{"id":413,"url":"https://github.com/apsdehal/awesome-ctf","last_synced_at":"2025-09-29T02:32:30.253Z","repository":{"id":27959517,"uuid":"31452467","full_name":"apsdehal/awesome-ctf","owner":"apsdehal","description":"A curated list of CTF frameworks, libraries, resources and softwares","archived":false,"fork":false,"pushed_at":"2024-07-22T19:59:35.000Z","size":569,"stargazers_count":10733,"open_issues_count":41,"forks_count":1551,"subscribers_count":285,"default_branch":"master","last_synced_at":"2025-09-24T02:02:59.472Z","etag":null,"topics":["awesome","ctf","penetration","security"],"latest_commit_sha":null,"homepage":"https://apsdehal.in/awesome-ctf/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apsdehal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2015-02-28T05:43:09.000Z","updated_at":"2025-09-23T18:55:17.000Z","dependencies_parsed_at":"2024-01-12T17:35:25.196Z","dependency_job_id":"e48dca9e-e66b-449a-8f5e-9babe830d63e","html_url":"https://github.com/apsdehal/awesome-ctf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/apsdehal/awesome-ctf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apsdehal%2Fawesome-ctf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apsdehal%2Fawesome-ctf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apsdehal%2Fawesome-ctf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apsdehal%2Fawesome-ctf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apsdehal","download_url":"https://codeload.github.com/apsdehal/awesome-ctf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apsdehal%2Fawesome-ctf/sbom","scorecard":{"id":204365,"data":{"date":"2025-08-11","repo":{"name":"github.com/apsdehal/awesome-ctf","commit":"eb504b242be3918cbd46e1a5a6274671f477071f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":9,"reason":"Found 28/29 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Creative Commons Zero v1.0 Universal: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T23:22:52.960Z","repository_id":27959517,"created_at":"2025-08-16T23:22:52.960Z","updated_at":"2025-08-16T23:22:52.960Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277456774,"owners_count":25821040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-29T02:00:09.175Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","ctf","penetration","security"],"created_at":"2024-01-05T20:12:54.216Z","updated_at":"2025-09-29T02:32:29.901Z","avatar_url":"https://github.com/apsdehal.png","language":"JavaScript","readme":"# Awesome CTF [![Build Status](https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master)](https://travis-ci.org/apsdehal/awesome-ctf) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\nA curated list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.\n\n### Contributing\n\nPlease take a quick look at the [contribution guidelines](https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md) first.\n\n#### _If you know a tool that isn't present here, feel free to open a pull request._\n\n### Why?\n\nIt takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place.\n\n### Contents\n\n- [Awesome CTF](#awesome-ctf)\n  - [Create](#create)\n    - [Forensics](#forensics)\n    - [Platforms](#platforms)\n    - [Steganography](#steganography)\n    - [Web](#web)\n  - [Solve](#solve)\n    - [Attacks](#attacks)\n    - [Bruteforcers](#bruteforcers)\n    - [Cryptography](#crypto)\n    - [Exploits](#exploits)\n    - [Forensics](#forensics-1)\n    - [Networking](#networking)\n    - [Reversing](#reversing)\n    - [Services](#services)\n    - [Steganography](#steganography-1)\n    - [Web](#web-1)\n\n- [Resources](#resources)\n  - [Operating Systems](#operating-systems)\n  - [Starter Packs](#starter-packs)\n  - [Tutorials](#tutorials)\n  - [Wargames](#wargames)\n  - [Websites](#websites)\n  - [Wikis](#wikis)\n  - [Writeups Collections](#writeups-collections)\n\n\n# Create\n\n*Tools used for creating CTF challenges*\n\n- [Kali Linux CTF Blueprints](https://www.packtpub.com/eu/networking-and-servers/kali-linux-ctf-blueprints) - Online book on building, testing, and customizing your own Capture the Flag challenges.\n\n\n## Forensics\n\n*Tools used for creating Forensics challenges*\n\n- [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS.\n- [Kroll Artifact Parser and Extractor (KAPE)](https://learn.duffandphelps.com/kape) - Triage program.\n- [Magnet AXIOM](https://www.magnetforensics.com/downloadaxiom) - Artifact-centric DFIR tool.\n- [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Dump your registry.\n\n## Platforms\n\n*Projects that can be used to host a CTF*\n\n- [CTFd](https://github.com/isislab/CTFd) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.\n- [echoCTF.RED](https://github.com/echoCTF/echoCTF.RED) - Develop, deploy and maintain your own CTF infrastructure.\n- [FBCTF](https://github.com/facebook/fbctf) - Platform to host Capture the Flag competitions from Facebook.\n- [Haaukins](https://github.com/aau-network-security/haaukins)- A Highly Accessible and Automated Virtualization Platform for Security Education.\n- [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - CTF scoring platform.\n- [Mellivora](https://github.com/Nakiami/mellivora) - A CTF engine written in PHP.\n- [MotherFucking-CTF](https://github.com/andreafioraldi/motherfucking-ctf) - Badass lightweight plaform to host CTFs. No JS involved.\n- [NightShade](https://github.com/UnrealAkama/NightShade) - A simple security CTF framework.\n- [OpenCTF](https://github.com/easyctf/openctf) - CTF in a box. Minimal setup required.\n- [PicoCTF](https://github.com/picoCTF/picoCTF) - The platform used to run picoCTF. A great framework to host any CTF.\n- [PyChallFactory](https://github.com/pdautry/py_chall_factory) - Small framework to create/manage/package jeopardy CTF challenges.\n- [RootTheBox](https://github.com/moloch--/RootTheBox) - A Game of Hackers (CTF Scoreboard \u0026 Game Manager).\n- [Scorebot](https://github.com/legitbs/scorebot) - Platform for CTFs by Legitbs (Defcon).\n- [SecGen](https://github.com/cliffe/SecGen) - Security Scenario Generator. Creates randomly vulnerable virtual machines.\n\n## Steganography\n\n*Tools used to create stego challenges*\n\nCheck solve section for steganography.\n\n## Web\n\n*Tools used for creating Web challenges*\n\n*JavaScript Obfustcators*\n\n- [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit)\n- [Uglify](https://github.com/mishoo/UglifyJS)\n\n\n# Solve\n\n*Tools used for solving CTF challenges*\n\n## Attacks\n\n*Tools used for performing various kinds of attacks*\n\n- [Bettercap](https://github.com/bettercap/bettercap) - Framework to perform MITM (Man in the Middle) attacks.\n- [Yersinia](https://github.com/tomac/yersinia) - Attack various protocols on layer 2.\n\n## Crypto\n\n*Tools used for solving Crypto challenges*\n\n- [CyberChef](https://gchq.github.io/CyberChef) - Web app for analysing and decoding data.\n- [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool.\n- [Hash Extender](https://github.com/iagox86/hash_extender) - A utility tool for performing hash length extension attacks.\n- [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - A CLI tool to execute padding oracle attacks.\n- [PkCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - A tool for Breaking PkZip-encryption.\n- [QuipQuip](https://quipqiup.com) - An online tool for breaking substitution ciphers or vigenere ciphers (without key).\n- [RSACTFTool](https://github.com/Ganapati/RsaCtfTool) - A tool for recovering RSA private key with various attack.\n- [RSATool](https://github.com/ius/rsatool) - Generate private key with knowledge of p and q.\n- [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher.\n\n## Bruteforcers\n\n*Tools used for various kind of bruteforcing (passwords etc.)*\n\n- [Hashcat](https://hashcat.net/hashcat/) - Password Cracker\n- [Hydra](https://tools.kali.org/password-attacks/hydra) - A parallelized login cracker which supports numerous protocols to attack\n- [John The Jumbo](https://github.com/magnumripper/JohnTheRipper) - Community enhanced version of John the Ripper.\n- [John The Ripper](http://www.openwall.com/john/) - Password Cracker.\n- [Nozzlr](https://github.com/intrd/nozzlr) - Nozzlr is a bruteforce framework, trully modular and script-friendly.\n- [Ophcrack](http://ophcrack.sourceforge.net/) - Windows password cracker based on rainbow tables.\n- [Patator](https://github.com/lanjelot/patator) - Patator is a multi-purpose brute-forcer, with a modular design.\n- [Turbo Intruder](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack) - Burp Suite extension for sending large numbers of HTTP requests \n\n## Exploits\n\n*Tools used for solving Exploits challenges*\n\n- [DLLInjector](https://github.com/OpenSecurityResearch/dllinjector) - Inject dlls in processes.\n- [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation.\n- [Metasploit](http://www.metasploit.com/) - Penetration testing software.\n  - [Cheatsheet](https://www.comparitech.com/net-admin/metasploit-cheat-sheet/)\n- [one_gadget](https://github.com/david942j/one_gadget) -  A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.\n  - `gem install one_gadget`\n- [Pwntools](https://github.com/Gallopsled/pwntools) - CTF Framework for writing exploits.\n- [Qira](https://github.com/BinaryAnalysisPlatform/qira) - QEMU Interactive Runtime Analyser.\n- [ROP Gadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation.\n- [V0lt](https://github.com/P1kachu/v0lt) - Security CTF Toolkit.\n\n## Forensics\n\n*Tools used for solving Forensics challenges*\n\n- [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys.\n  - `apt-get install aircrack-ng`\n- [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever).\n  - `apt-get install audacity`\n- [Bkhive and Samdump2](http://sourceforge.net/projects/ophcrack/files/samdump2/) - Dump SYSTEM and SAM files.\n  - `apt-get install samdump2 bkhive`\n- [CFF Explorer](http://www.ntcore.com/exsuite.php) - PE Editor.\n- [Creddump](https://github.com/moyix/creddump) - Dump windows credentials.\n- [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rips web accessible (distributed) version control systems.\n- [Exif Tool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and edit file metadata.\n- [Extundelete](http://extundelete.sourceforge.net/) - Used for recovering lost data from mountable images.\n- [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.\n- [Foremost](http://foremost.sourceforge.net/) - Extract particular kind of files using headers.\n  - `apt-get install foremost`\n- [Fsck.ext4](http://linux.die.net/man/8/fsck.ext3) - Used to fix corrupt filesystems.\n- [Malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool.\n- [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - Network Forensic Analysis Tool.\n- [PDF Streams Inflater](http://malzilla.sourceforge.net/downloads.html) - Find and extract zlib files compressed in PDF files.\n- [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.\n  - `apt-get install pngcheck`\n- [ResourcesExtract](http://www.nirsoft.net/utils/resources_extract.html) - Extract various filetypes from exes.\n- [Shellbags](https://github.com/williballenthin/shellbags) - Investigate NT\\_USER.dat files.\n- [Snow](https://sbmlabs.com/notes/snow_whitespace_steganography_tool) - A Whitespace Steganography Tool.\n- [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.\n- [Volatility](https://github.com/volatilityfoundation/volatility) - To investigate memory dumps.\n- [Wireshark](https://www.wireshark.org) - Used to analyze pcap or pcapng files\n\n*Registry Viewers*\n- [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.\n- [Registry Viewer®](https://accessdata.com/product-download/registry-viewer-2-0-0) - Used to view Windows registries.\n\n## Networking\n\n*Tools used for solving Networking challenges*\n\n- [Masscan](https://github.com/robertdavidgraham/masscan) - Mass IP port scanner, TCP port scanner.\n- [Monit](https://linoxide.com/monitoring-2/monit-linux/) - A linux tool to check a host on the network (and other non-network activities).\n- [Nipe](https://github.com/GouveaHeitor/nipe) - Nipe is a script to make Tor Network your default gateway.\n- [Nmap](https://nmap.org/) - An open source utility for network discovery and security auditing.\n- [Wireshark](https://www.wireshark.org/) - Analyze the network dumps.\n  - `apt-get install wireshark`\n- [Zeek](https://www.zeek.org) - An open-source network security monitor.\n- [Zmap](https://zmap.io/) - An open-source network scanner.\n\n## Reversing\n\n*Tools used for solving Reversing challenges*\n\n- [Androguard](https://github.com/androguard/androguard) - Reverse engineer Android applications.\n- [Angr](https://github.com/angr/angr) - platform-agnostic binary analysis framework.\n- [Apk2Gold](https://github.com/lxdvs/apk2gold) - Yet another Android decompiler.\n- [ApkTool](http://ibotpeaches.github.io/Apktool/) - Android Decompiler.\n- [Barf](https://github.com/programa-stic/barf-project) - Binary Analysis and Reverse engineering Framework.\n- [Binary Ninja](https://binary.ninja/) - Binary analysis framework.\n- [BinUtils](http://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools.\n- [BinWalk](https://github.com/devttys0/binwalk) - Analyze, reverse engineer, and extract firmware images.\n- [Boomerang](https://github.com/BoomerangDecompiler/boomerang) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.\n- [ctf_import](https://github.com/docileninja/ctf_import) – run basic functions from stripped binaries cross platform.\n- [cwe_checker](https://github.com/fkie-cad/cwe_checker) - cwe_checker finds vulnerable patterns in binary executables.\n- [demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries.\n- [Frida](https://github.com/frida/) - Dynamic Code Injection.\n- [GDB](https://www.gnu.org/software/gdb/) - The GNU project debugger.\n- [GEF](https://github.com/hugsy/gef) - GDB plugin.\n- [Ghidra](https://ghidra-sre.org/) - Open Source suite of reverse engineering tools.  Similar to IDA Pro.\n- [Hopper](http://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux.\n- [IDA Pro](https://www.hex-rays.com/products/ida/) - Most used Reversing software.\n- [Jadx](https://github.com/skylot/jadx) - Decompile Android files.\n- [Java Decompilers](http://www.javadecompilers.com) - An online decompiler for Java and Android APKs.\n- [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler and disassembler.\n- [Objection](https://github.com/sensepost/objection) - Runtime Mobile Exploration.\n- [PEDA](https://github.com/longld/peda) - GDB plugin (only python2.7).\n- [Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) - A dynamic binary instrumentaion tool by Intel.\n- [PINCE](https://github.com/korcankaraokcu/PINCE) - GDB front-end/reverse engineering tool, focused on game-hacking and automation.\n- [PinCTF](https://github.com/ChrisTheCoolHut/PinCTF) - A tool which uses intel pin for Side Channel Analysis.\n- [Plasma](https://github.com/joelpx/plasma) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.\n- [Pwndbg](https://github.com/pwndbg/pwndbg) - A GDB plugin that provides a suite of utilities to hack around GDB easily.\n- [radare2](https://github.com/radare/radare2) - A portable reversing framework.\n- [Triton](https://github.com/JonathanSalwan/Triton/) - Dynamic Binary Analysis (DBA) framework.\n- [Uncompyle](https://github.com/gstarnberger/uncompyle) - Decompile Python 2.7 binaries (.pyc).\n- [WinDbg](http://www.windbg.org/) - Windows debugger distributed by Microsoft.\n- [Xocopy](http://reverse.lostrealm.com/tools/xocopy.html) - Program that can copy executables with execute, but no read permission.\n- [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.\n\n*JavaScript Deobfuscators*\n\n- [Detox](http://relentless-coding.org/projects/jsdetox/install) - A Javascript malware analysis tool.\n- [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code.\n\n*SWF Analyzers*\n- [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - Collection of utilities including an ActionScript 3 assembler/disassembler.\n- [Swftools](http://www.swftools.org/) - Collection of utilities to work with SWF files.\n- [Xxxswf](https://bitbucket.org/Alexander_Hanel/xxxswf) -  A Python script for analyzing Flash files.\n\n## Services\n\n*Various kind of useful services available around the internet*\n\n- [CSWSH](http://cow.cat/cswsh.html) - Cross-Site WebSocket Hijacking Tester.\n- [Request Bin](https://requestbin.com/) - Lets you inspect http requests to a particular url.\n\n## Steganography\n\n*Tools used for solving Steganography challenges*\n\n- [AperiSolve](https://aperisolve.fr/) - Aperi'Solve is a platform which performs layer analysis on image (open-source).\n- [Convert](http://www.imagemagick.org/script/convert.php) - Convert images b/w formats and apply filters.\n- [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files.\n- [Exiftool](https://linux.die.net/man/1/exiftool) - Read and write meta information in files.\n- [Exiv2](http://www.exiv2.org/manpage.html) - Image metadata manipulation tool.\n- [Image Steganography](https://sourceforge.net/projects/image-steg/) - Embeds text and files in images with optional encryption. Easy-to-use UI.\n- [Image Steganography Online](https://incoherency.co.uk/image-steganography) - This is a client-side Javascript tool to steganographically hide images inside the lower \"bits\" of other images\n- [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images.\n- [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+\u0026apropos=0\u0026sektion=0\u0026manpath=FreeBSD+Ports+5.1-RELEASE\u0026format=html) - Universal steganographic tool.\n- [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs.\n  - `apt-get install pngtools`\n- [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Used to deblur and fix defocused images.\n- [Steganabara](https://www.openhub.net/p/steganabara) -  Tool for stegano analysis written in Java.\n- [SteganographyOnline](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder.\n- [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image.\n- [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.\n- [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images.\n- [Steghide](http://steghide.sourceforge.net/) - Hide data in various kind of images.\n- [StegOnline](https://georgeom.net/StegOnline/upload) - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).\n- [Stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) - Apply various steganography techniques to images.\n- [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis.\n\n## Web\n\n*Tools used for solving Web challenges*\n\n- [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security.\n- [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection and Exploitation Tool.\n- [Hackbar](https://addons.mozilla.org/en-US/firefox/addon/hackbartool/) - Firefox addon for easy web exploitation.\n- [OWASP ZAP](https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses\n- [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Add on for chrome for debugging network requests.\n- [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning.\n- [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool.\n  ```pip install sqlmap```\n- [W3af](https://github.com/andresriancho/w3af) -  Web Application Attack and Audit Framework.\n- [XSSer](http://xsser.sourceforge.net/) - Automated XSS testor.\n\n\n# Resources\n\n*Where to discover about CTF*\n\n## Operating Systems\n\n*Penetration testing and security lab Operating Systems*\n\n- [Android Tamer](https://androidtamer.com/) - Based on Debian.\n- [BackBox](https://backbox.org/) - Based on Ubuntu.\n- [BlackArch Linux](https://blackarch.org/) - Based on Arch Linux.\n- [Fedora Security Lab](https://labs.fedoraproject.org/security/) - Based on Fedora.\n- [Kali Linux](https://www.kali.org/) - Based on Debian.\n- [Parrot Security OS](https://www.parrotsec.org/) - Based on Debian.\n- [Pentoo](http://www.pentoo.ch/) - Based on Gentoo.\n- [URIX OS](http://urix.us/) - Based on openSUSE.\n- [Wifislax](http://www.wifislax.com/) - Based on Slackware.\n\n*Malware analysts and reverse-engineering*\n\n- [Flare VM](https://github.com/fireeye/flare-vm/) - Based on Windows.\n- [REMnux](https://remnux.org/) - Based on Debian.\n\n## Starter Packs\n\n*Collections of installer scripts, useful tools*\n\n- [CTF Tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools.\n- [LazyKali](https://github.com/jlevitsk/lazykali) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.\n\n## Tutorials\n\n*Tutorials to learn how to play CTFs*\n\n- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Field Guide by Trails of Bits.\n- [CTF Resources](http://ctfs.github.io/resources/) -  Start Guide maintained by community.\n- [How to Get Started in CTF](https://www.endgame.com/blog/how-get-started-ctf) - Short guideline for CTF beginners by Endgame\n- [Intro. to CTF Course](https://www.hoppersroppers.org/courseCTF.html) - A free course that teaches beginners the basics of forensics, crypto, and web-ex.\n- [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) - Video tutorials and walkthroughs of popular CTF platforms.\n- [LiveOverFlow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Video tutorials on Exploitation.\n- [MIPT CTF](https://github.com/xairy/mipt-ctf) - A small course for beginners in CTFs (in Russian).\n\n\n## Wargames\n\n*Always online CTFs*\n\n- [Backdoor](https://backdoor.sdslabs.co/) - Security Platform by SDSLabs.\n- [Crackmes](https://crackmes.one/) - Reverse Engineering Challenges.\n- [CryptoHack](https://cryptohack.org/) - Fun cryptography challenges.\n- [echoCTF.RED](https://echoctf.red/) - Online CTF with a variety of targets to attack.\n- [Exploit Exercises](https://exploit-exercises.lains.space/) - Variety of VMs to learn variety of computer security issues.\n- [Exploit.Education](http://exploit.education) - Variety of VMs to learn variety of computer security issues.\n- [Gracker](https://github.com/Samuirai/gracker) - Binary challenges having a slow learning curve, and write-ups for each level.\n- [Hack The Box](https://www.hackthebox.eu) - Weekly CTFs for all types of security enthusiasts.\n- [Hack This Site](https://www.hackthissite.org/) - Training ground for hackers.\n- [Hacker101](https://www.hacker101.com/) - CTF from HackerOne\n- [Hacking-Lab](https://hacking-lab.com/) - Ethical hacking, computer network and security challenge platform.\n- [Hone Your Ninja Skills](https://honeyourskills.ninja/) - Web challenges starting from basic ones.\n- [IO](http://io.netgarage.org/) - Wargame for binary challenges.\n- [Microcorruption](https://microcorruption.com) - Embedded security CTF.\n- [Over The Wire](http://overthewire.org/wargames/) - Wargame maintained by OvertheWire Community.\n- [PentesterLab](https://pentesterlab.com/) - Variety of VM and online challenges (paid).\n- [PicoCTF](https://2019game.picoctf.com) - All year round ctf game. Questions from the yearly picoCTF competition.\n- [PWN Challenge](http://pwn.eonew.cn/) - Binary Exploitation Wargame.\n- [Pwnable.kr](http://pwnable.kr/) - Pwn Game.\n- [Pwnable.tw](https://pwnable.tw/) - Binary wargame.\n- [Pwnable.xyz](https://pwnable.xyz/) - Binary Exploitation Wargame.\n- [Reversin.kr](http://reversing.kr/) - Reversing challenge.\n- [Ringzer0Team](https://ringzer0team.com/) - Ringzer0 Team Online CTF.\n- [Root-Me](https://www.root-me.org/) - Hacking and Information Security learning platform.\n- [ROP Wargames](https://github.com/xelenonz/game) - ROP Wargames.\n- [SANS HHC](https://holidayhackchallenge.com/past-challenges/) - Challenges with a holiday theme\n  released annually and maintained by SANS.\n- [SmashTheStack](http://smashthestack.org/) - A variety of wargames maintained by the SmashTheStack Community.\n- [Viblo CTF](https://ctf.viblo.asia) - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.\n- [VulnHub](https://www.vulnhub.com/) - VM-based for practical in digital security, computer application \u0026 network administration.\n- [W3Challs](https://w3challs.com) - A penetration testing training platform, which offers various computer challenges, in various categories.\n- [WebHacking](http://webhacking.kr) - Hacking challenges for web.\n\n\n*Self-hosted CTFs*\n- [Damn Vulnerable Web Application](http://www.dvwa.co.uk/) - PHP/MySQL web application that is damn vulnerable.\n- [Juice Shop CTF](https://github.com/bkimminich/juice-shop-ctf) - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily.\n\n## Websites\n\n*Various general websites about and on CTF*\n\n- [Awesome CTF Cheatsheet](https://github.com/uppusaikiran/awesome-ctf-cheatsheet#awesome-ctf-cheatsheet-) - CTF Cheatsheet.\n- [CTF Time](https://ctftime.org/) - General information on CTF occuring around the worlds.\n- [Reddit Security CTF](http://www.reddit.com/r/securityctf) - Reddit CTF category.\n\n## Wikis\n\n*Various Wikis available for learning about CTFs*\n\n- [Bamboofox](https://bamboofox.github.io/) - Chinese resources to learn CTF.\n- [bi0s Wiki](https://teambi0s.gitlab.io/bi0s-wiki/) - Wiki from team bi0s.\n- [CTF Cheatsheet](https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/) - CTF tips and tricks.\n- [ISIS Lab](https://github.com/isislab/Project-Ideas/wiki) - CTF Wiki by Isis lab.\n- [OpenToAll](https://github.com/OpenToAllCTF/Tips) - CTF tips by OTA CTF team members.\n\n## Writeups Collections\n\n*Collections of CTF write-ups*\n\n- [0e85dc6eaf](https://github.com/0e85dc6eaf/CTF-Writeups) - Write-ups for CTF challenges by 0e85dc6eaf\n- [Captf](http://captf.com/) - Dumped CTF challenges and materials by psifertex.\n- [CTF write-ups (community)](https://github.com/ctfs/) - CTF challenges + write-ups archive maintained by the community.\n- [CTFTime Scrapper](https://github.com/abdilahrf/CTFWriteupScrapper) - Scraps all writeup from CTF Time and organize which to read first.\n- [HackThisSite](https://github.com/HackThisSite/CTF-Writeups) - CTF write-ups repo maintained by HackThisSite team.\n- [Mzfr](https://github.com/mzfr/ctf-writeups/) - CTF competition write-ups by mzfr\n- [pwntools writeups](https://github.com/Gallopsled/pwntools-write-ups) - A collection of CTF write-ups all using pwntools.\n- [SababaSec](https://github.com/SababaSec/ctf-writeups) - A collection of CTF write-ups by the SababaSec team\n- [Shell Storm](http://shell-storm.org/repo/CTF/) - CTF challenge archive maintained by Jonathan Salwan.\n- [Smoke Leet Everyday](https://github.com/smokeleeteveryday/CTF_WRITEUPS) - CTF write-ups repo maintained by SmokeLeetEveryday team.\n\n### LICENSE\n\nCC0 :)\n","funding_links":[],"categories":["Security","Technical","Other Awesome Security Lists","Audi-1's SQLi-LABS","Go","Other Awesome Lists","Coordinated disclosure","Other","JavaScript (485)","Online Resources","Related Awesome Lists","JavaScript","Table of Contents","🔐 Security","Uncategorized","Awesome Lists","\u003ca id=\"c7f35432806520669b15a28161a4d26a\"\u003e\u003c/a\u003eCTF\u0026\u0026HTB","HarmonyOS","CTFs","Capture The Flag (CTF)","其他_安全与渗透","Live Site:   [searchAwesome](https://search-awesome.vercel.app/)","Entries","Awesome Penetration Testing","Awesome Repositories","[↑](#-table-of-contents) Related Awesome Lists","Awesome Penetration Testing (\"https://github.com/Muhammd/Awesome-Pentest\")","Responsible disclosure","CTF Tools / Resources / Courses","安全","awesome","Other Lists","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","📘 Valuable Repositories","Resources","Other Security Awesome Lists","Technologies","Here is a collection of hackers, pentesters, security researchers, scripts and more:","Footnotes","Themed Directories","Programming/Comp Sci/SE Things","Courses"],"sub_categories":["awesome-*","Cloud","CTF Courses","Episodes","Other Security Awesome Lists","JavaScript","Other Resources","Other Lists Online","Other","Awesome Repos","Uncategorized","Defcon Suggested Reading","\u003ca id=\"30c4df38bcd1abaaaac13ffda7d206c6\"\u003e\u003c/a\u003e收集","Windows Manager","Other Sources","网络服务_其他","Labs","Training","Awesome Lists","[↑](#-table-of-contents) Telegram","Awesome Repositories","TeX Lists","Documentation","Wifi Tools","CTF","See Also","Crypto","CTF Repos"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapsdehal%2Fawesome-ctf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapsdehal%2Fawesome-ctf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapsdehal%2Fawesome-ctf/lists"}