Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-ctf-resources

A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
https://github.com/devploit/awesome-ctf-resources

  • CTFd - Platform to host jeopardy style CTFs.
  • FBCTF - Facebook CTF platform to host Jeopardy and "King of the Hill" CTF competitions.
  • HackTheArch - Scoring server for CTF competitions.
  • kCTF - Kubernetes-based infrastructure for CTF competitions.
  • LibreCTF - CTF platform from EasyCTF.
  • Mellivora - CTF engine written in PHP.
  • NightShade - Simple CTF framework.
  • picoCTF - Infrastructure used to run picoCTF.
  • rCTF - CTF platform maintained by the [redpwn](https://github.com/redpwn/rctf) CTF team.
  • RootTheBox - CTF scoring engine for wargames.
  • ImaginaryCTF - Platform to host CTFs.
  • Belkasoft RAM Capturer - Volatile Memory Acquisition Tool.
  • Dnscat2 - Hosts communication through DNS.
  • Magnet AXIOM 2.0 - Artifact-centric DFIR tool.
  • Registry Dumper - Tool to dump Windows Registry.
  • A-Packets - Effortless PCAP File Analysis in Your Browser.
  • Autopsy - End-to-end open source digital forensics platform.
  • Binwalk - Firmware Analysis Tool.
  • Bulk-extractor - High-performance digital forensics exploitation tool.
  • Bkhive & samdump2 - Dump SYSTEM and SAM files.
  • ChromeCacheView - Small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.
  • Creddump - Dump Windows credentials.
  • Exiftool - Read, write and edit file metadata.
  • Extundelete - Utility that can recover deleted files from an ext3 or ext4 partition.
  • firmware-mod-kit - Modify firmware images without recompiling.
  • Foremost - Console program to recover files based on their headers, footers, and internal data structures.
  • Forensic Toolkit - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.
  • Forensically - Free online tool to analysis image this tool has many features.
  • MZCacheView - Small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.
  • NetworkMiner
  • OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive.
  • photorec - File data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.
  • Registry Viewer - Tool to view Windows registers.
  • Scalpel - Open source data carving tool.
  • The Sleuth Kit - Collection of command line tools and a C library that allows you to analyze disk images and recover files from them.
  • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility - An advanced memory forensics framework.
  • Wireshark - Tool to analyze pcap or pcapng files.
  • X-Ways - Advanced work environment for computer forensic examiners.
  • AperiSolve - Platform which performs layer analysis on images.
  • BPStegano - Python3 based LSB steganography.
  • DeepSound - Freeware steganography tool and audio converter that hides secret data into audio files.
  • DTMF Detection - Audio frequencies common to a phone button.
  • DTMF Tones - Audio frequencies common to a phone button.
  • Exif - Shows EXIF information in JPEG files.
  • Exiv2 - Image metadata manipulation tool.
  • FotoForensics - Provides budding researchers and professional investigators access to cutting-edge tools for digital photo forensics.
  • hipshot - Tool to converts a video file or series of photographs into a single image simulating a long-exposure photograph.
  • Image Error Level Analyzer - Tool to analyze digital images. It's also free and web based. It features error level analysis, clone detection and more.
  • Image Steganography - Client-side Javascript tool to steganographically hide/unhide images inside the lower "bits" of other images.
  • ImageMagick - Tool for manipulating images.
  • jsteg - Command-line tool to use against JPEG images.
  • Magic Eye Solver - Get hidden information from images.
  • Outguess - Universal steganographic tool.
  • Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
  • Pngtools - For various analysis related to PNGs.
  • sigBits - Steganography significant bits image decoder.
  • SmartDeblur - Restoration of defocused and blurred photos/images.
  • Snow - Whitespace Steganography Tool
  • Sonic Visualizer - Audio file visualization.
  • Steganography Online - Online steganography encoder and decoder.
  • Stegbreak - Launches brute-force dictionary attacks on JPG image.
  • StegCracker - Brute-force utility to uncover hidden data inside files.
  • stegextract - Detect hidden files and text in images.
  • Steghide - Hide data in various kinds of image- and audio-files.
  • StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits.
  • Stegosaurus - A steganography tool for embedding payloads within Python bytecode.
  • StegoVeritas - Yet another stego tool.
  • Stegpy - Simple steganography program based on the LSB method.
  • stegseek - Lightning fast steghide cracker that can be used to extract hidden data from files.
  • stegsnow - Whitespace steganography program.
  • Stegsolve - Apply various steganography techniques to images.
  • Zsteg - PNG/BMP analysis.
  • Metasploit JavaScript Obfuscator - How to obfuscate JavaScript in Metasploit.
  • Arachni - Web Application Security Scanner Framework.
  • Beautifier.io - Online JavaScript Beautifier.
  • BurpSuite - A graphical tool to testing website security.
  • Commix - Automated All-in-One OS Command Injection Exploitation Tool.
  • debugHunter - Discover hidden debugging parameters and uncover web application secrets.
  • Dirhunt - Find web directories without bruteforce.
  • dirsearch - Web path scanner.
  • dontgo403 - Tool to bypass 40x errors.
  • ffuf - Fast web fuzzer written in Go.
  • git-dumper - A tool to dump a git repository from a website.
  • Gopherus - Tool that generates gopher link for exploiting SSRF and gaining RCE in various servers.
  • Hookbin - Free service that enables you to collect, parse, and view HTTP requests.
  • JSFiddle - Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.
  • ngrok - Secure introspectable tunnels to localhost.
  • OWASP Zap - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses.
  • PHPGGC - Library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
  • Postman - Addon for chrome for debugging network requests.
  • REQBIN - Online REST & SOAP API Testing Tool.
  • Request Bin - A modern request bin to inspect any event by Pipedream.
  • Revelo - Analyze obfuscated Javascript code.
  • Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python3.
  • SQLMap - Automatic SQL injection and database takeover tool.
  • W3af - Web application attack and audit framework.
  • XSSer - Automated XSS testor.
  • ysoserial - Tool for generating payloads that exploit unsafe Java object deserialization.
  • Base65536 - Unicode's answer to Base64.
  • Braille Translator - Translate from braille to text.
  • Ciphey - Tool to automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes.
  • CyberChef - A web app for encryption, encoding, compression and data analysis.
  • Cryptii - Modular conversion, encoding and encryption online.
  • dCode.fr - Solvers for Crypto, Maths and Encodings online.
  • Decodify - Detect and decode encoded strings, recursively.
  • Enigma Machine - Universal Enigma Machine Simulator.
  • FeatherDuster - An automated, modular cryptanalysis tool.
  • Galois - A fast galois field arithmetic library/toolkit.
  • HashExtender - Tool for performing hash length extension attacks.
  • Hash-identifier - Simple hash algorithm identifier.
  • padding-oracle-attacker - CLI tool and library to execute padding oracle attacks easily.
  • PadBuster - Automated script for performing Padding Oracle attacks.
  • PEMCrack - Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks.
  • PKCrack - PkZip encryption cracker.
  • Polybius Square Cipher - Table that allows someone to translate letters into numbers.
  • Quipqiup - Automated cryptogram solver.
  • RsaCtfTool - RSA multi attacks tool.
  • RSATool - Tool to to calculate RSA and RSA-CRT parameter.
  • Rumkin Cipher Tools - Collection of ciphhers/encoders tools.
  • Vigenere Solver - Online tool that breaks Vigenère ciphers without knowing the key.
  • XOR Cracker - Online XOR decryption tool able to guess the key length and the cipher key to decrypt any file.
  • XORTool - A tool to analyze multi-byte xor cipher.
  • yagu - Automated integer factorization.
  • Crackstation - Hash cracker (database).
  • Online Encyclopedia of Integer Sequences - OEIS: The On-Line Encyclopedia of Integer Sequences
  • afl - Security-oriented fuzzer.
  • honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage.
  • libformatstr - Simplify format string exploitation.
  • One_gadget - Tool for finding one gadget RCE.
  • Pwntools - CTF framework for writing exploits.
  • ROPgadget - Framework for ROP exploitation.
  • Ropper - Display information about files in different file formats and find gadgets to build rop chains for different architectures.
  • Shellcodes Database - A massive shellcodes database.
  • boofuzz - Network Protocol Fuzzing for Humans.
  • Veles - Binary data analysis and visualization tool.
  • changeme - A default credential scanner.
  • Hashcat - Advanced Password Recovery.
  • Hydra - Parallelized login cracker which supports numerous protocols to attack.
  • John the Ripper - Open Source password security auditing and password recovery.
  • jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens.
  • Ophcrack - Free Windows password cracker based on rainbow tables.
  • Patator - Multi-purpose brute-forcer, with a modular design and a flexible usage.
  • Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
  • Brainfuck - Brainfuck esoteric programming language IDE.
  • COW - It is a Brainfuck variant designed humorously with Bovinae in mind.
  • Malbolge - Malbolge esoteric programming language solver.
  • Ook! - Tool for decoding / encoding in Ook!
  • Piet - Piet programming language compiler.
  • Rockstar - A language intended to look like song lyrics.
  • Try It Online - An online tool that has a ton of Esoteric language interpreters.
  • Any.run - Interactive malware hunting service.
  • Intezer Analyze - Malware analysis platform.
  • Triage - State-of-the-art malware analysis sandbox designed for cross-platform support.
  • Androguard - Androguard is a full python tool to play with Android files.
  • Angr - A powerful and user-friendly binary analysis platform.
  • Apk2gold - CLI tool for decompiling Android apps to Java.
  • ApkTool - A tool for reverse engineering 3rd party, closed, binary Android apps.
  • Binary Ninja - Binary Analysis Framework.
  • BinUtils - Collection of binary tools.
  • CTF_import - Run basic functions from stripped binaries cross platform.
  • Compiler Explorer - Online compiler tool.
  • CWE_checker - Finds vulnerable patterns in binary executables.
  • Demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.
  • Disassembler.io - Disassemble On Demand.
  • dnSpy - .NET debugger and assembly editor.
  • EasyPythonDecompiler - A small .exe GUI application that will "decompile" Python bytecode, often seen in .pyc extension.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
  • GDB - The GNU Project debugger.
  • GEF - A modern experience for GDB with advanced debugging features for exploit developers & reverse engineers.
  • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA.
  • Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
  • IDA Pro - Most used Reversing software.
  • Jadx - Command line and GUI tools for producing Java source code from Android Dex and Apk files.
  • Java Decompilers - An online decompiler for Java and Android APKs.
  • JSDetox - A JavaScript malware analysis tool.
  • miasm - Reverse engineering framework in Python.
  • Objection - Runtime mobile exploration.
  • Online Assembler/Disassembler - Online wrappers around the Keystone and Capstone projects.
  • PEDA - Python Exploit Development Assistance for GDB.
  • PEfile - Python module to read and work with PE (Portable Executable) files.
  • Pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy.
  • radare2 - UNIX-like reverse engineering framework and command-line toolset.
  • Rizin - Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.
  • Uncompyle - A Python 2.7 byte-code decompiler (.pyc)
  • WinDBG - Windows debugger distributed by Microsoft.
  • Z3 - A theorem prover from Microsoft Research.
  • 247CTF - Free Capture The Flag Hacking Environment.
  • Atenea - Spanish CCN-CERT CTF platform.
  • CTFlearn - Online platform built to help ethical hackers learn, practice, and compete.
  • CTF365 - Security Training Platform
  • Crackmes.One - Reverse Engineering Challenges.
  • CryptoHack - Cryptography Challenges.
  • Cryptopals - Cryptography Challenges.
  • echoCTF.RED - Online Hacking Laboratories.
  • Hacker101 - CTF Platform by [HackerOne](https://www.hackerone.com/).
  • HackTheBox - A Massive Hacking Playground.
  • HackThisSite - Free, safe and legal training ground for hackers.
  • MicroCorruption - Embedded Security CTF.
  • OverTheWire - Wargame offered by the OverTheWire community.
  • picoCTF - Infrastructure used to run picoCTF.
  • Pwnable.kr - Pwn/Exploiting platform.
  • Pwnable.tw - Pwn/Exploiting platform.
  • Pwnable.xyz - Pwn/Exploiting platform.
  • PWNChallenge - Pwn/Exploiting platform.
  • Reversing.kr - Reverse Engineering platform.
  • Root-me - CTF training platform.
  • VibloCTF - CTF training platform.
  • VulnHub - VM-based pentesting platform.
  • W3Challs - Hacking/CTF platform.
  • WebHacking - Web challenges platform.
  • Websec.fr - Web challenges platform.
  • WeChall - Challenge sites directory & forum
  • Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
  • Juice Shop - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop.
  • CTFNote - Collaborative tool aiming to help CTF teams to organise their work.
  • Courgettes.Club - CTF Writeup Finder.
  • CTFtime - CTFtime Writeups Collection.
  • Github.com/CTFs - Collection of CTF Writeups.
  • Roppers Bootcamp - CTF Bootcamp.
  • apsdehal_awesome-ctf
  • vavkamil_awesome-bugbounty-tools
  • zardus_ctf-tools
Programming Languages
Python 44 JavaScript 7 C 6 Shell 4 C++ 4 Go 4 PHP 3 Ruby 3 TypeScript 2 Java 2
Keywords
security 19 ctf 18 python 13 pentesting 12 steganography 8 reverse-engineering 8 cryptography 6 ctf-tools 6 bugbounty 5 exploitation 5 exploit 5 penetration-testing 4 capture-the-flag 4 ctf-framework 4 encryption 4 disassembler 3 hacking 3 infosec 3 fuzzing 3 python3 3 stego 3 rop 3 android 3 linux 3 brute-force 3 pwnable 3 malware-analysis 3 debugging 3 vulnerability-scanner 3 websec 3 security-tools 3 ctfd 3 dex 2 binary-ninja 2 scanner 2 encoding 2 pentest 2 stegcracker 2 steghide 2 binary 2 binary-analysis 2 fuzzer 2 program-analysis 2 pwntools 2 security-scanner 2 detection 2 pwn 2 takeover 2 c 2 appsec 2