with interesting analysis options. | <!--tool--><!--test-->
2015-12-19 00:35:52 +00:00
| binary | [panda ](https://github.com/moyix/panda ) | Platform for Architecture-Neutral Dynamic Analysis. | <!--tool--><!--no-test-->
2015-12-08 22:08:07 +00:00
| binary | [pathgrind ](https://github.com/codelion/pathgrind ) | Path-based, symbolically-assisted fuzzer. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [peda ](https://github.com/longld/peda ) | Enhanced environment for gdb. | <!--tool--><!--test-->
2015-11-04 07:23:58 +00:00
| binary | [preeny ](https://github.com/zardus/preeny ) | A collection of helpful preloads (compiled for many architectures!). | <!--tool--><!--no-test-->
2016-03-11 02:13:12 +00:00
| binary | [pwntools ](https://github.com/Gallopsled/pwntools ) | Useful CTF utilities. | <!--tool--><!--no-test-->
2015-11-04 07:14:43 +00:00
| binary | [python-pin ](https://github.com/blankwall/Python_Pin ) | Python bindings for pin. | <!--tool--><!--test-->
2015-12-08 22:08:07 +00:00
| binary | [qemu ](http://qemu.org ) | Latest version of qemu! | <!--tool--><!--times-out-->
| binary | [qira ](http://qira.me ) | Parallel, timeless debugger. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [radare2 ](http://www.radare.org/ ) | Some crazy thing crowell likes. | <!--tool--><!--test-->
2016-04-04 22:03:44 +00:00
| binary | [ropper ](https://github.com/sashs/Ropper ) | Another gadget finder. | <!--tool--><!--test-->
2015-12-08 22:08:07 +00:00
| binary | [rp++ ](https://github.com/0vercl0k/rp ) | Another gadget finder. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [shellnoob ](https://github.com/reyammer/shellnoob ) | Shellcode writing helper. | <!--tool--><!--test-->
2016-02-11 18:22:43 +00:00
| binary | [shellsploit ](https://github.com/b3mb4m/shellsploit-framework ) | Shellcode development kit. | <!--tool--><!--test-->
2015-12-08 22:09:19 +00:00
| binary | [snowman ](https://github.com/yegord/snowman ) | Cross-architecture decompiler. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [taintgrind ](https://github.com/wmkhoo/taintgrind ) | A valgrind taint analysis tool. | <!--tool--><!--test-->
2015-12-08 22:08:07 +00:00
| binary | [villoc ](https://github.com/wapiflapi/villoc ) | Visualization of heap operations. | <!--tool--><!--test-->
| binary | [virtualsocket ](https://github.com/antoniobianchi333/virtualsocket ) | A nice library to interact with binaries. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| binary | [xrop ](https://github.com/acama/xrop ) | Gadget finder. | <!--tool--><!--failing-->
| forensics | [binwalk ](https://github.com/devttys0/binwalk.git ) | Firmware (and arbitrary file) analysis tool. | <!--tool--><!--test-->
| forensics | [dislocker ](http://www.hsc.fr/ressources/outils/dislocker/ ) | Tool for reading Bitlocker encrypted partitions. | <!--tool--><!--test-->
| forensics | [exetractor ](https://github.com/kholia/exetractor-clone ) | Unpacker for packed Python executables. Supports PyInstaller and py2exe. | <!--tool--><!--test-->
| forensics | [firmware-mod-kit ](https://code.google.com/p/firmware-mod-kit/ ) | Tools for firmware packing/unpacking. | <!--tool--><!--test-->
| forensics | [pdf-parser ](http://blog.didierstevens.com/programs/pdf-tools/ ) | Tool for digging in PDF files | <!--tool--><!--test-->
2016-04-04 22:10:49 +00:00
| forensics | [peepdf ](https://github.com/jesparza/peepdf ) | Powerful Python tool to analyze PDF documents. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| forensics | [scrdec ](https://gist.github.com/bcse/1834878 ) | A decoder for encoded Windows Scripts. | <!--tool--><!--test-->
2015-12-10 00:57:07 +00:00
| forensics | [testdisk ](http://www.cgsecurity.org/wiki/TestDisk ) | Testdisk and photorec for file recovery. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| crypto | [cribdrag ](https://github.com/SpiderLabs/cribdrag ) | Interactive crib dragging tool (for crypto). | <!--tool--><!--test-->
| crypto | [foresight ](https://github.com/ALSchwalm/foresight ) | A tool for predicting the output of random number generators. To run, launch "foresee". | <!--tool--><!--test-->
2016-04-04 23:23:39 +00:00
| crypto | [hashkill ](https://github.com/gat3way/hashkill ) | Hash cracker. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| crypto | [hashpump ](https://github.com/bwall/HashPump ) | A tool for performing hash length extension attaacks. | <!--tool--><!--test-->
| crypto | [hashpump-partialhash ](https://github.com/mheistermann/HashPump-partialhash ) | Hashpump, supporting partially-unknown hashes. | <!--tool--><!--test-->
| crypto | [hash-identifier ](https://code.google.com/p/hash-identifier/source/checkout ) | Simple hash algorithm identifier. | <!--tool--><!--test-->
| crypto | [littleblackbox ](https://github.com/devttys0/littleblackbox ) | Database of private SSL/SSH keys for embedded devices. | <!--tool--><!--test-->
2015-11-04 09:45:02 +00:00
| crypto | [msieve ](http://sourceforge.net/projects/msieve/ ) | Msieve is a C library implementing a suite of algorithms to factor large integers. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| crypto | [pemcrack ](https://github.com/robertdavidgraham/pemcrack ) | SSL PEM file cracker. | <!--tool--><!--test-->
2015-12-05 23:05:39 +00:00
| crypto | [pkcrack ](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html ) | PkZip encryption cracker. | <!--tool--><!--test-->
2015-12-10 00:57:07 +00:00
| crypto | [python-paddingoracle ](https://github.com/mwielgoszewski/python-paddingoracle ) | Padding oracle attack automation. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| crypto | [reveng ](http://reveng.sourceforge.net/ ) | CRC finder. | <!--tool--><!--test-->
| crypto | [ssh_decoder ](https://github.com/jjyg/ssh_decoder ) | A tool for decoding ssh traffic. You will need `ruby1.8` from `https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng` to run this. Run with `ssh_decoder --help` for help, as running it with no arguments causes it to crash. | <!--tool--><!--test-->
| crypto | [sslsplit ](https://github.com/droe/sslsplit ) | SSL/TLS MITM. | <!--tool--><!--test-->
| crypto | [xortool ](https://github.com/hellman/xortool ) | XOR analysis tool. | <!--tool--><!--test-->
| crypto | [yafu ](http://sourceforge.net/projects/yafu/ ) | Automated integer factorization. | <!--tool--><!--test-->
2015-11-04 07:59:39 +00:00
| web | [burpsuite ](http://portswigger.net/burp ) | Web proxy to do naughty web stuff. | <!--tool--><!--failing-->
2015-11-04 07:14:43 +00:00
| web | [commix ](https://github.com/stasinopoulos/commix ) | Command injection and exploitation tool. | <!--tool--><!--test-->
2016-04-04 23:16:54 +00:00
| web | [dirb ](http://dirb.sourceforge.net/ ) | Web path scanner. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| web | [dirs3arch ](https://github.com/maurosoria/dirs3arch ) | Web path scanner. | <!--tool--><!--test-->
| web | [sqlmap ](http://sqlmap.org/ ) | SQL injection automation engine. | <!--tool--><!--test-->
| web | [subbrute ](https://github.com/TheRook/subbrute ) | A DNS meta-query spider that enumerates DNS records, and subdomains. | <!--tool--><!--test-->
| stego | [sound-visualizer ](http://www.sonicvisualiser.org/ ) | Audio file visualization. | <!--tool--><!--failing-->
2016-01-23 05:08:27 +00:00
| stego | [steganabara ](http://www.caesum.com/handbook/stego.htm ) | Another image steganography solver. | <!--tool--><!--test-->
2015-12-10 00:57:07 +00:00
| stego | [stegdetect ](http://www.outguess.org/ ) | Steganography detection/breaking tool. | <!--tool--><!--test-->
2015-11-04 07:14:43 +00:00
| stego | [stegsolve ](http://www.caesum.com/handbook/stego.htm ) | Image steganography solver. | <!--tool--><!--test-->
2015-11-04 07:41:25 +00:00
| android | [apktool ](https://ibotpeaches.github.io/Apktool/ ) | Dissect, dis-assemble, and re-pack Android APKs | <!--tool--><!--test-->
2016-04-04 20:17:47 +00:00
| android | [android-sdk ](http://developer.android.com/sdk ) | The android SDK (adb, emulator, etc). | <!--tool--><!--no-test-->
2015-05-11 10:02:14 +00:00
2015-05-14 19:59:11 +00:00
There are also some installers for non-CTF stuff to break the monotony!
| Category | Tool | Description |
|----------|------|-------------|
2015-10-25 14:11:28 +00:00
| game | [Dwarf Fortress ](http://www.bay12games.com/dwarves/ ) | Something to help you relax after a CTF! | <!--tool-->
2016-07-02 10:34:54 +00:00
| tor-browser | [tor-browser ](https://www.torproject.org/projects/torbrowser.html.en ) | Useful when you need to hit a web challenge from different IPs. | <!--tool--><!--test-->
2015-05-14 19:59:11 +00:00
2015-05-11 10:02:14 +00:00
## Usage
To use, do:
```bash
# set up the path
2015-05-14 19:50:51 +00:00
/path/to/ctf-tools/bin/manage-tools setup
2015-05-11 10:02:14 +00:00
source ~/.bashrc
# list the available tools
manage-tools list
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
2015-10-25 14:11:28 +00:00
# search for a tool
manage-tools search preload
2015-05-11 10:02:14 +00:00
```
Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to `git clean` (**NOTE**, this is **NOT** careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall).
2015-11-04 07:51:25 +00:00
To support python dependencies, however, make sure to create a virtualenv before installing and using tools (i.e., `mkvirtualenv --system-site-packages ctf` . The `--system-site-packages` is there for easier reuse of apt-gotten python packages where necessary).
2015-05-11 10:02:14 +00:00
2015-12-18 04:09:10 +00:00
## Help!
Something not working?
2015-12-18 04:20:22 +00:00
I didn't write (almost) any of these tools, but hit up [#ctf-tools on freenode ](http://webchat.freenode.net/?channels=#ctf-tools ) if you're desperate.
2015-12-18 04:09:10 +00:00
Maybe some kind soul will help!
2016-04-04 22:57:30 +00:00
## Docker (version 1.7+)
2015-11-04 02:27:49 +00:00
By popular demand, a Dockerfile has been included.
You can build a docker image with:
```bash
git clone https://github.com/zardus/ctf-tools
2015-11-04 02:33:45 +00:00
docker build -t ctf-tools .
2015-11-04 02:27:49 +00:00
```
And run it with:
```bash
docker run -it ctf-tools
```
2015-11-04 02:33:45 +00:00
The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).
2015-12-18 08:15:06 +00:00
## Vagrant
You can build a Vagrant VM with:
```bash
wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant up
```
And connect to it via:
```bash
vagrant ssh
```
2015-11-04 02:27:49 +00:00
2015-05-08 01:01:30 +00:00
## Adding Tools
To add a tool (say, named *toolname* ), do the following:
1. Create a `toolname` directory.
2. Create an `install` script.
2016-01-23 05:34:31 +00:00
3. (optional) if special uninstall steps are required, create an `uninstall` script.
2015-05-08 01:01:30 +00:00
### Install Scripts
The install script will be run with `$PWD` being `toolname` . It should install the tool into this directory, in as contained a manner as possible.
Ideally, full uninstallation should be possible with a `git clean` .
The install script should create a `bin` directory and put its executables there.
These executables will be automatically linked into the main `bin` directory for the repo.
They could be launched from any directory, so don't make assumptions about the location of `$0` !
2015-07-18 01:31:54 +00:00
2015-10-14 00:04:53 +00:00
## License
The individual tools are all licensed under their own licenses.
As for ctf-tools itself, it is "starware".
If you find it useful, star it on github (https://github.com/zardus/ctf-tools).
Good luck!
2015-07-18 01:31:54 +00:00
# See Also
There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/awesome-ctf.
2015-11-30 20:15:52 +00:00
2015-12-14 17:28:39 +00:00
There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.
2015-12-18 07:34:47 +00:00
## Tools in the official Debian/Ubuntu repos
These tools are present in the Debian or Ubuntu repos (in an adequately new version).
They're not included in ctf-tools, but are included here as notes for the author.
| Category | Package | Description | Package |
|----------|---------|-------------|---------|
| forensics | [foremost ](http://foremost.sourceforge.net/ ) | File carver. | `foremost` | <!--deb-tool-->
| dsniff | [dsniff ](http://www.monkey.org/~dugsong/dsniff/ ) | Grabs passwords and other data from pcaps/network streams. | dsniff | <!--deb-tool-->
## Tools with unofficial Debian/Ubuntu repos or debs
| Category | Package | Description | Repo/deb |
|----------|---------|-------------|----------|
| stego | [sound-visualizer ](http://www.sonicvisualiser.org/ ) | Audio file visualization. | [deb ](http://www.sonicvisualiser.org/download.html ) | <!--deb-tool-->