Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-CTF


https://github.com/cyberheartmi9/awesome-CTF

  • Dnscat - Hosts communication through DNS
  • Registry Dumper - Dump your registry
  • Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
  • Audacity - Analyze sound files (mp3, m4a, whatever)
  • Bkhive and Samdump2 - Dump SYSTEM and SAM files
  • CFF Explorer - PE Editor
  • Creddump - Dump windows credentials
  • DVCS Ripper - Rips web accessible (distributed) version control systems
  • Exif Tool - Read, write and edit file metadata
  • Extundelete - Used for recovering lost data from mountable images
  • Fibratus - Tool for exploration and tracing of the Windows kernel
  • Foremost - Extract particular kind of files using headers
  • Fsck.ext4 - Used to fix corrupt filesystems
  • Malzilla - Malware hunting tool
  • NetworkMiner - Network Forensic Analysis Tool
  • PDF Streams Inflater - Find and extract zlib files compressed in PDF files
  • ResourcesExtract - Extract various filetypes from exes
  • Shellbags - Investigate NT\_USER.dat files
  • UsbForensics - Contains many tools for usb forensics
  • Volatility - To investigate memory dumps
  • RegistryViewer - Used to view windows registries
  • Windows Registry Viewers - More registry viewers
  • CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon
  • FBCTF - Platform to host Capture the Flag competitions from Facebook
  • HackTheArch - CTF scoring platform
  • Mellivora - A CTF engine written in PHP
  • NightShade - A simple security CTF framework
  • OpenCTF - CTF in a box. Minimal setup required
  • PicoCTF Platform 2 - A genericized version of picoCTF 2014 that can be easily adapted to host CTF or programming competitions.
  • PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges
  • RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager
  • Scorebot - Platform for CTFs by Legitbs (Defcon)
  • SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines
  • Convert - Convert images b/w formats and apply filters
  • Exif - Shows EXIF information in JPEG files
  • Exiftool - Read and write meta information in files
  • Exiv2 - Image metadata manipulation tool
  • ImageMagick - Tool for manipulating images
  • Outguess - Universal steganographic tool
  • Pngtools - For various analysis related to PNGs
  • SmartDeblur - Used to deblur and fix defocused images
  • Steganabara - Tool for stegano analysis written in Java
  • Stegbreak - Launches brute-force dictionary attacks on JPG image
  • Steghide - Hide data in various kind of images
  • Stegsolve - Apply various steganography techniques to images
  • Metasploit JavaScript Obfustcator
  • Uglify
  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar - Firefox addon for easy web exploitation
  • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman - Add on for chrome for debugging network requests
  • SQLMap - Automatic SQL injection and database takeover tooli
  • W3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor
  • Bettercap - Framework to perform MITM (Man in the Middle) attacks.
  • Layer 2 attacks - Attack various protocols on layer 2
  • FeatherDuster - An automated, modular cryptanalysis tool
  • Hash Extender - A utility tool for performing hash length extension attacks
  • PkCrack - A tool for Breaking PkZip-encryption
  • RSATool - Generate private key with knowledge of p and q
  • XORTool - A tool to analyze multi-byte xor cipher
  • Hashcat - Password Cracker
  • John The Jumbo - Community enhanced version of John the Ripper
  • John The Ripper - Password Cracker
  • Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack - Windows password cracker based on rainbow tables.
  • Patator - Patator is a multi-purpose brute-forcer, with a modular design.
  • DLLInjector - Inject dlls in processes
  • libformatstr - Simplify format string exploitation.
  • Metasploit - Penetration testing software
  • one_gadget - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call
  • Pwntools - CTF Framework for writing exploits
  • Qira - QEMU Interactive Runtime Analyser
  • ROP Gadget - Framework for ROP exploitation
  • V0lt - Security CTF Toolkit
  • Masscan - Mass IP port scanner, TCP port scanner
  • Nipe - Nipe is a script to make Tor Network your default gateway.
  • Nmap - open source utility for network discovery and security auditing
  • Wireshark - Analyze the network dumps
  • Zmap - an open-source network scanner
  • Androguard - Reverse engineer Android applications
  • Angr - platform-agnostic binary analysis framework
  • Apk2Gold - Yet another Android decompiler
  • ApkTool - Android Decompiler
  • Barf - Binary Analysis and Reverse engineering Framework
  • Binary Ninja - Binary analysis framework
  • BinUtils - Collection of binary tools
  • BinWalk - Analyze, reverse engineer, and extract firmware images.
  • Boomerang - Decompile x86 binaries to C
  • ctf_import
  • GDB - The GNU project debugger
  • GEF - GDB plugin
  • Hopper - Reverse engineering tool (disassembler) for OSX and Linux
  • IDA Pro - Most used Reversing software
  • Jadx - Decompile Android files
  • Java Decompilers - An online decompiler for Java and Android APKs
  • Krakatau - Java decompiler and disassembler
  • PEDA - GDB plugin (only python2.7)
  • Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 - A portable reversing framework
  • Uncompyle - Decompile Python 2.7 binaries (.pyc)
  • WinDbg - Windows debugger distributed by Microsoft
  • Xocopy - Program that can copy executables with execute, but no read permission
  • Z3 - a theorem prover from Microsoft Research
  • Detox - A Javascript malware analysis tool
  • Revelo - Analyze obfuscated Javascript code
  • RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools - Collection of utilities to work with SWF files
  • Xxxswf - A Python script for analyzing Flash files.
  • CSWSH - Cross-Site WebSocket Hijacking Tester
  • Request Bin - Lets you inspect http requests to a particular url
  • BackBox - Based on Ubuntu
  • BlackArch Linux - Based on Arch Linux
  • Fedora Security Lab - Based on Fedora
  • Kali Linux - Based on Debian
  • Parrot Security OS - Based on Debian
  • Pentoo - Based on Gentoo
  • URIX OS - Based on openSUSE
  • Wifislax - Based on Slackware
  • REMnux - Based on Debian
  • CTF Tools - Collection of setup scripts to install various security research tools.
  • LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
  • CTF Field Guide - Field Guide by Trails of Bits
  • CTF Resources - Start Guide maintained by community
  • Damn Vulnerable Web Application
  • How to Get Started in CTF - Short guideline for CTF beginners by Endgame
  • MIPT CTF - A small course for beginners in CTFs (in Russian)
  • Backdoor - Security Platform by SDSLabs.
  • Ctfs.me - CTF All the time
  • Exploit Exercises - Variety of VMs to learn variety of computer security issues.
  • Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
  • Hack The Box - Weekly CTFs for all types of security enthusiasts.
  • Hack This Site - Training ground for hackers.
  • IO - Wargame for binary challenges.
  • Over The Wire - Wargame maintained by OvertheWire Community
  • Pwnable.kr - Pwn Game
  • Ringzer0Team - Ringzer0 Team Online CTF
  • SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
  • VulnHub - VM-based for practical in digital security, computer application & network administration.
  • WebHacking - Hacking challenges for web.
  • WeChall - Always online challenge site.
  • WTHack OnlineCTF - CTF Practice platform for every level of cyber security enthusiasts.
  • Juice Shop CTF - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily.
  • CTF Time - General information on CTF occuring around the worlds
  • Reddit Security CTF - Reddit CTF category
  • Bamboofox - Chinese resources to learn CTF
  • ISIS Lab - CTF Wiki by Isis lab
  • OpenToAll - Open To All Knowledge Base
  • Captf - Dumped CTF challenges and materials by psifertex
  • CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community
  • CTFTime Scrapper - Scraps all writeup from ctf time and organize which to read first
  • pwntools writeups - A collection of CTF write-ups all using pwntools
  • Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.
Programming Languages
Python 29 C 4 Shell 3 C++ 3 Ruby 2 JavaScript 1 PHP 1 Go 1 Perl 1 python 1
Keywords
python 10 security 7 ctf 7 reverse-engineering 5 pentesting 4 exploit 4 pwnable 3 exploitation 3 linux 3 pwntools 2 python3 2 rop 2 shellcode 2 security-ctf 2 android 2 dex 2 pwn 2 binary-ninja 2 debugging 2 malware-analysis 2 ida-pro 2 gef 2 gdb 2 cryptanalysis 2 cryptography 2 capture-the-flag 2 ctf-framework 2 detection 2 takeover 2 vulnerability-scanner 2 sql-injection 2 glibc 1 libc 1 one-gadget-rce 1 brute-force 1 shell 1 arm 1 binary-analysis 1 reil 1 x86 1 infosec 1 bruteforce 1 discord 1 exploit-development 1 xortool 1 xor-cipher 1 shellcoding 1 wargame 1 binary-exploitation 1 shellcode-development 1