Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-ctf
A curated list of CTF frameworks, libraries, resources and softwares
https://github.com/apsdehal/awesome-ctf
Last synced: 4 days ago
JSON representation
-
Operating Systems
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- Android Tamer - Based on Debian.
- BackBox - Based on Ubuntu.
- BlackArch Linux - Based on Arch Linux.
- Kali Linux - Based on Debian.
- Parrot Security OS - Based on Debian.
- Pentoo - Based on Gentoo.
- URIX OS - Based on openSUSE.
- Wifislax - Based on Slackware.
- Flare VM - Based on Windows.
- REMnux - Based on Debian.
- Pentoo - Based on Gentoo.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
-
Forensics
- Kroll Artifact Parser and Extractor (KAPE) - Triage program.
- Magnet AXIOM - Artifact-centric DFIR tool.
- Registry Dumper - Dump your registry.
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
- Audacity - Analyze sound files (mp3, m4a, whatever).
- Bkhive and Samdump2 - Dump SYSTEM and SAM files.
- CFF Explorer - PE Editor.
- Exif Tool - Read, write and edit file metadata.
- Extundelete - Used for recovering lost data from mountable images.
- Foremost - Extract particular kind of files using headers.
- Fsck.ext4 - Used to fix corrupt filesystems.
- Malzilla - Malware hunting tool.
- NetworkMiner - Network Forensic Analysis Tool.
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- ResourcesExtract - Extract various filetypes from exes.
- Snow - A Whitespace Steganography Tool.
- USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Wireshark - Used to analyze pcap or pcapng files
- OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
- Registry Viewer® - Used to view Windows registries.
- Wireshark - Used to analyze pcap or pcapng files
- Dnscat2 - Hosts communication through DNS.
- Creddump - Dump windows credentials.
- DVCS Ripper - Rips web accessible (distributed) version control systems.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Fsck.ext4 - Used to fix corrupt filesystems.
-
Platforms
- CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
-
Steganography
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- Convert - Convert images b/w formats and apply filters.
- Exif - Shows EXIF information in JPEG files.
- Exiftool - Read and write meta information in files.
- Exiv2 - Image metadata manipulation tool.
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
- ImageMagick - Tool for manipulating images.
- Outguess - Universal steganographic tool.
- Pngtools - For various analysis related to PNGs.
- Steganabara - Tool for stegano analysis written in Java.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- Steghide - Hide data in various kind of images.
- StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
- Stegsolve - Apply various steganography techniques to images.
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
-
Web
- Metasploit JavaScript Obfuscator
- BurpSuite - A graphical tool to testing website security.
- Hackbar - Firefox addon for easy web exploitation.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests.
- XSSer - Automated XSS testor.
-
Crypto
- CyberChef - Web app for analysing and decoding data.
- PkCrack - A tool for Breaking PkZip-encryption.
- QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
- RSACTFTool - A tool for recovering RSA private key with various attack.
-
Bruteforcers
- Hashcat - Password Cracker
- Hydra - A parallelized login cracker which supports numerous protocols to attack
- John The Jumbo - Community enhanced version of John the Ripper.
- John The Ripper - Password Cracker.
- Ophcrack - Windows password cracker based on rainbow tables.
- Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests
-
Exploits
- Metasploit - Penetration testing software.
- Cheatsheet
- one_gadget - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.
- Qira - QEMU Interactive Runtime Analyser.
- ROP Gadget - Framework for ROP exploitation.
- Metasploit - Penetration testing software.
-
Networking
- Monit - A linux tool to check a host on the network (and other non-network activities).
- Nipe - Nipe is a script to make Tor Network your default gateway.
- Nmap - An open source utility for network discovery and security auditing.
- Wireshark - Analyze the network dumps.
- Zeek - An open-source network security monitor.
- Zmap - An open-source network scanner.
- Monit - A linux tool to check a host on the network (and other non-network activities).
-
Reversing
- ApkTool - Android Decompiler.
- Binary Ninja - Binary analysis framework.
- BinUtils - Collection of binary tools.
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Frida - Dynamic Code Injection.
- GDB - The GNU project debugger.
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
- IDA Pro - Most used Reversing software.
- Java Decompilers - An online decompiler for Java and Android APKs.
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- radare2 - A portable reversing framework.
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Detox - A Javascript malware analysis tool.
- Revelo - Analyze obfuscated Javascript code.
- Swftools - Collection of utilities to work with SWF files.
- Xxxswf - A Python script for analyzing Flash files.
- IDA Pro - Most used Reversing software.
-
Services
- CSWSH - Cross-Site WebSocket Hijacking Tester.
- Request Bin - Lets you inspect http requests to a particular url.
-
Tutorials
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
- Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
- IppSec - Video tutorials and walkthroughs of popular CTF platforms.
- LiveOverFlow - Video tutorials on Exploitation.
-
Wargames
- Backdoor - Security Platform by SDSLabs.
- Crackmes - Reverse Engineering Challenges.
- CryptoHack - Fun cryptography challenges.
- echoCTF.RED - Online CTF with a variety of targets to attack.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Exploit.Education - Variety of VMs to learn variety of computer security issues.
- Hack The Box - Weekly CTFs for all types of security enthusiasts.
- Hack This Site - Training ground for hackers.
- Hacker101 - CTF from HackerOne
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- IO - Wargame for binary challenges.
- Microcorruption - Embedded security CTF.
- Over The Wire - Wargame maintained by OvertheWire Community.
- PentesterLab - Variety of VM and online challenges (paid).
- PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Pwnable.xyz - Binary Exploitation Wargame.
- Reversin.kr - Reversing challenge.
- Ringzer0Team - Ringzer0 Team Online CTF.
- Root-Me - Hacking and Information Security learning platform.
- SANS HHC - Challenges with a holiday theme
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
- WebHacking - Hacking challenges for web.
- Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
-
Websites
- CTF Time - General information on CTF occuring around the worlds.
- Reddit Security CTF - Reddit CTF category.
-
Wikis
- Bamboofox - Chinese resources to learn CTF.
- bi0s Wiki - Wiki from team bi0s.
- CTF Cheatsheet - CTF tips and tricks.
- ISIS Lab - CTF Wiki by Isis lab.
-
Writeups Collections
- Captf - Dumped CTF challenges and materials by psifertex.
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
-
Uncategorized
-
Uncategorized
- Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
-
Categories
Sub Categories