{"id":13844379,"url":"https://github.com/Ph4l4nx/CTF-s-Tools","last_synced_at":"2025-07-11T22:31:52.056Z","repository":{"id":49757451,"uuid":"310677419","full_name":"Ph4l4nx/CTF-s-Tools","owner":"Ph4l4nx","description":"Repository to index useful tools for CTF's","archived":false,"fork":false,"pushed_at":"2024-07-19T09:57:22.000Z","size":764,"stargazers_count":26,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-05T17:41:42.463Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ph4l4nx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-11-06T18:35:47.000Z","updated_at":"2024-07-23T15:47:23.000Z","dependencies_parsed_at":"2023-02-19T05:15:50.578Z","dependency_job_id":"639d54d2-9cd2-48fc-9154-0f2277fa12dd","html_url":"https://github.com/Ph4l4nx/CTF-s-Tools","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ph4l4nx%2FCTF-s-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ph4l4nx%2FCTF-s-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ph4l4nx%2FCTF-s-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ph4l4nx%2FCTF-s-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ph4l4nx","download_url":"https://codeload.github.com/Ph4l4nx/CTF-s-Tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225763369,"owners_count":17520444,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:41.345Z","updated_at":"2025-07-11T22:31:52.043Z","avatar_url":"https://github.com/Ph4l4nx.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"Repository to index interesting Capture The Flag tools and other stuff.\n\n* [Table of Contents](#table-of-contents)   \n   - [Platforms to practice](#platforms-to-practice) \n   - [Cryptography](#cryptography)\n        * [Main](#main)\n        * [Secondary](#secondary)\n        * [Hashes](#hashes)\n        * [Esoteric Languages](#esoteric-languages)\n   - [Steganography](#steganography)\n   - [OSINT](#osint)\n        * [Threat Hunting](#threat-hunting)\n   - [Forensics](#forensics) \n   - [Reversing](#reversing)\n   - [Exploiting](#exploiting) \n   - [Pentesting](#pentesting) \n        * [Recon](#recon)\n        * [Web](#web)\n        * [Exploit Database](#exploit-database)\n        * [Docker](#docker)\n        * [Credentials](#credentials)\n        * [CVE Database Vulnerabilities](#CVE-Database-Vulnerabilities) \n        * [Exploitation](#exploitation)\n        * [Active Directory](#active-directory)\n        * [Privilege Escalation](#privilege-escalation)\n          - [Windows](#windows)\n          - [Linux](#linux)\n        * [Legit binaries in a system](#legit-binaries-in-a-system)\n        * [AV bypass](#av-bypass)\n        * [Automatic Frameworks](#automatic-frameworks)\n        * [Mobile](#mobile) \n        * [Wifi](#wifi)\n        * [Utility](#utility)\n   - [Malware](#malware)\n        * [Online engines](#online-engines)     \n        * [Distros to analyze malware](#distros-to-analyze-malware)\n        * [Tools](#tools)\n        * [Free AVs EDRs and sandboxes](#free-avs-edrs-and-sandboxes)\n        * [Ransomware](#ransomware)\n        * [APTs](#apts)\n        * [Blogs and Information](#blogs-and-information)\n   - [Utility](#utility-1)\n   - [Wikis](#wikis)\n   - [Write-Ups](#write-ups)\n   - [Other tools](#other-tools)\n\n## Platforms to practice\n\nhttps://ctftime.org/\n\nhttps://www.hackthebox.eu/\n\nhttps://atenea.ccn-cert.cni.es/home\n\nhttps://tryhackme.com/\n\nhttps://www.vulnhub.com/\n\n* Web Hacking challenges: http://webhacking.kr/\n\n* Platform for learning modern cryptography: https://cryptohack.org/\n\n* Reversing platform: https://crackmes.one/\n\n* Forensics Challenges: https://ctf.unizar.es/ \u0026\u0026 https://freetraining.dfirdiva.com/dfir-ctfs-challenges \u0026\u0026 https://socvel.com/\n\n* PicoCTF: https://play.picoctf.org/login\n\n* Blue team: https://letsdefend.io/\n\n## Cryptography\n\n### Main\n\nhttps://gchq.github.io/CyberChef/\n\nhttps://www.dcode.fr/tools-list#cryptography\n\n* Cipher Identifier and Analyzer: https://www.boxentriq.com/code-breaking/cipher-identifier\n\n* Data format identifier: https://geocaching.dennistreysa.de/multisolver/\n\n### Secondary\n\n* Automated cryptogram solver (substitution) https://quipqiup.com/\n\n* Frequency Analysis: https://crypto.interactive-maths.com/frequency-analysis-breaking-the-code.html\n\n* Brute force Vigenere: https://guballa.de/vigenere-solver\n\n* RsaCtfTool: https://github.com/Ganapati/RsaCtfTool\n\n* Decrpyt emoji messages https://cryptoji.com/ \u0026 https://cryptii.com/pipes/morse-code-with-emojis\n\n* Padding-oracle-attacker: https://github.com/KishanBagaria/padding-oracle-attacker\n\n* Maritime signal flags dictionary: https://en.wikipedia.org/wiki/International_maritime_signal_flags\n\n* Enigma: https://cryptii.com/\n\n* Factoring: http://factordb.com/\n\n* Cryptanalysis recopilation: https://github.com/mindcrypt/Cryptanalysis\n\nhttp://rumkin.com/tools/cipher/\n\n* Real time converter: https://kt.gy/tools.html#conv/ \n\n* Simple script to calculate the onion address from a Tor hidden service descriptor or public key: https://gist.github.com/DonnchaC/d6428881f451097f329e (you need to modify the line 14 for working properly \"onion_address = hashlib.sha1(key.exportKey('DER')[22:]).digest()[:10]\").\n\n* Speech to text: https://speech-to-text-demo.ng.bluemix.net/\n\n* Lyrics song: https://codewithrockstar.com/online\n\n* Online generator md5 hash of a string: http://www.md5.cz/\n\n### Hashes\n\n* Hash DB: https://crackstation.net/\n\n* Dehashed: https://www.dehashed.com/\n\n* Cracking Hashes: http://rainbowtables.it64.com/\n\n* Hash DB: https://www.onlinehashcrack.com/\n\n* Hash DB: https://md5decrypt.net/en/\n\n* Hash DB: https://hashkiller.io/\n\n* Hash DB: https://hashes.com/en/decrypt/hash\n\n### Esoteric Languages\n\n* Ook! esoteric programming language decoder: https://www.dcode.fr/ook-language\n\n* Brainfuck esoteric programming language decoder: https://www.dcode.fr/brainfuck-language\n\n* Malboge esoteric programming language decoder: https://www.malbolge.doleczek.pl/\n\n* COW esoteric programming language: https://frank-buss.de/cow.html\n\n## Steganography\n\n* Exiftool\n\n* Zsteg \n\n* Exiv2\n\n* Identify -verbose file\n\n* Magic Numbers Signatures: https://asecuritysite.com/forensics/magic \u0026\u0026 https://www.garykessler.net/library/file_sigs.html → Hexeditor\n\n* Binwalk -e image\n\n* Foremost -i image -o outdir\n\n* Steghide: http://steghide.sourceforge.net/documentation/manpage_es.php (e.g: steghide extract -sf file , steghide info file)\n\n* Stegseek: https://github.com/RickdeJager/stegseek (Better than Stegcracker)\n\n* StegCracker: https://github.com/Paradoxis/StegCracker\n\n* Deeper steganography analysis tool: https://aperisolve.fr/\n\n* Spectrum Analyzer: https://academo.org/demos/spectrum-analyzer/\n\n* Stegsolve: https://github.com/zardus/ctf-tools/blob/master/stegsolve/install (running: java -jar steg_solve.jar)\n\n* Fourier Transform: http://bigwww.epfl.ch/demo/ip/demos/FFT/ \u0026\u0026 https://github.com/0xcomposure/FFTStegPic\n\n* Digital invisible ink stego tool: https://sourceforge.net/projects/diit/\n\n* Decoding files from 8-bit Atari turbo cassette tapes: https://github.com/baktragh/turbodecoder\n\nhttps://incoherency.co.uk/image-steganography/#unhide\n\nhttp://exif-viewer.com/\n\nhttps://stegonline.georgeom.net/upload\n\nhttps://stylesuxx.github.io/steganography/\n\nhttps://skynettools.com/free-online-steganography-tools/\n\n* Morse Code Adaptive Audio Decoder: https://morsecode.world/international/decoder/audio-decoder-adaptive.html\n\n* Audacity (sudo apt-get install audacity) E.g: https://www.hackiit.cf/write-up-hackiit-ctf-biological-hazard-ii/\n\n* AudioStego: https://github.com/danielcardeenas/AudioStego\n\n* Analyze suspicious files and urls to detect stegomalware: https://stegoinspector.com/#/\n\n* Aurebesh Translator: https://funtranslations.com/aurebesh\n\n* Bitcoin Steganography: https://incoherency.co.uk/stegoseed/\n\n* Mojibake Steganography: https://incoherency.co.uk/mojibake/\n\n* Chess Steganography : https://incoherency.co.uk/chess-steg/\n\n* Magic Eye Solver / Viewer: https://magiceye.ecksdee.co.uk/\n\n* QR decoder: https://online-barcode-reader.inliteresearch.com/ \u0026\u0026 https://zxing.org/w/decode.jspx\n\n* Stegosuite:  http://manpages.ubuntu.com/manpages/bionic/man1/stegosuite.1.html\n\n* StegSpy: http://www.spy-hunter.com/stegspydownload.htm\n\n* StegSecret: http://stegsecret.sourceforge.net/\n\n* Openstego: https://www.openstego.com/\n\n* Stegpic: https://domnit.org/stepic/doc/\n\n* Bytehist: https://www.cert.at/en/downloads/software/software-bytehist\n\nhttps://www.bertnase.de/npiet/npiet-execute.php\n\n* Repair images: https://online.officerecovery.com/es/pixrecovery/\n\n* Tool for recovering passwords from pixelized screenshots: https://github.com/beurtschipper/Depix\n\n* Forensic Image Analysis: https://github.com/GuidoBartoli/sherloq\n\n* Unicode Steganography with Zero-Width Characters: https://330k.github.io/misc_tools/unicode_steganography.html \n\n* Stegsnow(Zero-Width Characters): https://pentesttools.net/hide-secret-messages-in-text-using-stegsnow-zero-width-characters/\n\n* SPAM language or PGP: https://www.spammimic.com/decode.shtml\n\n* f5stegojs: https://desudesutalk.github.io/f5stegojs/\n\n* Unshorten links: https://unshorten.it/\n\n* PNG dump: https://blog.didierstevens.com/2022/04/18/new-tool-pngdump-py-beta/\n\n## OSINT\n\n* Ip information: https://bgp.tools/\n\n* Ip information: https://www.maxmind.com/en/geoip-demo\n\nhttps://sitereport.netcraft.com/? \u0026\u0026 https://searchdns.netcraft.com/\n\n* https://iocfeed.mrlooquer.com/\n\n* https://www.ipaddress.com/\n\n* GHDB (Google Hacking Database): https://www.exploit-db.com/google-hacking-database\n\n* Google CheatSheet: https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06\n\nhttps://ciberpatrulla.com/links/\n\nhttps://osintframework.com/\n\n* Tools, flowcharts and cheatsheets to help you do your OSINT research:  https://technisette.com/p/tools\n\n* Recopilation: https://osint.link/\n\n* World domain DB: http://web.archive.org/ \u0026\u0026 https://archive.eu/\n\n* DNS Search: https://dns.coffee/\n\n* Cyber Defense Search: https://www.onyphe.io/\n\n* Abuse Domain,IP: https://www.abuseipdb.com/\n\nhttps://dns-lookup.jvns.ca/\n\nhttps://www.greynoise.io/\n\nhttps://www.brightcloud.com/tools/url-ip-lookup.php\n\n* Reputation url checker: https://www.urlvoid.com/\n\n* The search engine for the Internet of Things: https://www.shodan.io/ \u0026\u0026 All filters cheatseet: https://beta.shodan.io/search/filters\n\n* IVRE: https://ivre.rocks/\n\n* Threat Intel Tools: https://cyberfive.uk/threat-intel-tools/\n\nhttps://talosintelligence.com/\n\n* PGP Global Directory: https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event \n\n* Hurricane Electric BGP: https://bgp.he.net/\n\n* Email2PhoneNumber: https://github.com/martinvigo/email2phonenumber\n\n* Honeypot or not: https://honeyscore.shodan.io/\n\nhttps://builtwith.com/\n\n* Pwn email DB TOR:  http://pwndb2am4tzkvold.onion/\n\n* Website to check if emails or passwords have been compromised: https://haveibeenpwned.com/\n\n* Leaks: https://leaks.sh/\n\n* Pwn DB: https://www.dehashed.com/?__cf_chl_jschl_tk__=ab484f797848c365ec48f7297ac4b9ba4587d775-1625827161-0-ARQgSNH3MSi0R4OUxmHmJCgUIz4nZrldFwXK6QZ21tONCEndyB_ypTCETLDm8vhRWeKD6v_ZraA5mbmvd03j1oeQb7QNsx5pg0lMhaNv2l7aw8DKR4a7ENkylr9knbiDx9X3RVn5AcH2uWuG_yRgk28j6x_zyccpXWc8LsTN9VxXZCZb16SEqwbuLdQ-JjWp0eQIgEMAPkLgosrsZyCdRa0A2mqMu8Mz4g-j4z8xR4v-4tqNwcP_TNtCK74-DIWZ80Zth2At6XizE72m_QifLrQH-gFUWPQ7hMzbNr5ONgZbyTZy_0YQA2SqHS5EUj5duq3WhbHdKEsRzXC6ch1EdQ5GagnSc8fH_NAqrI2aebrGF37HEXWkn7ZwxLGDLPAF63tV-77gQ4xhCnCDJp-vpcs\n\n* Pwn email DB: https://intelx.io/\n\n* Pwn email DB: https://cybernews.com/personal-data-leak-check/\n\n* PwnDB Script: https://github.com/davidtavarez/pwndb\n\n* Search filtered credentials in plain text: https://esgeeks.com/pwndb-buscar-credenciales-filtradas-texto-plano/\n\n* Email checker: https://toolbox.googleapps.com/apps/checkmx/\n\n* Car Recognition: https://carnet.ai/\n\n* Hour of a picture, sun calculator: https://www.suncalc.org/#/27.6936,-97.5195,3/2024.01.09/09:23/1/3\n\n* General purpose: https://github.com/Moham3dRiahi/Th3inspector\n\n* Gooogle Image Search: https://www.google.es/imghp?hl=es , Yandex: https://yandex.com/images/ , Bing: https://www.bing.com/?scope=images\u0026nr=1\u0026FORM=NOFORM\n\n* Reverse Image Search: https://tineye.com/\n\n* Tool for tracking the redirection paths of URLs: https://wheregoes.com/\n\n* Phishing Online Checker: https://easydmarc.com/tools/phishing-url\n\n* Phishing Domain DB: http://phishtank.org/\n\n* Phishing Domain DB: https://phishcheck.me/\n\n* Phishing Research: https://safeweb.norton.com/ , https://isitphishing.org/, https://openphish.com/ \u0026\u0026 https://opentip.kaspersky.com/.\n\n* Instagram: https://github.com/th3unkn0n/osi.ig\n\n* Censys: https://censys.io/ipv4\n\n* Zoomeye.org: https://www.zoomeye.org/\n\n* IVRE: https://ivre.rocks/\n\n* IOT search engine: https://www.thingful.net/\n\n* Find email addresses related to a domain: https://hunter.io/\n\n* People search engine: https://thatsthem.com/\n\n* Fofa search engine: https://fofa.so/ (Similar to Shodan)\n\n* Graphical OSINT platform: https://www.spiderfoot.net/#\n\n* Fullhunt: https://fullhunt.io/\n\n* Code search: https://grep.app/ \u0026\u0026 https://publicwww.com/\n\n* Natlas: https://natlas.io/\n\n* Spur: https://spur.us/\n\n* Public Wi-Fi database: https://www.mylnikov.org/\n\n* HTTP headers of a domain: https://www.webconfs.com/http-header-check.php\n\n* Metadata of public's documents: https://github.com/Josue87/MetaFinder\n\n* Twitter: https://github.com/twintproject/twint \u0026\u0026 https://tinfoleak.com/\n\n* https://github.com/Quantika14/osint-suite-tools\n\n* Check your OWA (Outlook Web Access): https://checkmyowa.unit221b.com/\n\n* Whatspp IP Leak: https://github.com/bhdresh/Whatsapp-IP-leak?s=09\n\n* Book: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf\n\n### Threat Hunting\n \nAnalysis I: https://centralops.net/co/\n\nAnalaysis II: https://viewdns.info/\n\nAnalysis III: https://sitereport.netcraft.com/\n\nAnalysis IV: https://www.ipaddress.com/\n\nMalware: https://www.virustotal.com/gui/home/upload \u0026 https://opentip.kaspersky.com/\n\nReputation: https://talosintelligence.com/, https://www.abuseipdb.com/\n\nTechnology of a domain: https://builtwith.com/\n\nTool for tracking the redirection paths of URLs: https://wheregoes.com/\n\nHistory of a Domain: https://web.archive.org/\n\nReal-time blackhole list,ASNs: https://bgp.he.net/\n\nSSL certificates: https://www.digicert.com/help/\n\nRedirects: https://lookyloo.circl.lu/\n\nPhishing Domain DB: http://phishtank.org/\n\nPhishing Domain DB: https://phishcheck.me/\n\nPhishing Domains CSV: https://phishstats.info/\n\nPhishing Research: https://safeweb.norton.com/ , https://isitphishing.org/, https://openphish.com/ \u0026\u0026 https://opentip.kaspersky.com/.\n\nRecopilation: https://osintframework.com/\n\nEmail account analysis: curl emailrep.io/john.smith@gmail.com\n\n## Forensics\n\n* Online PCAP Analysis: https://lab.dynamite.ai/\n\n* Tool to identify strings from a pcap: https://github.com/bee-san/pyWhat. Ex:python3 -m pywhat redteam_test03-10423dd9015c050a40b7ccf2a53f57a9.pcapng \u003e output\n\n* Advanced PCAP: https://www.kitploit.com/2023/08/bryobio-network-pcap-file-analysis.html\n\n* Wireshark. Cheat sheet: https://cdn.comparitech.com/wp-content/uploads/2019/06/Wireshark-Cheat-Sheet-1.jpg\n\n* Volatility. Cheat sheet: https://blog.onfvp.com/post/volatility-cheatsheet/ \u003e\u003e\u003e Malfind,yarascan, Connscan y netscan\n\n* Foremost\n\n* Binwalk\n\n* Autopsy\n\n* PhotoRec: https://www.cgsecurity.org/wiki/PhotoRec\n\n* Photo forensics: https://29a.ch/photo-forensics/#forensic-magnifier\n\n* Recuva: https://www.ccleaner.com/recuva\n\n* Keys: https://www.nirsoft.net/utils/product_cd_key_viewer.html\n\n* DDRescue. https://launchpad.net/ddrescue-gui\n\n* Rescuezilla: https://rescuezilla.com/\n\n* PolarProxy: https://www.netresec.com/?page=PolarProxy\n\n* MRC: https://www.magnetforensics.com/resources/magnet-ram-capture/\n\n* Media acquisition (disk to image): https://guymager.sourceforge.io/\n\n* Rapidly Search and Hunt through Windows Event Logs: https://github.com/countercept/chainsaw\n\n* AccessData FTK Imager \n\n* EnCase \n\n* EaseUS Data Recovery Wizard\n\n* Testdisk: https://www.cgsecurity.org/wiki/TestDisk_Download\n\n* MFT_Browser: https://github.com/kacos2000/MFT_Browser\n\n* Powershell Decoder: https://github.com/R3MRUM/PSDecode, https://github.com/JohnLaTwC/PyPowerShellXray and analysis info: https://darungrim.com/research/2019-10-01-analyzing-powershell-threats-using-powershell-debugging.html\n\n* PDF analyzer: https://github.com/zbetcheckin/PDF_analysis, https://github.com/DidierStevens/DidierStevensSuite/blob/master/pdfid.py, https://github.com/DidierStevens/DidierStevensSuite/blob/master/pdf-parser.py y https://eternal-todo.com/tools/peepdf-pdf-analysis-tool.\n\n* Office analyzer: https://github.com/DissectMalware/XLMMacroDeobfuscator, https://github.com/unixfreak0037/officeparser, https://github.com/decalage2/oletools, https://github.com/bontchev/pcodedmp, https://github.com/decalage2/ViperMonkey \u0026\u0026 https://blog.didierstevens.com/programs/oledump-py/.\n\n* Extract Unicode-encoded content from a file: https://github.com/DidierStevens/DidierStevensSuite/blob/master/base64dump.py\n\n* DTMF telephone frecuency: https://unframework.github.io/dtmf-detect/\n\n* To decrypt WPA keys: pyrit -r \"capctura.pcap\" analyze\n\n* Diskeditor: https://www.disk-editor.org/index.html\n\n* Passware encryption analyzer: https://www.passware.com/encryption-analyzer/\n\n* Windows Registry Recovery: https://www.softpedia.com/get/Tweak/Registry-Tweak/Windows-Registry-Recovery.shtml\n\n* xxd command\n\n* Blue Team Cheat sheet: https://itblogr.com/wp-content/uploads/2020/04/The-Concise-Blue-Team-cheat-Sheets.pdf\n\n* DFIR cheat sheet: https://www.jaiminton.com/cheatsheet/DFIR/#\n\n* Parse a user agent: https://developers.whatismybrowser.com/useragents/parse/\n\n* Grep cheat sheet: https://javiermartinalonso.github.io/linux/2018/01/15/linux-grep-patrones-debug.html\n\n* Blog: https://www.osintme.com/\n\n* Regular expressions for grep -Po \" \" https://www.autoregex.xyz/ \u0026\u0026 https://regex101.com/ . Cheat sheet: https://cheatography.com/davechild/cheat-sheets/regular-expressions/\n\n* DFIR Cheatsheet: https://dfircheatsheet.github.io/\n\nhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/\n\nhttps://blog.didierstevens.com/programs/xorsearch/\n\nForensics RECOPILATION: https://start.me/p/JDRmPO/recursos-forenses \u0026\u0026 https://start.me/p/q6mw4Q/forensics\n\n## Reversing\n\n* Binwalk\n\n* Dotpeek (.NET)\n\n* Angr(deobfuscated code): https://angr.io/ \u0026\u0026 https://napongizero.github.io/blog/Defeating-Code-Obfuscation-with-Angr\n\n* GameBoy debugger: https://bgb.bircd.org/\n\n* IDA pro. Cheat Sheet: https://www.dragonjar.org/cheat-sheet-ida-pro-interactive-disassembler.xhtml\n\n* Ollydbg. Cheat Sheet: http://www.ollydbg.de/quickst.htm\n\n* GDB:  https://gist.github.com/rkubik/b96c23bd8ed58333de37f2b8cd052c30\n\n* Radare2. Cheat Sheet: https://gist.github.com/williballenthin/6857590dab3e2a6559d7\n\n* Ghidra. Cheat Sheet: https://hackersfun.com/wp-content/uploads/2019/03/Ghidra-Cheat-Sheet.pdf\n\n* Immunity Debugger: https://www.immunityinc.com/products/debugger/\n\n* x64dbg\n\n* DnSpy https://github.com/dnSpy/dnSpy\n\n* Binary Ninja: https://binary.ninja/\n\n* Beginner reversing tool: https://exeinfo-pe.en.uptodown.com/windows\n\n* Regshot:  https://sourceforge.net/projects/regshot/ (before and after running a binary)\n\n* CFF explorer: https://download.cnet.com/CFF-Explorer/3000-2383_4-10431156.html\n\n* Online Disassembler: https://onlinedisassembler.com/static/home/index.html\n\n* Online Decompiler Explorer: https://dogbolt.org/\n\n* Online Compiler Explorer: https://godbolt.org/\n\n* Online .JAR and .Class to Java decompiler:  http://www.javadecompilers.com/\n\n* Hex editor, disk editor, and memory editor: https://mh-nexus.de/en/downloads.php?product=HxD20\n\n* Android Decompiler: https://ibotpeaches.github.io/Apktool/\n\n* Decompile Android files: https://github.com/skylot/jadx\n\n* Hopper disassembler: https://www.hopperapp.com/\n\n* List Dynamic Dependencies: Ldd file\n\n* Unpacking some binaries: Upx -d file\n\n* Identifying packers: https://github.com/horsicq/Detect-It-Easy\n\n* Theory: https://0xinfection.github.io/reversing/\n\n* Intel® 64 and IA-32 Architectures Software Developer’s Manual: https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf \n\n* Tips: https://blog.whtaguy.com/2020/04/guys-30-reverse-engineering-tips-tricks.html\n\n## Exploiting\n\n* Ej1: python -c \"print 'A'*150\" \u003e\u003e\u003e Then ./binario 150 A\n\npython -c \"print ('A' * 5100)\"\n\n* Ej2: (echo -e \"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x89\\xc1\\x89\\xc2\\xb0\\x0b\\xcd\\x80\\x31\\xc0\\x40\\xcd\\x80\"; cat-) | ./binario (Shellcode for x86 32 linux)\n\n## Pentesting\n\nCommon ports cheatsheet: https://packetlife.net/media/library/23/common_ports.pdf\n\nEnumeration cheatsheet: https://pentestwiki.org/enumeration-cheat-sheet/\n\n### Recon\n\n* Nmap. Cheatsheet: https://highon.coffee/blog/nmap-cheat-sheet/ \u0026\u0026 https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20NMap%20Quick%20Reference%20Guide.pdf\n\n* S.O recon: \"version of a service https://launchpad.net/\"\n\n* https://sitereport.netcraft.com/\n\n* GUI-DNSRecon: https://www.kitploit.com/2023/02/dnsrecon-gui-dnsrecon-tool-with-gui-for.html\n\n* enum4linux - https://highon.coffee/blog/enum4linux-cheat-sheet/\n\nDig: https://cheatography.com/tme520/cheat-sheets/dig/\n\nwget -nd -r -P /save/location -A jpeg,jpg,bmp,gif,png http://www.somedomain.com\n\nRecursive file download bypassing robots.txt: wget -e robots=off -drc -l5 domain\n\n* Scanning with third parties: https://hackertarget.com/nmap-online-port-scanner/, https://www.ipfingerprints.com/, https://spiderip.com/online-port-scan.php, https://portscanner.standingtech.com/ \u0026\u0026 https://www.yougetsignal.com/tools/open-ports/\n\n* Scanless project: https://github.com/vesche/scanless\n\n* List emails from a domain: https://maildump.co/domain-search\n\n* List domains of a company: Curl https://sonar.omnisint.io/tlds/\u003ccompany name\u003e\n\n* SPF,DKIM,DMARC: https://github.com/MattKeeley/Spoofy \u0026 https://www.kitploit.com/2023/02/email-vulnerablity-checker-find-email.html \u0026 https://github.com/magichk/magicspoofing \u0026\u0026 https://toolbox.googleapps.com/apps/checkmx/\n\n* Company hashes \u0026 passwords: https://www.dehashed.com/\n\n* dnsrecon -d dte.local -n IP - https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/\n\n* Biggest DNS historical data: https://securitytrails.com/\n\n* DNS Host Records: https://hackertarget.com/find-dns-host-records/\n\n* HTTP Header Analysis Vulnerability Tool: https://dnsdumpster.com/\n\n* ReconFTW: https://github.com/six2dez/reconftw\n\n* Autorecon: https://github.com/Tib3rius/AutoRecon\n\n* OSINT gathering tool: https://github.com/s0md3v/Photon\n\n* OSINT gathering tool: https://github.com/laramies/theHarvester\n\n* DNS resolver: https://github.com/d3mondev/puredns\n\n* Sublist3r: https://github.com/aboul3la/Sublist3r\n\n* Ffuf: https://github.com/ffuf/ffuf\n\n* Nuclei: https://github.com/projectdiscovery/nuclei\n\n* Expired domains: https://www.expireddomains.net/\n\n### Web\n\n* Wappalyzer\n\n* whatweb -v -a 3 scanme.nmap.org \n\n* nmap  -p 80 --script=http-* \u003cIP\u003e\n\n* HTTP Header Analysis Vulnerability Tool: https://github.com/Aetsu/gethead/blob/gh-pages/gethead.py\n\n* Feroxbuster\n\n* Gobuster. Cheat Sheet: https://redteamtutorials.com/2018/11/19/gobuster-cheatsheet/\n\n* Burpsuite\n\n* OWASP ZAP, OpenVas, Sparta \u0026 Nikto. Cheat Sheet: https://cdn.comparitech.com/wp-content/uploads/2019/07/NIkto-Cheat-Sheet.webp\n\n* Hydra. Cheat Sheet: hydra -l admin -P /usr/share/wordlists/rockyou.txt IP http-post-form “__csrf_magic=sid%3Ae40fd9611063464c3ff346ffa53b7a28b3cd5971%2C1638348501\u0026usernamefld=admin\u0026passwordfld=^PASS^\u0026login=Sign+In\" || patator http_fuzz url=http://IP/ method=POST \u0026usernamefld=admin\u0026passwordfld=FILE0\u0026login=Sign+In' 0=/usr/share/wordlists/rockyou.txt follow=1 accept_cookie=1 -x ignore:fgrep='Username or Password incorrect'\n\n* hydra -s 22 -l user -P /usr/share/wordlists/rockyou.txt IP -t 4 ssh\n\n* wfuzz. Cheat Sheet: https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz\n\n* 2FA Bypass: https://www.xmind.net/m/8Hkymg/\n\n* Dirbuster. https://mundo-hackers.weebly.com/dirbuster.html\n\n* Linkfinder: https://github.com/GerbenJavado/LinkFinder\n\n* Dirsearch: https://github.com/maurosoria/dirsearch\n\n* Automated All-in-One OS command injection and exploitation tool: https://github.com/commixproject/commix\n\n* Automated XSS tool: https://xsser.03c8.net/\n\n* Automated XSS tool: https://github.com/ssl/ezXSS\n\n* RECOX: https://github.com/samhaxr/recox/blob/master/recox.sh\n\n* SQL payload examples: https://github.com/payloadbox/sql-injection-payload-list\n\n* Command injection: https://github.com/payloadbox/command-injection-payload-list\n\n* XSS in 2021: https://netsec.expert/posts/xss-in-2021/\n\n* SSRF Cheatsheet: https://highon.coffee/blog/ssrf-cheat-sheet/#curl-ssrf-wrappers--url-schema\n\n* WPscan\n\n* XSS firefox extension searcher: https://addons.mozilla.org/es/firefox/addon/knoxss-community-edition/\n\n* Inspect HTTP headers: https://requestbin.net/ \u0026\u0026 https://webhook.site/#!/75039a57-2015-4f74-9612-b762f4353b9b \u0026\u0026 https://securityheaders.com/?q=domain\u0026followRedirects=on\n\nhttps://pentest-tools.com/home\n\nhttps://book.hacktricks.xyz/\n\nhttp://jsonviewer.stack.hu/\n\nhttps://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE\n\nhttps://jorgectf.gitbook.io/awae-oswe-preparation-resources/\n\n* Web Tips: https://www.nccgroup.com/globalassets/our-research/uk/images/common_security_issues_in_financially-orientated_web.pdf.pdf\n\n### Exploit Database\n\n* CVE Search: https://github.com/Anonimo501/cve_search\n\n* https://www.exploit-db.com/\n\n* SearchSploit. Cheat sheet: https://blog.ehcgroup.io/2018/11/27/01/00/39/4198/como-usar-searchsploit-para-encontrar-exploits/hacking/ehacking/\n \n* https://cvexploits.io/\n\n### Docker\n\n Privilege esc: docker run -v /:/mnt --rm -it imagen chroot /mnt sh\n\n### Credentials\n\n* IT Default Creds: https://github.com/ihebski/DefaultCreds-cheat-sheet/blob/main/DefaultCreds-Cheat-Sheet.csv\n* OT Default Creds: https://www.icsrank.com/\n\n### CVE Database Vulnerabilities\n\nhttps://vulners.com/\n\n### Exploitation\n\n* Online reverse shell generator: https://www.revshells.com/\n\n* Reverse shell cheatsheet: https://reconshell.com/reverse-shell-cheat-sheet/ \u0026\u0026 Cheatsheet: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md\n\n* Webshells: https://github.com/BlackArch/webshells\n\n* Popshells: https://github.com/0x00-0x00/ShellPop\n\n* Upgrading Simple Shells to Fully Interactive TTYs: https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/\n\n* crackmapexec - https://cheatsheet.haax.fr/windows-systems/exploitation/crackmapexec/\n\n* Rundll32 commands examples: https://www.jesusninoc.com/04/12/rundll32-commands-for-windows/\n\n* rdesktop IP, proxychains \u003crdesktop\u003e IP\n\n* sqlmap - https://www.security-sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet\n\n* Reverse shell payload generator - Hoaxshell: https://github.com/t3l3machus/hoaxshell\n\n* Running commands on an Microsoft Exchange: https://github.com/WithSecureLabs/peas\n\n* Powerglot: https://github.com/mindcrypt/powerglot\n\n### Active Directory\n   \n* Network Scanner: https://www.softperfect.com/products/networkscanner/\n\n* linWinPwn: https://github.com/lefayjey/linWinPwn\n\n* Mimikatz: https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-mimikatz\n\n* Crackmapexec: https://cheatsheet.haax.fr/windows-systems/exploitation/crackmapexec/\n\n* LDAP enumeration: https://pentestwiki.org/enumeration-cheat-sheet/#h-ldap-enumeration\n\n* Seatbelt check: https://github.com/GhostPack/Seatbelt\n\n* Bloodhound: https://bloodhound.readthedocs.io/en/latest/index.html\n\n* Adalanche: https://www.kitploit.com/2021/08/adalanche-active-directory-acl.html\n\n### Privilege Escalation\n\n#### Windows\n\nsudo apt install peass\n\n* WinPEAS: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS  \n\n* Juicy potato: https://github.com/ohpe/juicy-potato\n\n* PowerUp: https://github.com/PowerShellMafia/PowerSploit/blob/dev/Privesc/PowerUp.ps1\n\n#### Linux\n\n* LinPEAS: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS\n\n* LinEnum: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh\n\n* BeRoot: https://github.com/AlessandroZ/BeRoot/tree/master/Linux\n\n### Legit binaries in a system\n\n* Lolbas from Windows: https://lolbas-project.github.io/\n\n* GTFOBins from Unix Systems: https://gtfobins.github.io/\n\n### AV bypass\n\n* Bypass Windows defender with binaries: https://github.com/Bl4ckM1rror/FUD-UUID-Shellcode\n\n* Shikata ga nai: https://github.com/EgeBalci/sgn\n\n* AV'S evasion: https://github.com/Veil-Framework/Veil-Evasion\n\n* Shellter: https://www.kali.org/tools/shellter/\n\n### Automatic Frameworks\n\n* Metasploit. Cheatsheet: https://github.com/k1000o23/cheat_sheets/blob/master/metasploit_cheat_sheet.pdf\n\n* Kaboom: https://github.com/Leviathan36/kaboom\n\n* Fsociety framework: https://github.com/Manisso/fsociety\n\n* Empire. Cheatsheet: https://github.com/HarmJ0y/CheatSheets/blob/master/Empire.pdf\n\n### Mobile\n\n* Mobile Pentest Cheatsheet: https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet \u0026\u0026 https://github.com/randorisec/MobileHackingCheatSheet\n\n* Automated  Mobile tools: https://github.com/MobSF/Mobile-Security-Framework-MobSF, https://github.com/SUPERAndroidAnalyzer/super\n\n* List of Vulnerable Android Applications: https://github.com/netbiosX/Pentest-Bookmarks/blob/master/Training-Labs/Mobile-Testing/Android-Applications.mdown\n\n* PcapDroid: https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture\u0026hl=es_419\u0026gl=US\n\n### Wifi\n\n* Fing application: https://www.fing.com/\n\n* Wifi analyzer: https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer\u0026hl=es\u0026gl=US\u0026pli=1\n\n* Auditing Wifi: https://github.com/v1s1t0r1sh3r3/airgeddon\n\n* https://en.kali.tools/?p=244\n\n* Wifi Crack: https://github.com/s4vitar/wifiCrack\n\n* Fern: https://github.com/savio-code/fern-wifi-cracker\n\n* EvilTrust: https://github.com/s4vitar/evilTrust\n\n* RomBuster: https://github.com/EntySec/RomBuster\n\nYersinia\n\nBettercap\n\nWifi Pineapple\n\nhttps://linuxhint.com/how_to_aircrack_ng/\n\n* PCAP capture crack: https://www.onlinehashcrack.com/\n\n### Utility\n\n* mount -t cifs IP/SharedResource /mnt/smbmounted -o vers=2.1 \u0026\u0026 * smbclient -U \"\" -N //IP/SharedResource\n\n* dpkg -l to list all the installed programs in a virtual machine. Pipe the output in order to search what you want.\n\n* Msfvenom: https://www.offensive-security.com/metasploit-unleashed/msfvenom/ \u0026 https://www.offensive-security.com/metasploit-unleashed/binary-payloads/\n\n* Nishang: https://github.com/samratashok/nishang\n\n* Are u block?: https://ippsec.rocks/?#\n\n* OSCP-style: https://gist.github.com/s4vitar/b88fefd5d9fbbdcc5f30729f7e06826e\n\n* Pentest-book: https://pentestbook.six2dez.com/ \u0026\u0026 https://book.hacktricks.xyz/pentesting-methodology\n\n* Videos: https://www.youtube.com/c/S4viOnLive\n\n## Malware\n\n### Online engines\n\n* https://www.filescan.io/\n\n* Virustotal: https://www.virustotal.com/gui/home/search\n\n* Online Cuckoo Sandbox: https://sandbox.pikker.ee/\n\n* APK's: https://mobsf.live/ \u0026\u0026 https://koodous.com/\n\n* Joesandbox: https://www.joesandbox.com/#windows\n\n* Kaspersky: https://opentip.kaspersky.com/\n\n* Intezer: https://analyze.intezer.com/scan\n\n* Hybrid Analysis: https://www.hybrid-analysis.com/?lang=es\n\n* Database of counterfeit-related webs: https://desenmascara.me/\n\n* ANY.RUN https://any.run/\n\nhttps://antiscan.me/\n\nhttps://www.virscan.org/\n\n* Polyswarm: https://polyswarm.network\n\nhttps://metadefender.opswat.com/?lang=en\n\n### Distros to analyze malware\n\n* Linux Distro to investigate malware: https://docs.remnux.org/\n\n* Windows Distro to investigate malware: https://github.com/mandiant/flare-vm\n\n* https://github.com/LaurieWired/linux_malware_analysis_container\n\n### Tools\n\n* Sysinternals: https://docs.microsoft.com/en-us/sysinternals/\n\n* Systeminformer: https://systeminformer.sourceforge.io/\n\n* Capa: https://github.com/mandiant/capa\n\n* Detect it easy(packer detector): https://en.kali.tools/?p=1644\n\n* Sysinspector: https://support.eset.com/es/que-es-eset-sysinspector\n\n* Dependency walker from an executable file: https://www.dependencywalker.com/\n\n* Autoruns: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns\n\n* RAM capturer: https://belkasoft.com/ram-capturer\n\n* Recopilation: https://github.com/rshipp/awesome-malware-analysis\n\n* Reverse Engineer's Toolkit: https://github.com/mentebinaria/retoolkit\n\n* PEstudio: https://www.winitor.com/\n\n* Malzilla: https://malzilla.org/\n\n* PROCMON+PCAP: https://www.procdot.com/\n\n* Analyze APK's: https://github.com/quark-engine/quark-engine \u0026\u0026 https://github.com/mvt-project/mvt \u0026\u0026 https://github.com/pjlantz/droidbox\n\n* XORSearch: https://blog.didierstevens.com/programs/xorsearch/\n\n* RAT Decoder: https://github.com/kevthehermit/RATDecoders\n\n* Malwoverview: https://github.com/alexandreborges/malwoverview\n\n* Binary strings defuser: https://github.com/fireeye/flare-floss\n\n* Network analysis of malware (emulate HTTP server): https://github.com/felixweyne/imaginaryC2\n\n* This tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services: https://github.com/mandiant/flare-fakenet-ng\n\n### Free AVs EDRs and Sandboxes\n\n* ClamAV: https://www.clamav.net/downloads#otherversions\n\n* MAC AV: https://www.pcrisk.es/mejores-programas-antivirus/8365-combo-cleaner-antivirus-and-system-optimizer-mac\n\n* Sandbox: https://github.com/CERT-Polska/drakvuf-sandbox\n\n* DragonFly: https://dragonfly.certego.net/register\n\n* Offline Sandbox: https://sandboxie-plus.com/downloads/\n\n* OpenEDR: https://github.com/ComodoSecurity/openedr \n\n### Ransomware\n\n* Ransomware decryption tools: http://files-download.avg.com/util/avgrem/avg_decryptor_Legion.exe, https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor, https://www.nomoreransom.org/es/decryption-tools.htmlm, https://www.avast.com/es-es/ransomware-decryption-tools , https://noransom.kaspersky.com/ , https://www.mcafee.com/enterprise/es-es/downloads/free-tools/ransomware-decryption.html, https://www.mcafee.com/enterprise/en-us/downloads/free-tools.html, https://www.emsisoft.com/ransomware-decryption-tools/, https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/.\n\n* General Overview: https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#\n\n* Ransomware groups: http://edteebo2w2bvwewbjb5wgwxksuwqutbg3lk34ln7jpf3obhy4cvkbuqd.onion/\n\n### APTs\n\n* Intelligence: https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml# \u0026\u0026 https://github.com/StrangerealIntel/EternalLiberty/blob/main/EternalLiberty.csv \u0026\u0026 https://xorl.wordpress.com/\n\n* Threat Actor Knowledge Graph: https://jupyter.securitybreak.io/graph_TA/index.html\n\nAre you an APT target? -\u003e https://lab52.io/\n\n* APT Simulator: https://github.com/NextronSystems/APTSimulator\n\n### Blogs and Information\n\n* Macros: https://blog.didierstevens.com/2021/01/19/video-maldoc-analysis-with-cyberchef/ \u0026\u0026 https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/\n\n* Malware examples/binaries: https://bazaar.abuse.ch/, https://github.com/ytisf/theZoo \u0026 https://malshare.com/\n\n## Utility\n\n* To bypass some filtered ports: nmap -sSV ...\n\n* zip2john backup.zip secret.hash\n\n* john --show secret.hash\n\n* Hexeditor\n\n* nc -nlvp URL port\n\n* Grep\n\n* rgrep (Recursive grep)\n\n* awk\n\n* perl\n\n* tail / head \n\n* curl -Llv domain | curl -b \"protected=d41d8cd98f00b204e9800998ecf8427e\"(cookie) \"domain\"\n\n* Identify -verbose \n\n* Hash-identifier\n\n* cat 'file' | md5sum, sha1sum,sha256sum...\n\n* echo \"string\" | base64 -d \n\n* Strings \n\n* File \n\n* Cewl. Cheat sheet: https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-5-creating-custom-wordlist-with-cewl-0158855/\n\n* Password Recovery Online : https://www.lostmypass.com/try/\n\n* Passwords stored in a computer: https://github.com/AlessandroZ/LaZagne\n\n* Disk Image: https://www.datanumen.com/disk-image-download-thanks/\n\n* crackzip: https://github.com/Xpykerz/CrackZip\n\n* zip2john: https://github.com/openwall/john/blob/bleeding-jumbo/src/zip2john.c\n\n* Common User Passwords Profiler: https://github.com/Mebus/cupp y https://github.com/r3nt0n/bopscrk. \n\n* Dig: https://cheatography.com/tme520/cheat-sheets/dig/\n\n* wget -nd -r -P /save/location -A jpeg,jpg,bmp,gif,png http://www.somedomain.com\n\n* Recursive file download bypassing robots.txt: wget -e robots=off -drc -l5 domain\n\n* [ICMP exfiltration] tshark -r 1pcap_test_1c.pcapng -Y \"icmp\" -Tjson | grep data.data | awk {'print $2'} | cut -c 2-3 | uniq | xxd -r -p \n\n* Oneliners: https://linuxcommandlibrary.com/basic/oneliners.html\n\n* Google information:\n ![image](https://user-images.githubusercontent.com/74070814/147261470-9a738efb-69de-4b89-98aa-be27a9f83d78.png)\n\n\n## Wikis\n\nhttps://github.com/JohnHammond/ctf-katana\n\nhttps://github.com/OpenToAllCTF/Tips\n\nReversing tutorial: https://github.com/mytechnotalent/Reverse-Engineering-Tutorial\n\n\n## Write-Ups\n\nhttps://ctftime.org/writeups\n\nhttps://apsdehal.in/awesome-ctf/\n\nhttps://jorgectf.gitlab.io/\n\nhttps://github.com/0e85dc6eaf/CTF-Writeups\n\nhttps://github.com/RazviOverflow/ctfs\n\nhttps://github.com/DEKRA-CTF/CTFs/tree/main/2020\n\nhttps://medium.com/bugbountywriteup/tryhackme-reversing-elf-writeup-6fd006704148\n\nhttps://github.com/W3rni0/ctf_writeups_archive/tree/master/castorsCTF_2020\n\n\n## Other tools\n\nhttps://github.com/zardus/ctf-tools\n\nhttps://github.com/apsdehal/awesome-ctf\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPh4l4nx%2FCTF-s-Tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPh4l4nx%2FCTF-s-Tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPh4l4nx%2FCTF-s-Tools/lists"}