{"id":42424,"url":"https://github.com/devploit/awesome-ctf-resources","name":"awesome-ctf-resources","description":"A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩","projects_count":241,"last_synced_at":"2026-04-04T04:00:35.540Z","repository":{"id":46119760,"uuid":"425042174","full_name":"devploit/awesome-ctf-resources","owner":"devploit","description":"A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩","archived":false,"fork":false,"pushed_at":"2026-03-19T20:54:45.000Z","size":118,"stargazers_count":738,"open_issues_count":2,"forks_count":100,"subscribers_count":10,"default_branch":"main","last_synced_at":"2026-03-21T13:17:16.427Z","etag":null,"topics":["cracking","cryptography","ctf","exploitation","exploiting","hacking","pwn","reversing","security","steganography","stego","tools","web"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devploit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-11-05T18:07:01.000Z","updated_at":"2026-03-20T15:47:17.000Z","dependencies_parsed_at":"2025-11-23T10:00:24.575Z","dependency_job_id":null,"html_url":"https://github.com/devploit/awesome-ctf-resources","commit_stats":null,"previous_names":["devploit/awesome-ctf-resources","devploit/ctf-awesome-resources"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/devploit/awesome-ctf-resources","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2Fawesome-ctf-resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2Fawesome-ctf-resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2Fawesome-ctf-resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2Fawesome-ctf-resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devploit","download_url":"https://codeload.github.com/devploit/awesome-ctf-resources/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2Fawesome-ctf-resources/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31387024,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T01:22:39.193Z","status":"online","status_checked_at":"2026-04-04T02:00:07.569Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"readme":"# Awesome CTF resources [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwyl/esta/issues)\n\nA list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩 \n\nAny contribution is welcome, send me a PR! ❤️\n\n*-The software and resources collected do not belong to me and have been compiled for educational purposes only-*\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://i.imgur.com/d4aShjQ.jpg\" width=\"600\" height=\"300\" \u003e\n\u003c/p\u003e\n\n## Contents\n\n - [Create](#0x00-create)\n    - [Platforms](#platforms)\n    - [Forensics](#forensics)\n    - [Steganography](#steganography)\n    - [Web](#web)\n\n - [Solve](#0x01-solve)\n    - [Cryptography](#cryptography)\n    - [Exploiting / Pwn](#exploiting--pwn)\n    - [Forensics](#forensics-1)\n    - [Misc](#misc)\n    - [Reversing](#reversing)\n    - [Steganography](#steganography-1)\n    - [Web](#web-1)\n\n - [Resources](#0x02-resources)\n    - [Online Platforms](#online-platforms)\n    - [Collaborative Tools](#collaborative-tools)\n    - [Writeups Repositories](#writeups-repositories)\n    - [Courses](#courses)\n\n - [Bibliography](#0x03-bibliography)\n\n\n# 0x00. Create\n\n*Tools used for creating CTF challenges*\n\n## Platforms\n\n*Frameworks that can be used to host a CTF*\n\n - [CTFd](https://github.com/CTFd/CTFd) - Platform to host jeopardy style CTFs.\n - [FBCTF](https://github.com/facebookarchive/fbctf) - Facebook CTF platform to host Jeopardy and \"King of the Hill\" CTF competitions.\n - [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - Scoring server for CTF competitions.\n - [kCTF](https://github.com/google/kctf) - Kubernetes-based infrastructure for CTF competitions.\n - [LibreCTF](https://github.com/easyctf/librectf) - CTF platform from EasyCTF.\n - [Mellivora](https://github.com/Nakiami/mellivora) - CTF engine written in PHP.\n - [NightShade](https://github.com/UnrealAkama/NightShade) - Simple CTF framework.\n - [picoCTF](https://github.com/picoCTF/picoCTF) - Infrastructure used to run picoCTF.\n - [rCTF](https://github.com/otter-sec/rctf) - CTF platform created by the [redpwn](https://github.com/redpwn/rctf) CTF team. Now maintained and developed by [OtterSec](https://osec.io/) team.\n - [RootTheBox](https://github.com/moloch--/RootTheBox) - CTF scoring engine for wargames.\n - [ImaginaryCTF](https://github.com/Et3rnos/ImaginaryCTF) - Platform to host CTFs.\n\n## Forensics\n\n*Tools used to create Forensics challenges*\n\n - [Belkasoft RAM Capturer](https://belkasoft.com/ram-capturer) - Volatile Memory Acquisition Tool.\n - [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS.\n - [Magnet AXIOM 2.0](https://www.magnetforensics.com/resources/magnet-axiom-2-0-memory-analysis/) - Artifact-centric DFIR tool.\n - [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Tool to dump Windows Registry.\n\n## Steganography\n\n*Tools used to create Stego challenges*\n\nCheck [solve section for steganography](#steganography-1).\n\n## Web\n\n*Tools used to create Web challenges*\n\n - [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit) - How to obfuscate JavaScript in Metasploit.\n\n# 0x01. Solve\n\n## Cryptography\n\n*Tools used for solving Crypto challenges*\n\n - [Base65536](https://github.com/qntm/base65536) - Unicode's answer to Base64.\n - [Braille Translator](https://www.branah.com/braille-translator) - Translate from braille to text.\n - [Ciphey](https://github.com/Ciphey/Ciphey) - Tool to automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes.\n - [CyberChef](https://gchq.github.io/CyberChef/) - A web app for encryption, encoding, compression and data analysis.\n - [Cryptii](https://cryptii.com/) - Modular conversion, encoding and encryption online.\n - [dCode.fr](https://www.dcode.fr/tools-list#cryptography) - Solvers for Crypto, Maths and Encodings online.\n - [Decodify](https://github.com/s0md3v/Decodify) - Detect and decode encoded strings, recursively.\n - [Enigma Machine](https://summersidemakerspace.ca/projects/enigma-machine/) - Universal Enigma Machine Simulator.\n - [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool.\n - [Galois](http://web.eecs.utk.edu/~jplank/plank/papers/CS-07-593/) - A fast galois field arithmetic library/toolkit.\n - [HashExtender](https://github.com/iagox86/hash_extender) - Tool for performing hash length extension attacks.\n - [Hash-identifier](https://code.google.com/p/hash-identifier/source/checkout) - Simple hash algorithm identifier.\n - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - CLI tool and library to execute padding oracle attacks easily.\n - [PadBuster](https://github.com/AonCyberLabs/PadBuster) - Automated script for performing Padding Oracle attacks.\n - [PEMCrack](https://github.com/robertdavidgraham/pemcrack) - Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks.\n - [PKCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - PkZip encryption cracker.\n - [Polybius Square Cipher](https://www.braingle.com/brainteasers/codes/polybius.php) - Table that allows someone to translate letters into numbers.\n - [Quipqiup](https://quipqiup.com/) - Automated cryptogram solver.\n - [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool) - RSA multi attacks tool.\n - [RSATool](https://github.com/ius/rsatool) - Tool to to calculate RSA and RSA-CRT parameter.\n - [Rumkin Cipher Tools](http://rumkin.com/tools/cipher/) - Collection of ciphhers/encoders tools.\n - [Vigenere Solver](https://www.guballa.de/vigenere-solver) - Online tool that breaks Vigenère ciphers without knowing the key.\n - [XOR Cracker](https://wiremask.eu/tools/xor-cracker/) - Online XOR decryption tool able to guess the key length and the cipher key to decrypt any file.\n - [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher.\n - [yagu](https://sourceforge.net/projects/yafu/) - Automated integer factorization.\n - [Crackstation](https://crackstation.net/) - Hash cracker (database).\n - [Online Encyclopedia of Integer Sequences](https://oeis.org/) - OEIS: The On-Line Encyclopedia of Integer Sequences\n\n## Exploiting / Pwn\n\n*Tools used for solving Pwn challenges*\n\n - [afl](https://lcamtuf.coredump.cx/afl/) - Security-oriented fuzzer.\n - [honggfuzz](https://github.com/google/honggfuzz) - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage.\n - [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation.\n - [One_gadget](https://github.com/david942j/one_gadget) - Tool for finding one gadget RCE.\n - [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for writing exploits.\n - [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation.\n - [Ropper](https://github.com/sashs/Ropper) - Display information about files in different file formats and find gadgets to build rop chains for different architectures.\n - [Shellcodes Database](http://shell-storm.org/shellcode/) - A massive shellcodes database.\n\n## Forensics\n\n*Tools used for solving Forensics challenges*\n\n - [A-Packets](https://apackets.com/) - Effortless PCAP File Analysis in Your Browser.\n - [Autopsy](https://www.autopsy.com/) - End-to-end open source digital forensics platform.\n - [Binwalk](https://github.com/devttys0/binwalk) - Firmware Analysis Tool.\n - [Bulk-extractor](https://github.com/simsong/bulk_extractor) - High-performance digital forensics exploitation tool.\n - [Bkhive \u0026 samdump2](https://www.kali.org/tools/samdump2/) - Dump SYSTEM and SAM files.\n - [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html) - Small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.\n - [Creddump](https://github.com/moyix/creddump) - Dump Windows credentials.\n - [Exiftool](https://exiftool.org/) - Read, write and edit file metadata.\n - [Extundelete](http://extundelete.sourceforge.net/) - Utility that can recover deleted files from an ext3 or ext4 partition.\n - [firmware-mod-kit](https://code.google.com/archive/p/firmware-mod-kit/) - Modify firmware images without recompiling.\n - [Foremost](http://foremost.sourceforge.net/) - Console program to recover files based on their headers, footers, and internal data structures.\n - [Forensic Toolkit](https://www.exterro.com/forensic-toolkit) - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.\n - [Forensically](https://29a.ch/photo-forensics/#forensic-magnifier) - Free online tool to analysis image this tool has many features.\n - [MZCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html) - Small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.\n - [NetworkMiner](https://www.netresec.com/index.ashx?page=NetworkMiner)  Network Forensic Analysis Tool (NFAT).\n - [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive.\n - [photorec](https://www.cgsecurity.org/wiki/PhotoRec) - File data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.\n - [Registry Viewer](https://accessdata.com/product-download/registry-viewer-2-0-0) - Tool to view Windows registers.\n - [Scalpel](https://github.com/sleuthkit/scalpel) - Open source data carving tool.\n - [The Sleuth Kit](https://www.sleuthkit.org/) - Collection of command line tools and a C library that allows you to analyze disk images and recover files from them.\n - [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.\n - [Volatility](https://github.com/volatilityfoundation/volatility) - An advanced memory forensics framework.\n - [Wireshark](https://www.wireshark.org/) - Tool to analyze pcap or pcapng files.\n - [X-Ways](https://www.x-ways.net/forensics/index-m.html) - Advanced work environment for computer forensic examiners.\n\n## Misc\n\n*Tools used for solving Misc challenges*\n\n - [boofuzz](https://github.com/jtpereyda/boofuzz) - Network Protocol Fuzzing for Humans.\n - [Veles](https://codisec.com/veles/) - Binary data analysis and visualization tool.\n\n**Bruteforcers:**\n\n - [changeme](https://github.com/ztgrace/changeme) - A default credential scanner.\n - [Hashcat](https://hashcat.net/hashcat/) - Advanced Password Recovery.\n - [Hydra](https://www.kali.org/tools/hydra/) - Parallelized login cracker which supports numerous protocols to attack.\n - [John the Ripper](https://www.openwall.com/john/) - Open Source password security auditing and password recovery.\n - [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens.\n - [Ophcrack](https://ophcrack.sourceforge.io/) - Free Windows password cracker based on rainbow tables.\n - [Patator](https://github.com/lanjelot/patator) - Multi-purpose brute-forcer, with a modular design and a flexible usage.\n - [Turbo Intruder](https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988) - Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.\n\n**Esoteric Languages:**\n\n - [Brainfuck](https://copy.sh/brainfuck/) - Brainfuck esoteric programming language IDE.\n - [COW](https://frank-buss.de/cow.html) - It is a Brainfuck variant designed humorously with Bovinae in mind.\n - [Malbolge](http://www.malbolge.doleczek.pl/) - Malbolge esoteric programming language solver.\n - [Ook!](https://www.dcode.fr/ook-language) - Tool for decoding / encoding in Ook!\n - [Piet](https://www.bertnase.de/npiet/npiet-execute.php) - Piet programming language compiler.\n - [Rockstar](https://codewithrockstar.com/online) - A language intended to look like song lyrics.\n - [Try It Online](https://tio.run/) - An online tool that has a ton of Esoteric language interpreters.\n\n\n**Sandboxes:**\n\n - [Any.run](https://any.run/) - Interactive malware hunting service.\n - [Intezer Analyze](https://analyze.intezer.com/) - Malware analysis platform.\n - [Triage](https://tria.ge/) - State-of-the-art malware analysis sandbox designed for cross-platform support.\n\n## Reversing\n\n*Tools used for solving Reversing challenges*\n\n - [Androguard](https://github.com/androguard/androguard) - Androguard is a full python tool to play with Android files.\n - [Angr](https://github.com/angr/angr) - A powerful and user-friendly binary analysis platform.\n - [Apk2gold](https://github.com/lxdvs/apk2gold) - CLI tool for decompiling Android apps to Java.\n - [ApkTool](https://ibotpeaches.github.io/Apktool/) - A tool for reverse engineering 3rd party, closed, binary Android apps.\n - [Binary Ninja](https://binary.ninja/) - Binary Analysis Framework.\n - [BinUtils](https://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools.\n - [CTF_import](https://github.com/sciencemanx/ctf_import) - Run basic functions from stripped binaries cross platform.\n - [Compiler Explorer](https://godbolt.org/) - Online compiler tool.\n - [CWE_checker](https://github.com/fkie-cad/cwe_checker) - Finds vulnerable patterns in binary executables.\n - [Demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries.\n - [Disassembler.io](https://onlinedisassembler.com/static/home/index.html) - Disassemble On Demand. \nA lightweight, online service for when you don’t have the time, resources, or requirements to use a heavier-weight alternative.\n - [dnSpy](https://github.com/dnSpy/dnSpy) - .NET debugger and assembly editor.\n - [EasyPythonDecompiler](https://sourceforge.net/projects/easypythondecompiler/) - A small .exe GUI application that will \"decompile\" Python bytecode, often seen in .pyc extension.\n - [Frida](https://github.com/frida/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.\n - [GDB](https://www.gnu.org/software/gdb/) - The GNU Project debugger.\n - [GEF](https://github.com/hugsy/gef) - A modern experience for GDB with advanced debugging features for exploit developers \u0026 reverse engineers.\n - [Ghidra](https://ghidra-sre.org/) - A software reverse engineering (SRE) suite of tools developed by NSA.\n - [Hopper](https://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux.\n - [IDA Pro](https://hex-rays.com/ida-pro/) - Most used Reversing software.\n - [Jadx](https://github.com/skylot/jadx) - Command line and GUI tools for producing Java source code from Android Dex and Apk files.\n - [Java Decompilers](http://www.javadecompilers.com/) - An online decompiler for Java and Android APKs.\n - [JSDetox](https://github.com/svent/jsdetox) - A JavaScript malware analysis tool.\n - [miasm](https://github.com/cea-sec/miasm) - Reverse engineering framework in Python.\n - [Objection](https://github.com/sensepost/objection) - Runtime mobile exploration.\n - [Online Assembler/Disassembler](http://shell-storm.org/online/Online-Assembler-and-Disassembler/) - Online wrappers around the Keystone and Capstone projects.\n - [PEDA](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.\n - [PEfile](https://github.com/erocarrera/pefile) - Python module to read and work with PE (Portable Executable) files.\n - [Pwndbg](https://github.com/pwndbg/pwndbg) - Exploit Development and Reverse Engineering with GDB Made Easy.\n - [radare2](https://github.com/radareorg/radare2) - UNIX-like reverse engineering framework and command-line toolset.\n - [Rizin](https://github.com/rizinorg/rizin) - Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.\n - [Uncompyle](https://github.com/gstarnberger/uncompyle) -  A Python 2.7 byte-code decompiler (.pyc)\n - [WinDBG](http://www.windbg.org/) - Windows debugger distributed by Microsoft.\n - [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.\n\n## Steganography\n\n*Tools used for solving Stego challenges*\n\n - [AperiSolve](https://aperisolve.fr/) - Platform which performs layer analysis on images.\n - [BPStegano](https://github.com/TapanSoni/BPStegano) - Python3 based LSB steganography.\n - [DeepSound](https://github.com/Jpinsoft/DeepSound) - Freeware steganography tool and audio converter that hides secret data into audio files.\n - [DTMF Detection](https://unframework.github.io/dtmf-detect/) - Audio frequencies common to a phone button.\n - [DTMF Tones](http://dialabc.com/sound/detect/index.html) - Audio frequencies common to a phone button.\n - [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files.\n - [Exiv2](https://www.exiv2.org/manpage.html) - Image metadata manipulation tool.\n - [FotoForensics](https://fotoforensics.com/) - Provides budding researchers and professional investigators access to cutting-edge tools for digital photo forensics.\n - [hipshot](https://bitbucket.org/eliteraspberries/hipshot/src/master/) - Tool to converts a video file or series of photographs into a single image simulating a long-exposure photograph.\n - [Image Error Level Analyzer](https://29a.ch/sandbox/2012/imageerrorlevelanalysis/) - Tool to analyze digital images. It's also free and web based. It features error level analysis, clone detection and more.\n - [Image Steganography](https://incoherency.co.uk/image-steganography/) - Client-side Javascript tool to steganographically hide/unhide images inside the lower \"bits\" of other images. \n - [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images.\n - [jsteg](https://github.com/lukechampine/jsteg) - Command-line tool to use against JPEG images.\n - [Magic Eye Solver](http://magiceye.ecksdee.co.uk/) - Get hidden information from images.\n - [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+\u0026apropos=0\u0026sektion=0\u0026manpath=FreeBSD+Ports+5.1-RELEASE\u0026format=html) - Universal steganographic tool.\n - [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.\n - [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs.\n - [sigBits](https://github.com/Pulho/sigBits) - Steganography significant bits image decoder.\n - [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Restoration of defocused and blurred photos/images.\n - [Snow](https://darkside.com.au/snow/) - Whitespace Steganography Tool\n - [Sonic Visualizer](https://www.sonicvisualiser.org/) - Audio file visualization.\n - [Steganography Online](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder.\n - [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image.\n - [StegCracker](https://github.com/Paradoxis/StegCracker) - Brute-force utility to uncover hidden data inside files.\n - [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images.\n - [Steghide](http://steghide.sourceforge.net/) - Hide data in various kinds of image- and audio-files.\n - [StegOnline](https://stegonline.georgeom.net/) - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits.\n - [Stegosaurus](https://github.com/AngelKitty/stegosaurus) - A steganography tool for embedding payloads within Python bytecode.\n - [StegoVeritas](https://github.com/bannsec/stegoVeritas) - Yet another stego tool.\n - [Stegpy](https://github.com/dhsdshdhk/stegpy) - Simple steganography program based on the LSB method.\n - [stegseek](https://github.com/RickdeJager/stegseek) - Lightning fast steghide cracker that can be used to extract hidden data from files. \n - [stegsnow](https://manpages.ubuntu.com/manpages/trusty/man1/stegsnow.1.html) - Whitespace steganography program.\n - [Stegsolve](https://github.com/zardus/ctf-tools/tree/master/stegsolve) - Apply various steganography techniques to images.\n - [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis.\n\n\n## Web \n\n*Tools used for solving Web challenges*\n\n - [Arachni](https://www.arachni-scanner.com/) - Web Application Security Scanner Framework.\n - [Beautifier.io](https://beautifier.io/) - Online JavaScript Beautifier.\n - [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security.\n - [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection Exploitation Tool.\n - [debugHunter](https://github.com/devploit/debugHunter) - Discover hidden debugging parameters and uncover web application secrets.\n - [Dirhunt](https://github.com/Nekmo/dirhunt) - Find web directories without bruteforce.\n - [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.\n - [nomore403](https://github.com/devploit/nomore403) - Tool to bypass 40x errors.\n - [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go.\n - [git-dumper](https://github.com/arthaud/git-dumper) - A tool to dump a git repository from a website.\n - [Gopherus](https://github.com/tarunkant/Gopherus) - Tool that generates gopher link for exploiting SSRF and gaining RCE in various servers.\n - [Hookbin](https://hookbin.com/) - Free service that enables you to collect, parse, and view HTTP requests.\n - [JSFiddle](https://jsfiddle.net/) - Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.\n - [ngrok](https://ngrok.com/) - Secure introspectable tunnels to localhost.\n - [OWASP Zap](https://owasp.org/www-project-zap/) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses.\n - [PHPGGC](https://github.com/ambionics/phpggc) - Library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.\n - [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Addon for chrome for debugging network requests.\n - [REQBIN](https://reqbin.com/) - Online REST \u0026 SOAP API Testing Tool.\n - [Request Bin](https://requestbin.com/) - A modern request bin to inspect any event by Pipedream.\n - [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code.\n - [Smuggler](https://github.com/defparam/smuggler) -  An HTTP Request Smuggling / Desync testing tool written in Python3.\n - [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool.\n - [W3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.\n - [XSSer](https://xsser.03c8.net/) - Automated XSS testor.\n - [ysoserial](https://github.com/frohoff/ysoserial) - Tool for generating payloads that exploit unsafe Java object deserialization.\n\n# 0x02. Resources\n\n## Online Platforms\n\n*Always online CTFs*\n\n - [0x0539](https://0x0539.net/) - Online CTF challenges.\n - [247CTF](https://247ctf.com/) - Free Capture The Flag Hacking Environment.\n - [Archive.ooo](https://archive.ooo/) - Live, playable archive of DEF CON CTF challenges.\n - [Atenea](https://atenea.ccn-cert.cni.es/) - Spanish CCN-CERT CTF platform.\n - [CTFlearn](https://ctflearn.com/) - Online platform built to help ethical hackers learn, practice, and compete.\n - [CTF365](https://ctf365.com/) - Security Training Platform.\n - [Crackmes.One](https://crackmes.one/) - Reverse Engineering Challenges.\n - [CryptoHack](https://cryptohack.org/) - Cryptography Challenges.\n - [Cryptopals](https://cryptopals.com/) - Cryptography Challenges.\n - [Defend the Web](https://defendtheweb.net/?hackthis) - An Interactive Cyber Security Platform.\n - [Dreamhack.io](https://dreamhack.io/wargame) - Online wargame.\n - [echoCTF.RED](https://echoctf.red/) - Online Hacking Laboratories.\n - [Flagyard](https://flagyard.com/) - An Online Playground of Hands-on Cybersecurity Challenges.\n - [HackBBS](https://hackbbs.org/index.php) - Online wargame.\n - [Hacker101](https://www.hacker101.com/) - CTF Platform by [HackerOne](https://www.hackerone.com/).\n - [Hackropole](https://hackropole.fr/en/) - This platform allows you to replay the challenges of the France Cybersecurity Challenge.\n - [HackTheBox](https://www.hackthebox.com/) - A Massive Hacking Playground.\n - [HackThisSite](https://www.hackthissite.org/) - Free, safe and legal training ground for hackers.\n - [HBH](https://hbh.sh/home) - Community designed to teach methods and tactics used by malicious hackers to access systems and sensitive information.\n - [Komodo](http://ctf.komodosec.com/) - This is a game designed to challenge your application hacking skills.\n - [MicroCorruption](https://microcorruption.com/) - Embedded Security CTF.\n - [MNCTF](https://mnctf.info/) - Online cybersecurity challenges.\n - [OverTheWire](https://overthewire.org/wargames/) - Wargame offered by the OverTheWire community.\n - [picoCTF](https://picoctf.org/) - Beginner-friendly CTF platform.\n - [Pwn.college](https://pwn.college/) - Education platform to learn about, and practice, core cybersecurity concepts.\n - [PWN.TN](https://pwn.tn/) - Educational and non commercial wargame.\n - [Pwnable.kr](http://pwnable.kr/) - Pwn/Exploiting platform.\n - [Pwnable.tw](https://pwnable.tw/) - Pwn/Exploiting platform.\n - [Pwnable.xyz](https://pwnable.xyz/) - Pwn/Exploiting platform.\n - [PWNChallenge](http://pwn.eonew.cn/) - Pwn/Exploiting platform.\n - [Reversing.kr](http://reversing.kr/) - Reverse Engineering platform.\n - [Root-me](https://www.root-me.org/) - CTF training platform.\n - [VibloCTF](https://ctf.viblo.asia/landing) - CTF training platform.\n - [VulnHub](https://www.vulnhub.com/) - VM-based pentesting platform.\n - [W3Challs](https://w3challs.com/) - Hacking/CTF platform.\n - [Wargames BataMladen](https://wargames.batamladen.com/) - Wargame challenge scenarios, each with different levels.\n - [WebHacking](https://webhacking.kr/) - Web challenges platform.\n - [Websec.fr](http://websec.fr/) - Web challenges platform.\n - [WeChall](https://www.wechall.net/active_sites) - Challenge sites directory \u0026 forum.\n - [YEHD 2015](https://2015-yehd-ctf.meiji-ncc.tech/) - YEHD CTF 2015 online challenges.\n - [8kSec AI/LLM Exploitation Challenges](https://academy.8ksec.io/course/ai-exploitation-challenges) - Challenges to test AI, ML, and LLMs  knowledge, along with practical exploitation techniques.\n\n*Self-hosted CTFs*\n\n - [AWSGoat](https://github.com/ine-labs/AWSGoat) - A Damn Vulnerable AWS Infrastructure.\n - [CICD-goat](https://github.com/cider-security-research/cicd-goat) - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.\n - [Damn Vulnerable Web Application](https://dvwa.co.uk/) - PHP/MySQL web application that is damn vulnerable.\n - [GCPGoat](https://github.com/ine-labs/GCPGoat) - A Damn Vulnerable GCP Infrastructure.\n - [Juice Shop](https://github.com/juice-shop/juice-shop-ctf) - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop. \n\n## Collaborative Tools\n\n - [CTFNote](https://github.com/TFNS/CTFNote) - Collaborative tool aiming to help CTF teams to organise their work.\n\n## Writeups Repositories\n\n*Repository of CTF Writeups*\n\n - [Courgettes.Club](https://ctf.courgettes.club/) - CTF Writeup Finder.\n - [CTFtime](https://ctftime.org/writeups) - CTFtime Writeups Collection.\n - [Github.com/CTFs](https://github.com/ctfs) - Collection of CTF Writeups.\n\n## Courses\n\n - [Roppers Bootcamp](https://www.roppers.org/courses/ctf) - CTF Bootcamp.\n\n# 0x03. Bibliography\n\n*The resources presented here have been gathered from numerous sources. However, the most important are:*\n\n - [apsdehal_awesome-ctf](https://github.com/apsdehal/awesome-ctf)\n - [vavkamil_awesome-bugbounty-tools](https://github.com/vavkamil/awesome-bugbounty-tools)\n - [zardus_ctf-tools](https://github.com/zardus/ctf-tools)\n","created_at":"2024-01-13T21:18:22.479Z","updated_at":"2026-04-04T04:00:35.541Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Courses","Forensics","Exploiting / Pwn","Misc","Reversing","Web","Online Platforms","Cryptography","Steganography","Writeups Repositories","Platforms","Collaborative Tools"],"sub_categories":[],"projects_url":"https://awesome.ecosyste.ms/api/v1/lists/devploit%2Fawesome-ctf-resources/projects"}