Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-ctf

Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
Dnscat2 - Hosts communication through DNS.
Kroll Artifact Parser and Extractor (KAPE) - Triage program.
Magnet AXIOM - Artifact-centric DFIR tool.
Registry Dumper - Dump your registry.
Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
Audacity - Analyze sound files (mp3, m4a, whatever).
Bkhive and Samdump2 - Dump SYSTEM and SAM files.
CFF Explorer - PE Editor.
Creddump - Dump windows credentials.
DVCS Ripper - Rips web accessible (distributed) version control systems.
Exif Tool - Read, write and edit file metadata.
Extundelete - Used for recovering lost data from mountable images.
Fibratus - Tool for exploration and tracing of the Windows kernel.
Foremost - Extract particular kind of files using headers.
Fsck.ext4 - Used to fix corrupt filesystems.
Malzilla - Malware hunting tool.
NetworkMiner - Network Forensic Analysis Tool.
PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
ResourcesExtract - Extract various filetypes from exes.
Shellbags - Investigate NT\_USER.dat files.
Snow - A Whitespace Steganography Tool.
USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
Volatility - To investigate memory dumps.
Wireshark - Used to analyze pcap or pcapng files
OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
Registry Viewer® - Used to view Windows registries.
CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
echoCTF.RED - Develop, deploy and maintain your own CTF infrastructure.
FBCTF - Platform to host Capture the Flag competitions from Facebook.
Haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education.
HackTheArch - CTF scoring platform.
Mellivora - A CTF engine written in PHP.
MotherFucking-CTF - Badass lightweight plaform to host CTFs. No JS involved.
NightShade - A simple security CTF framework.
OpenCTF - CTF in a box. Minimal setup required.
PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.
RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).
Scorebot - Platform for CTFs by Legitbs (Defcon).
SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.
AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
Convert - Convert images b/w formats and apply filters.
Exif - Shows EXIF information in JPEG files.
Exiftool - Read and write meta information in files.
Exiv2 - Image metadata manipulation tool.
Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
ImageMagick - Tool for manipulating images.
Outguess - Universal steganographic tool.
Pngtools - For various analysis related to PNGs.
SmartDeblur - Used to deblur and fix defocused images.
Steganabara - Tool for stegano analysis written in Java.
SteganographyOnline - Online steganography encoder and decoder.
Stegbreak - Launches brute-force dictionary attacks on JPG image.
StegCracker - Steganography brute-force utility to uncover hidden data inside files.
stegextract - Detect hidden files and text in images.
Steghide - Hide data in various kind of images.
StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
Stegsolve - Apply various steganography techniques to images.
Zsteg - PNG/BMP analysis.
Metasploit JavaScript Obfuscator
Uglify
BurpSuite - A graphical tool to testing website security.
Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
Hackbar - Firefox addon for easy web exploitation.
OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
Postman - Add on for chrome for debugging network requests.
Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
SQLMap - Automatic SQL injection and database takeover tool.
W3af - Web Application Attack and Audit Framework.
XSSer - Automated XSS testor.
Bettercap - Framework to perform MITM (Man in the Middle) attacks.
Yersinia - Attack various protocols on layer 2.
CyberChef - Web app for analysing and decoding data.
FeatherDuster - An automated, modular cryptanalysis tool.
Hash Extender - A utility tool for performing hash length extension attacks.
padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
PkCrack - A tool for Breaking PkZip-encryption.
QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
RSACTFTool - A tool for recovering RSA private key with various attack.
RSATool - Generate private key with knowledge of p and q.
XORTool - A tool to analyze multi-byte xor cipher.
Hashcat - Password Cracker
Hydra - A parallelized login cracker which supports numerous protocols to attack
John The Jumbo - Community enhanced version of John the Ripper.
John The Ripper - Password Cracker.
Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
Ophcrack - Windows password cracker based on rainbow tables.
Patator - Patator is a multi-purpose brute-forcer, with a modular design.
Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests
DLLInjector - Inject dlls in processes.
libformatstr - Simplify format string exploitation.
Metasploit - Penetration testing software.
Cheatsheet
one_gadget - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.
Pwntools - CTF Framework for writing exploits.
Qira - QEMU Interactive Runtime Analyser.
ROP Gadget - Framework for ROP exploitation.
V0lt - Security CTF Toolkit.
Masscan - Mass IP port scanner, TCP port scanner.
Monit - A linux tool to check a host on the network (and other non-network activities).
Nipe - Nipe is a script to make Tor Network your default gateway.
Nmap - An open source utility for network discovery and security auditing.
Wireshark - Analyze the network dumps.
Zeek - An open-source network security monitor.
Zmap - An open-source network scanner.
Androguard - Reverse engineer Android applications.
Angr - platform-agnostic binary analysis framework.
Apk2Gold - Yet another Android decompiler.
ApkTool - Android Decompiler.
Barf - Binary Analysis and Reverse engineering Framework.
Binary Ninja - Binary analysis framework.
BinUtils - Collection of binary tools.
BinWalk - Analyze, reverse engineer, and extract firmware images.
Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
ctf_import
cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.
Frida - Dynamic Code Injection.
GDB - The GNU project debugger.
GEF - GDB plugin.
Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
IDA Pro - Most used Reversing software.
Jadx - Decompile Android files.
Java Decompilers - An online decompiler for Java and Android APKs.
Krakatau - Java decompiler and disassembler.
Objection - Runtime Mobile Exploration.
PEDA - GDB plugin (only python2.7).
Pin - A dynamic binary instrumentaion tool by Intel.
PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
PinCTF - A tool which uses intel pin for Side Channel Analysis.
Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
radare2 - A portable reversing framework.
Triton - Dynamic Binary Analysis (DBA) framework.
Uncompyle - Decompile Python 2.7 binaries (.pyc).
WinDbg - Windows debugger distributed by Microsoft.
Xocopy - Program that can copy executables with execute, but no read permission.
Z3 - A theorem prover from Microsoft Research.
Detox - A Javascript malware analysis tool.
Revelo - Analyze obfuscated Javascript code.
RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
Swftools - Collection of utilities to work with SWF files.
Xxxswf - A Python script for analyzing Flash files.
CSWSH - Cross-Site WebSocket Hijacking Tester.
Request Bin - Lets you inspect http requests to a particular url.
Android Tamer - Based on Debian.
BackBox - Based on Ubuntu.
BlackArch Linux - Based on Arch Linux.
Fedora Security Lab - Based on Fedora.
Kali Linux - Based on Debian.
Parrot Security OS - Based on Debian.
Pentoo - Based on Gentoo.
URIX OS - Based on openSUSE.
Wifislax - Based on Slackware.
Flare VM - Based on Windows.
REMnux - Based on Debian.
CTF Tools - Collection of setup scripts to install various security research tools.
LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
CTF Field Guide - Field Guide by Trails of Bits.
CTF Resources - Start Guide maintained by community.
How to Get Started in CTF - Short guideline for CTF beginners by Endgame
Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
IppSec - Video tutorials and walkthroughs of popular CTF platforms.
LiveOverFlow - Video tutorials on Exploitation.
MIPT CTF - A small course for beginners in CTFs (in Russian).
Backdoor - Security Platform by SDSLabs.
Crackmes - Reverse Engineering Challenges.
CryptoHack - Fun cryptography challenges.
echoCTF.RED - Develop, deploy and maintain your own CTF infrastructure.
Exploit Exercises - Variety of VMs to learn variety of computer security issues.
Exploit.Education - Variety of VMs to learn variety of computer security issues.
Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
Hack The Box - Weekly CTFs for all types of security enthusiasts.
Hack This Site - Training ground for hackers.
Hacker101 - CTF from HackerOne
Hacking-Lab - Ethical hacking, computer network and security challenge platform.
Hone Your Ninja Skills - Web challenges starting from basic ones.
IO - Wargame for binary challenges.
Microcorruption - Embedded security CTF.
Over The Wire - Wargame maintained by OvertheWire Community.
PentesterLab - Variety of VM and online challenges (paid).
PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
PWN Challenge - Binary Exploitation Wargame.
Pwnable.kr - Pwn Game.
Pwnable.tw - Binary wargame.
Pwnable.xyz - Binary Exploitation Wargame.
Reversin.kr - Reversing challenge.
Ringzer0Team - Ringzer0 Team Online CTF.
Root-Me - Hacking and Information Security learning platform.
ROP Wargames - ROP Wargames.
SANS HHC - Challenges with a holiday theme
SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
VulnHub - VM-based for practical in digital security, computer application & network administration.
W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
WebHacking - Hacking challenges for web.
Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
Juice Shop CTF - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily.
Awesome CTF Cheatsheet - CTF Cheatsheet.
CTF Time - General information on CTF occuring around the worlds.
Reddit Security CTF - Reddit CTF category.
Bamboofox - Chinese resources to learn CTF.
bi0s Wiki - Wiki from team bi0s.
CTF Cheatsheet - CTF tips and tricks.
ISIS Lab - CTF Wiki by Isis lab.
OpenToAll - CTF tips by OTA CTF team members.
0e85dc6eaf - Write-ups for CTF challenges by 0e85dc6eaf
Captf - Dumped CTF challenges and materials by psifertex.
CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community.
CTFTime Scrapper - Scraps all writeup from CTF Time and organize which to read first.
HackThisSite - CTF write-ups repo maintained by HackThisSite team.
Mzfr - CTF competition write-ups by mzfr
pwntools writeups - A collection of CTF write-ups all using pwntools.
SababaSec - A collection of CTF write-ups by the SababaSec team
Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.

Programming Languages

Python 40 C 5 C++ 4 Shell 4 PHP 3 Go 3 Rust 2 JavaScript 2 Ruby 2 TypeScript 1

Keywords

ctf 16 security 10 python 10 reverse-engineering 9 pentesting 7 hacking 5 vulnerability-scanner 4 linux 4 exploit 4 cryptography 3 cybersecurity 3 gdb 3 capture-the-flag 3 pentest 3 android 3 pwnable 3 ctf-writeups 3 exploitation 3 penetration-testing 3 python3 3 infosec 2 ctf-framework 2 scanner 2 virtualization 2 security-scanner 2 malware-analysis 2 ida-pro 2 gef 2 decompiler 2 debugging 2 binary-ninja 2 hacking-tool 2 pwn 2 sparc 2 brute-force 2 detection 2 golang 2 writeups 2 instrumentation 2 windows 2 ctf-solutions 2 security-ctf 2 takeover 2 dex 2 cryptanalysis 2 crypto 2 encryption 2 shellcode 2 rop 2 pwntools 2