| afl | ||
| angr | ||
| apktool | ||
| barf | ||
| bin | ||
| bindead | ||
| binwalk | ||
| burpsuite | ||
| checksec | ||
| codereason | ||
| commix | ||
| cribdrag | ||
| crosstool | ||
| df | ||
| dirs3arch | ||
| dislocker | ||
| elfkickers | ||
| evilize | ||
| exetractor | ||
| firmware-mod-kit | ||
| foresight | ||
| gdb | ||
| hash-identifier | ||
| hashpump | ||
| hashpump-partialhash | ||
| littleblackbox | ||
| msieve | ||
| pathgrind | ||
| pdf-parser | ||
| peda | ||
| pemcrack | ||
| preeny | ||
| pwntools | ||
| python-paddingoracle | ||
| python-pin | ||
| qemu | ||
| qira | ||
| radare2 | ||
| reveng | ||
| rp++ | ||
| scrdec18 | ||
| shellnoob | ||
| sonic-visualizer | ||
| sqlmap | ||
| ssh_decoder | ||
| sslsplit | ||
| steganabara | ||
| stegdetect | ||
| stegsolve | ||
| subbrute | ||
| taintgrind | ||
| testdisk | ||
| villoc | ||
| virtualsocket | ||
| xortool | ||
| xrop | ||
| yafu | ||
| .dockerignore | ||
| .gitignore | ||
| .travis.yml | ||
| Dockerfile | ||
| README.md | ||
| TODO | ||
ctf-tools
This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth.
Installers for the following tools are included:
| Category | Tool | Description |
|---|---|---|
| binary | afl | State-of-the-art fuzzer. |
| binary | angr | Next-generation binary analysis engine from Shellphish. |
| binary | barf | Binary Analysis and Reverse-engineering Framework. |
| binary | bindead | A static analysis tool for binaries. |
| binary | checksec | Check binary hardening settings. |
| binary | codereason | Semantic Binary Code Analysis Framework. |
| binary | crosstool-ng | Cross-compilers and cross-architecture tools. |
| binary | evilize | Tool to create MD5 colliding binaries |
| binary | gdb | Up-to-date gdb with python2 bindings. |
| binary | peda | Enhanced environment for gdb. |
| binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
| binary | villoc | Visualization of heap operations. |
| binary | qemu | Latest version of qemu! |
| binary | pathgrind | Path-based, symbolically-assisted fuzzer. |
| binary | virtualsocket | A nice library to interact with binaries. |
| binary | pwntools | Useful CTF utilities. |
| binary | python-pin | Python bindings for pin. |
| binary | radare2 | Some crazy thing crowell likes. |
| binary | shellnoob | Shellcode writing helper. |
| binary | taintgrind | A valgrind taint analysis tool. |
| binary | qira | Parallel, timeless debugger. |
| binary | xrop | Gadget finder. |
| binary | rp++ | Another gadget finder. |
| forensics | binwalk | Firmware (and arbitrary file) analysis tool. |
| forensics | dislocker | Tool for reading Bitlocker encrypted partitions. |
| forensics | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. |
| forensics | firmware-mod-kit | Tools for firmware packing/unpacking. |
| forensics | testdisk | Testdisk and photorec for file recovery. |
| forensics | pdf-parser | Tool for digging in PDF files |
| forensics | scrdec | A decoder for encoded Windows Scripts. |
| crypto | cribdrag | Interactive crib dragging tool (for crypto). |
| crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
| crypto | hashpump | A tool for performing hash length extension attaacks. |
| crypto | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. |
| crypto | hash-identifier | Simple hash algorithm identifier. |
| crypto | littleblackbox | Database of private SSL/SSH keys for embedded devices. |
| crypto | pemcrack | SSL PEM file cracker. |
| crypto | reveng | CRC finder. |
| crypto | ssh_decoder | A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash. |
| crypto | sslsplit | SSL/TLS MITM. |
| crypto | python-paddingoracle | Padding oracle attack automation. |
| crypto | xortool | XOR analysis tool. |
| crypto | yafu | Automated integer factorization. |
| web | burpsuite | Web proxy to do naughty web stuff. |
| web | commix | Command injection and exploitation tool. |
| web | dirs3arch | Web path scanner. |
| web | sqlmap | SQL injection automation engine. |
| web | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
| stego | sound-visualizer | Audio file visualization. |
| stego | stegdetect | Steganography detection/breaking tool. |
| stego | steganabara | Antoher image steganography solver. |
| stego | stegsolve | Image steganography solver. |
| android | apktool | Dissect, dis-assemble, and re-pack Android APKs |
There are also some installers for non-CTF stuff to break the monotony!
| Category | Tool | Description |
|---|---|---|
| game | Dwarf Fortress | Something to help you relax after a CTF! |
Usage
To use, do:
# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc
# list the available tools
manage-tools list
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
# search for a tool
manage-tools search preload
Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall).
To support python dependencies, however, make sure to create a virtualenv before installing and using tools (i.e., mkvirtualenv --system-site-packages ctf. The --system-site-packages is there for easier reuse of apt-gotten python packages where necessary).
Docker/Vagrant
By popular demand, a Dockerfile has been included. You can build a docker image with:
git clone https://github.com/zardus/ctf-tools
docker build -t ctf-tools .
And run it with:
docker run -it ctf-tools
The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above). A Vagrantfile is on the TODO list :-)
Adding Tools
To add a tool (say, named toolname), do the following:
- Create a
toolnamedirectory. - Create an
installscript. - (optional) if special uninstall steps are reuired, create an
uninstallscript.
Install Scripts
The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible.
Ideally, full uninstallation should be possible with a git clean.
The install script should create a bin directory and put its executables there.
These executables will be automatically linked into the main bin directory for the repo.
They could be launched from any directory, so don't make assumptions about the location of $0!
License
The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/zardus/ctf-tools).
Good luck!
See Also
There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/awesome-ctf.