A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
Please take a quick look at the contribution guidelines first.
It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.
Tools used for creating CTF challenges
Tools used for creating Forensics challenges
- Registry Dumper - Dump your registry
Tools used for creating Web challenges
JavaScript Obfustcators
Tools used for solving CTF challenges
Tools used for performing various kinds of attacks
- Layer 2 attacks - Attack various protocols on layer 2
Tools used for solving Crypto challenges
- RSATool - Generate private key with knowledge of p and q
- XORTool - A tool to analyze multi-byte xor cipher
Tools used for various kind of bruteforcing (passwords etc.)
- John The Jumbo - Community enhanced version of John the Ripper
- John The Ripper - Password Cracker
- Ophcrack - Windows password cracker based on rainbow tables.
Tools used for solving Exploits challenges
- binjitsu - CTF framework and exploit development library
- Metasploit - Penetration testing software
- pwntools - CTF Framework for writing exploits
Tools used for solving Forensics challenges
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
apt-get install aircrack-ng
- Audacity - Analyze sound files (mp3, m4a, whatever)
apt-get install audacity
- bkhive and samdump2 - Dump SYSTEM and SAM files
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor
- creddump - Dump windows credentials
- DVCS Ripper - Rips web accessible (distributed) version control systems
- Exif Tool - Read, write and edit file metadata
- extundelete - Used for recovering lost data from mountable images
- Foremost - Extract particular kind of files using headers
apt-get install foremost
- fsck.ext4 - Used to fix corrupt filesystems
- Malzilla - Malware hunting tool
- NetworkMiner - Network Forensic Analysis Tool
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files
- ResourcesExtract - Extract various filetypes from exes
- Shellbags - Investigate NT_USER.dat files
- UsbForensics - Contains many tools for usb forensics
- Volatility - To investigate memory dumps
- Wireshark - Analyze the network dumps
apt-get install wireshark
Registry Viewers
- RegistryViewer - Used to view windows registries
- Windows Registry Viewers - More registry viewers
Tools used for solving Reversing challenges
- Androguard - Reverse engineer Android applications
- Apk2Gold - Yet another Android decompiler
- ApkTool - Android Decompiler
- BinUtils - Collection of binary tools
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86 binaries to C
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Krakatau - Java decompiler and disassembler
- radare2 - A portable reversing framework
- Uncompyle - Decompile Python 2.7 binaries (.pyc)
JavaScript Deobfustcators
SWF Analyzers
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- swftools - Collection of utilities to work with SWF files
- xxxswf - A Python script for analyzing Flash files.
Various kind of useful services available around the internet
- CSWSH - Cross-Site WebSocket Hijacking Tester
- Request Bin - Lets you inspect http requests to a particular url
Tools used for solving Steganography challenges
- pngtools - For various analysis related to PNGs
apt-get install pngtools
- SmartDeblur - Used to deblur and fix defocused images
- Steganabara - Tool for stegano analysis written in Java
- Steghide - Hide data in various kind of images
- Stegsolve - Apply various steganography techniques to images
Tools used for solving Web challenges
- SQLMap - Automatic SQL injection and database takeover tooli
- w3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor
Where to discover about CTF
Collections of installer scripts, useful tools
- CTF Tools - Collection of setup scripts to install various security research tools.
Tutorials to learn how to play CTFs
- CTF Field Guide - Field Guide by Trails of Bits
- CTF Resources - Start Guide maintained by community
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
- MIPT CTF - A small course for beginners in CTFs (in Russian)
Always online CTFs
- Backdoor - Security Platform by SDSLabs
- Exploit Exercises - Variety of VMs to learn variety of computer security issues
- Hack This Site - Training ground for hackers.
- Over The Wire - Wargame maintained by OvertheWire Community
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- WeChall - Always online challenge site
Various general websites about and on ctf
- CTF Time - General information on CTF occuring around the worlds
- Reddit Security CTF - Reddit CTF category
Various Wikis available for learning about CTFs
- ISIS Lab - CTF Wiki by Isis lab
Collections of CTF write-ups
- Captf - Dumped CTF challenges and materials by psifertex
- CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community
- pwntools writeups - A collection of CTF write-ups all using pwntools
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan
- Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.
MIT :)