tools

CTF Tools

Just some tools we use

web

• Nikito:
  • https://github.com/sullo/nikto
• SQLmap
  • https://github.com/sqlmapproject/sqlmap

Reversing

• Radare2
  • https://github.com/radare/radare2
  • cutter:
    • GUI mode of radare2
    • https://github.com/radareorg/cutter
• pwndbg
  • https://github.com/pwndbg/pwndbg
  • with
    • pedas: https://github.com/longld/peda
    • voltron: https://github.com/snare/voltron
• checksec
  • https://github.com/slimm609/checksec.sh
    • Check if canary etc are enabled or not

Crypto

• https://quipqiup.com/
• caesar: https://cryptii.com/pipes/caesar-cipher
• vignere: https://www.guballa.de/vigenere-solver
• rot: https://www.dcode.fr/rot-cipher
• Substituion: https://www.guballa.de/substitution-solver
• I.C calculator
  • Use this if you have no clue which type of cipher it is.
• General
  • https://quipqiup.com/
• RSA:
  • https://github.com/Ganapati/RsaCtfTool
  • https://github.com/ius/rsatool
  • https://www.alpertron.com.ar/ECM.HTM
    • Best for factorizing etc
  • Also some scripts written in python.
  • libnum
    • https://github.com/hellman/libnum
    • Python library
• md5 hash
  • https://www.md5online.org

Misc

• For mathematics
  • Use sympy or sage
    • sympy: https://github.com/sympy/sympy
    • sage:
• John the ripper
  • https://www.openwall.com/john/
  • https://github.com/magnumripper/JohnTheRipper
• Metasploit framwork
  • https://github.com/rapid7/metasploit-framework
• Git related task:
  • gittools: https://github.com/internetwache/GitTools/
• vsftp
  • First thing to check is that if the given vsftp version isn't vulnerable to any kind of know vulnerability
    • Could be simple as: https://ctftime.org/writeup/12060
  • https://en.wikipedia.org/wiki/Vsftpd
• dirb
  • Look for all the accesible directories on a server
  • Not always useful but sometime a life saver
• hydra along with our lovely rockyou.txt

Shell

• Ripgrep
  • https://github.com/BurntSushi/ripgrep
• strings
• cat
• |(pipe)

Leaks

• https://gitlab.com/glicOne/shadowbroker
• Hack scripts
  • https://gitlab.com/glicOne/hack_scripts
• books
  • https://gitlab.com/glicOne/knowledge-base
  • https://github.com/RomaniukVadim/knowledge-base
• CTF wiki
  • https://gitlab.com/glicOne/ctf-wiki
• Terminator ?
  • https://gitlab.com/glicOne/Terminator

Other lists

There are already many great lists that would help you during CTF. Some good list to check out are:

• trailofbit's CTF Guide

  • A very good guide to get an idea about CTFs and different type of challenges

• John Hammond's CTF Katana

  • Really good and short notes.
  • He keeps track of all the not so common challenges from CTFs

• CTF Candy

  • Good notes on web challenges

• Security tips

  • Very good notes on WEB and RE/PWN category

• CTF Wiki

  • Good notes on WEB and CRYPTO

• Knowledge base