awesome-ctf

forked from https://github.com/apsdehal/awesome-ctf.git
https://github.com/c4pr1c3/awesome-ctf

Last synced: about 16 hours ago
JSON representation

Networking
- Wireshark - Analyze the network dumps.
- Masscan - Mass IP port scanner, TCP port scanner.
- Monit - A linux tool to check a host on the network (and other non-network activities).
- Nipe - Nipe is a script to make Tor Network your default gateway.
- Nmap - An open source utility for network discovery and security auditing.
- Zmap - An open-source network scanner.
- Zeek - An open-source network security monitor.
Reversing
- WinDbg - Windows debugger distributed by Microsoft.
- Androguard - Reverse engineer Android applications.
- Angr - platform-agnostic binary analysis framework.
- Apk2Gold - Yet another Android decompiler.
- cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
- GEF - GDB plugin.
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
- Krakatau - Java decompiler and disassembler.
- Objection - Runtime Mobile Exploration.
- PEDA - GDB plugin (only python2.7).
- Z3 - A theorem prover from Microsoft Research.
- Revelo - Analyze obfuscated Javascript code.
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Xxxswf - A Python script for analyzing Flash files.
- Jadx - Decompile Android files.
- Java Decompilers - An online decompiler for Java and Android APKs.
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Detox - A Javascript malware analysis tool.
- Swftools - Collection of utilities to work with SWF files.
- ApkTool - Android Decompiler.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
- Pin - A dynamic binary instrumentaion tool by Intel.
- Barf - Binary Analysis and Reverse engineering Framework.
- Binary Ninja - Binary analysis framework.
- BinUtils - Collection of binary tools.
- Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
- GDB - The GNU project debugger.
- PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
- PinCTF - A tool which uses intel pin for Side Channel Analysis.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- Uncompyle - Decompile Python 2.7 binaries (.pyc).
- Xocopy - Program that can copy executables with execute, but no read permission.
Wargames
- CryptoHack - Fun cryptography challenges.
- 247ctf - A learning oriented real CTF platform with challenges covering across web, cryptography, networking, reversing and exploitation.
- Crackmes - Reverse Engineering Challenges.
- echoCTF.RED - Online CTF with a variety of targets to attack.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
- Hack This Site - Training ground for hackers.
- PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Root-Me - Hacking and Information Security learning platform.
- ROP Wargames - ROP Wargames.
- SANS HHC - Challenges with a holiday theme
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- CTFTraining - CTF challenge's source code, writeup collected from the past real CTF contests around the world. (in Chinese)
- My CTF Web Challenges - CTF challenge's source code, writeup and some idea explanation. All about Web.
- Pikachu - PHP web application with some common delibrated vulnerabilities. (in Chinese)
- Reversin.kr - Reversing challenge.
- Backdoor - Security Platform by SDSLabs.
- buuoj - A CTF training platform with challenges collected from the past real CTF contests around the world. (in Chinese)
- Pwnable.xyz - Binary Exploitation Wargame.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Hacker101 - CTF from HackerOne
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- IO - Wargame for binary challenges.
- jarvisoj - A CTF training platform developed by Jarvis from USSLab in ZJU.
- PentesterLab - Variety of VM and online challenges (paid).
- Reversin.kr - Reversing challenge.
- Ringzer0Team - Ringzer0 Team Online CTF.
Writeups Collections
- SababaSec - A collection of CTF write-ups by the SababaSec team
- HackThisSite - CTF write-ups repo maintained by HackThisSite team.
- pwntools writeups - A collection of CTF write-ups all using pwntools.
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
- 0e85dc6eaf - Write-ups for CTF challenges by 0e85dc6eaf
- Captf - Dumped CTF challenges and materials by psifertex.
- CTFTime Scrapper - Scraps all writeup from CTF Time and organize which to read first.
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
- Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.
Python
- portantier/vulpy - a web application developed in Python / Flask / SQLite that has two faces
- nVisium/django.nV - a purposefully vulnerable Django application provided by [nVisium](https://www.nvisium.com/)
Forensics
- Creddump - Dump windows credentials.
- DVCS Ripper - Rips web accessible (distributed) version control systems.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Fsck.ext4 - Used to fix corrupt filesystems.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- ResourcesExtract - Extract various filetypes from exes.
- Snow - A Whitespace Steganography Tool.
- OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
- Registry Dumper - Dump your registry.
- Shellbags - Investigate NT\_USER.dat files.
- USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Volatility - To investigate memory dumps.
- Dnscat2 - Hosts communication through DNS.
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- CFF Explorer - PE Editor.
- Extundelete - Used for recovering lost data from mountable images.
Platforms
- echoCTF.RED - Develop, deploy and maintain your own CTF infrastructure.
- FBCTF - Platform to host Capture the Flag competitions from Facebook.
- Haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education.
- HackTheArch - CTF scoring platform.
- Mellivora - A CTF engine written in PHP.
- MotherFucking-CTF - Badass lightweight plaform to host CTFs. No JS involved.
- PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
- RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).
- Scorebot - Platform for CTFs by Legitbs (Defcon).
- SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.
- CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
- NightShade - A simple security CTF framework.
Steganography
- Convert - Convert images b/w formats and apply filters.
- Exiftool - Read and write meta information in files.
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- ImageMagick - Tool for manipulating images.
- Pngtools - For various analysis related to PNGs.
- SmartDeblur - Used to deblur and fix defocused images.
- SteganographyOnline - Online steganography encoder and decoder.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- StegCracker - Steganography brute-force utility to uncover hidden data inside files.
- stegextract - Detect hidden files and text in images.
- Stegsolve - Apply various steganography techniques to images.
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- Convert - Convert images b/w formats and apply filters.
- Stegsolve - Apply various steganography techniques to images.
- Steghide - Hide data in various kind of images.
- StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
Web
- Hackbar - Firefox addon for easy web exploitation.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
- W3af - Web Application Attack and Audit Framework.
- CHYbeta/Code-Audit-Challenges - vulnerable code snippets can be used for source code audit challenges (in Chinese)
- Uglify
- SQLMap - Automatic SQL injection and database takeover tool.
- Metasploit JavaScript Obfuscator
- BurpSuite - A graphical tool to testing website security.
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
Attacks
- Bettercap - Framework to perform MITM (Man in the Middle) attacks.
- Yersinia - Attack various protocols on layer 2.
Crypto
- FeatherDuster - An automated, modular cryptanalysis tool.
- RSACTFTool - A tool for recovering RSA private key with various attack.
- RSATool - Generate private key with knowledge of p and q.
- XORTool - A tool to analyze multi-byte xor cipher.
- PkCrack - A tool for Breaking PkZip-encryption.
- Hash Extender - A utility tool for performing hash length extension attacks.
- padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
Bruteforcers
- Hashcat - Password Cracker
- Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests
- Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design.
Exploits
- DLLInjector - Inject dlls in processes.
- libformatstr - Simplify format string exploitation.
- Cheatsheet
- one_gadget - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.
- Pwntools - CTF Framework for writing exploits.
- ROP Gadget - Framework for ROP exploitation.
- V0lt - Security CTF Toolkit.
Operating Systems
- Kali Linux - Based on Debian.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- Android Tamer - Based on Debian.
- BlackArch Linux - Based on Arch Linux.
- Parrot Security OS - Based on Debian.
- REMnux - Based on Debian.
Tutorials
- CTF-pwn-tips - Some tips about pwn
- firmianay/CTF-All-In-One - all CTF related tutorials complied in one book (in Chinese)
- Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
- MIPT CTF - A small course for beginners in CTFs (in Russian)
- CTF Field Guide - Field Guide by Trails of Bits
- CTF related notes - Personal CTFs and beyond notes (in Chinese)
- CTF Resources - Start Guide maintained by community
- CTF Tricks by Phithon - CTF tricks about Web (in Chinese)
- OWASP Mutillidae 2 Project - a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest
- RITSEC - RITSEC is a student run club at Rochester Institute of Technology. There are some CTF writeups and shares in this team repository.
Websites
- Awesome CTF Cheatsheet - CTF Cheatsheet.
- CTF Time - General information on CTF occuring around the worlds.
- Reddit Security CTF - Reddit CTF category.
Wikis
- Bamboofox - Chinese resources to learn CTF
- CTF-Wiki - Open Wiki for beginners in CTFs (in Chinese and English)
- CTF-Wiki - Open Wiki for beginners in CTFs (in Chinese and English)
- bi0s Wiki - Wiki from team bi0s.
- CTF Cheatsheet - CTF tips and tricks.
- OpenToAll - Open To All Knowledge Base
PHP
- ajinabraham/Vulnerable_Tornado_App
- Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable
- Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable
- mddanish/Vulnerable-OTP-Application - Vulnerable OTP Application created using PHP & Google OTP
Uncategorized
- Uncategorized
  - Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
  - Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
Services
- CSWSH - Cross-Site WebSocket Hijacking Tester.
- CSWSH - Cross-Site WebSocket Hijacking Tester.
Starter Packs
- CTF Tools - Collection of setup scripts to install various security research tools.
- LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
Java
- CSPF-Founder/JavaVulnerableLab - this app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code
- find-sec-bugs/juliet-test-suite - a collection of test cases in the Java language. It contains examples for 112 different CWEs.
- Web Goat - a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
NodeJS
- DVNA - a Damn Vulnerable NodeJS Application which is powered by commonly used libraries such as express, passport, sequelize, etc.
- OWASP/NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them
Android
- abhi-r3v0/EVABS - an open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners
Real World DVA
- Medicean/VulApps - yet another ***vulhub*** like project (in Chinese)
- nixawk/labs - a collection of some CVE vulnerable apps / samples / PoCs
- vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose https://vulhub.org

Programming Languages

Python 34 PHP 6 C 5 Shell 4 Go 3 Java 3 HTML 2 Ruby 2 Rust 2 C++ 2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

awesome-ctf

Networking

Reversing

Wargames

Writeups Collections

Python

Forensics

Platforms

Steganography

Web

Attacks

Crypto

Bruteforcers

Exploits

Operating Systems

Tutorials

Websites

Wikis

PHP

Uncategorized

Uncategorized

Services

Starter Packs

Java

NodeJS

Android

Real World DVA