Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

awesome-ctf-resources

A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
https://github.com/devploit/awesome-ctf-resources

Last synced: 10 days ago
JSON representation

  • Collaborative Tools

    • CTFNote - Collaborative tool aiming to help CTF teams to organise their work.

  • Courses

  • Cryptography

    • Braille Translator - Translate from braille to text.
    • Cryptii - Modular conversion, encoding and encryption online.
    • dCode.fr - Solvers for Crypto, Maths and Encodings online.
    • Enigma Machine - Universal Enigma Machine Simulator.
    • Galois - A fast galois field arithmetic library/toolkit.
    • Hash-identifier - Simple hash algorithm identifier.
    • PKCrack - PkZip encryption cracker.
    • Polybius Square Cipher - Table that allows someone to translate letters into numbers.
    • Quipqiup - Automated cryptogram solver.
    • Rumkin Cipher Tools - Collection of ciphhers/encoders tools.
    • Vigenere Solver - Online tool that breaks Vigenère ciphers without knowing the key.
    • XOR Cracker - Online XOR decryption tool able to guess the key length and the cipher key to decrypt any file.
    • yagu - Automated integer factorization.
    • Crackstation - Hash cracker (database).
    • Online Encyclopedia of Integer Sequences - OEIS: The On-Line Encyclopedia of Integer Sequences
    • Base65536 - Unicode's answer to Base64.
    • Ciphey - Tool to automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes.
    • CyberChef - A web app for encryption, encoding, compression and data analysis.
    • Decodify - Detect and decode encoded strings, recursively.
    • FeatherDuster - An automated, modular cryptanalysis tool.
    • HashExtender - Tool for performing hash length extension attacks.
    • padding-oracle-attacker - CLI tool and library to execute padding oracle attacks easily.
    • PadBuster - Automated script for performing Padding Oracle attacks.
    • PEMCrack - Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks.
    • RsaCtfTool - RSA multi attacks tool.
    • RSATool - Tool to to calculate RSA and RSA-CRT parameter.
    • XORTool - A tool to analyze multi-byte xor cipher.
    • Hash-identifier - Simple hash algorithm identifier.
    • Bacon Cipher - Bacon cipher encoder and decoder.
    • Crib Drag - One-Time Pad (OTP) cracking tool.
    • Morse Code Translator - Morse code translator and decoder.
    • Substitution Cipher - Substitution cipher solver.
    • Galois - A fast galois field arithmetic library/toolkit.

  • Exploiting / Pwn

    • afl - Security-oriented fuzzer.
    • Shellcodes Database - A massive shellcodes database.
    • honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage.
    • libformatstr - Simplify format string exploitation.
    • One_gadget - Tool for finding one gadget RCE.
    • Pwntools - CTF framework for writing exploits.
    • ROPgadget - Framework for ROP exploitation.
    • Ropper - Display information about files in different file formats and find gadgets to build rop chains for different architectures.
    • Shellcodes Database - A massive shellcodes database.

  • Forensics

    • Belkasoft RAM Capturer - Volatile Memory Acquisition Tool.
    • A-Packets - Effortless PCAP File Analysis in Your Browser.
    • Autopsy - End-to-end open source digital forensics platform.
    • Bkhive & samdump2 - Dump SYSTEM and SAM files.
    • ChromeCacheView - Small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.
    • Exiftool - Read, write and edit file metadata.
    • firmware-mod-kit - Modify firmware images without recompiling.
    • Forensic Toolkit - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.
    • Forensically - Free online tool to analysis image this tool has many features.
    • MZCacheView - Small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.
    • NetworkMiner
    • OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive.
    • photorec - File data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.
    • The Sleuth Kit - Collection of command line tools and a C library that allows you to analyze disk images and recover files from them.
    • Wireshark - Tool to analyze pcap or pcapng files.
    • X-Ways - Advanced work environment for computer forensic examiners.
    • Magnet AXIOM 2.0 - Artifact-centric DFIR tool.
    • Dnscat2 - Hosts communication through DNS.
    • Bulk-extractor - High-performance digital forensics exploitation tool.
    • Creddump - Dump Windows credentials.
    • Scalpel - Open source data carving tool.
    • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
    • Volatility - An advanced memory forensics framework.
    • Registry Dumper - Tool to dump Windows Registry.
    • Foremost - Console program to recover files based on their headers, footers, and internal data structures.
    • Binwalk - Firmware Analysis Tool.
    • Extundelete - Utility that can recover deleted files from an ext3 or ext4 partition.
    • Forensic Toolkit - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.

  • Misc

    • Veles - Binary data analysis and visualization tool.
    • Hashcat - Advanced Password Recovery.
    • Hydra - Parallelized login cracker which supports numerous protocols to attack.
    • John the Ripper - Open Source password security auditing and password recovery.
    • Ophcrack - Free Windows password cracker based on rainbow tables.
    • Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
    • Brainfuck - Brainfuck esoteric programming language IDE.
    • COW - It is a Brainfuck variant designed humorously with Bovinae in mind.
    • Malbolge - Malbolge esoteric programming language solver.
    • Ook! - Tool for decoding / encoding in Ook!
    • Piet - Piet programming language compiler.
    • Rockstar - A language intended to look like song lyrics.
    • Try It Online - An online tool that has a ton of Esoteric language interpreters.
    • Any.run - Interactive malware hunting service.
    • Intezer Analyze - Malware analysis platform.
    • Triage - State-of-the-art malware analysis sandbox designed for cross-platform support.
    • boofuzz - Network Protocol Fuzzing for Humans.
    • changeme - A default credential scanner.
    • jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens.
    • Patator - Multi-purpose brute-forcer, with a modular design and a flexible usage.
    • Nozzlr - Modular and script-friendly bruteforce framework.
    • Malbolge - Malbolge esoteric programming language solver.

  • Online Platforms

    • 247CTF - Free Capture The Flag Hacking Environment.
    • Atenea - Spanish CCN-CERT CTF platform.
    • CTFlearn - Online platform built to help ethical hackers learn, practice, and compete.
    • CTF365 - Security Training Platform.
    • Crackmes.One - Reverse Engineering Challenges.
    • CryptoHack - Cryptography Challenges.
    • Cryptopals - Cryptography Challenges.
    • echoCTF.RED - Online Hacking Laboratories.
    • Hacker101 - CTF Platform by [HackerOne](https://www.hackerone.com/).
    • HackTheBox - A Massive Hacking Playground.
    • HackThisSite - Free, safe and legal training ground for hackers.
    • MicroCorruption - Embedded Security CTF.
    • OverTheWire - Wargame offered by the OverTheWire community.
    • picoCTF - Beginner-friendly CTF platform.
    • Pwnable.tw - Pwn/Exploiting platform.
    • Pwnable.xyz - Pwn/Exploiting platform.
    • PWNChallenge - Pwn/Exploiting platform.
    • Reversing.kr - Reverse Engineering platform.
    • Root-me - CTF training platform.
    • VibloCTF - CTF training platform.
    • VulnHub - VM-based pentesting platform.
    • W3Challs - Hacking/CTF platform.
    • WebHacking - Web challenges platform.
    • Websec.fr - Web challenges platform.
    • WeChall - Challenge sites directory & forum.
    • Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
    • 0x0539 - Online CTF challenges.
    • Archive.ooo - Live, playable archive of DEF CON CTF challenges.
    • Defend the Web - An Interactive Cyber Security Platform.
    • Dreamhack.io - Online wargame.
    • Flagyard - An Online Playground of Hands-on Cybersecurity Challenges.
    • HackBBS - Online wargame.
    • Hackropole - This platform allows you to replay the challenges of the France Cybersecurity Challenge.
    • HBH - Community designed to teach methods and tactics used by malicious hackers to access systems and sensitive information.
    • Komodo - This is a game designed to challenge your application hacking skills.
    • MNCTF - Online cybersecurity challenges.
    • Pwn.college - Education platform to learn about, and practice, core cybersecurity concepts.
    • PWN.TN - Educational and non commercial wargame.
    • YEHD 2015 - YEHD CTF 2015 online challenges.
    • Komodo - This is a game designed to challenge your application hacking skills.
    • Reversing.kr - Reverse Engineering platform.
    • Wargames BataMladen - Wargame challenge scenarios, each with different levels.
    • AWSGoat - A Damn Vulnerable AWS Infrastructure.
    • CICD-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
    • GCPGoat - A Damn Vulnerable GCP Infrastructure.
    • Juice Shop - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop.
    • Pwnable.kr - Pwn/Exploiting platform.
    • 8kSec AI/LLM Exploitation Challenges - Challenges to test AI, ML, and LLMs knowledge, along with practical exploitation techniques.
    • ParrotCTFs - Jeopardy Style Hacking Playground.
    • OSINT Arena - Geoguessr for OSINT Investigations - challenge the OSINT community and climb the leaderboard.

  • Platforms

    • CTFd - Platform to host jeopardy style CTFs.
    • FBCTF - Facebook CTF platform to host Jeopardy and "King of the Hill" CTF competitions.
    • HackTheArch - Scoring server for CTF competitions.
    • kCTF - Kubernetes-based infrastructure for CTF competitions.
    • LibreCTF - CTF platform from EasyCTF.
    • Mellivora - CTF engine written in PHP.
    • NightShade - Simple CTF framework.
    • picoCTF - Infrastructure used to run picoCTF.
    • rCTF - CTF platform maintained by the [redpwn](https://github.com/redpwn/rctf) CTF team.
    • RootTheBox - CTF scoring engine for wargames.
    • ImaginaryCTF - Platform to host CTFs.
    • NightShade - Simple CTF framework.
    • rCTF - CTF platform created by the [redpwn](https://github.com/redpwn/rctf) CTF team. Now maintained and developed by [OtterSec](https://osec.io/) team.

  • Reversing

    • Binary Ninja - Binary Analysis Framework.
    • BinUtils - Collection of binary tools.
    • Compiler Explorer - Online compiler tool.
    • Disassembler.io - Disassemble On Demand.
    • EasyPythonDecompiler - A small .exe GUI application that will "decompile" Python bytecode, often seen in .pyc extension.
    • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
    • GDB - The GNU Project debugger.
    • Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
    • Java Decompilers - An online decompiler for Java and Android APKs.
    • Online Assembler/Disassembler - Online wrappers around the Keystone and Capstone projects.
    • WinDBG - Windows debugger distributed by Microsoft.
    • Androguard - Androguard is a full python tool to play with Android files.
    • Angr - A powerful and user-friendly binary analysis platform.
    • Apk2gold - CLI tool for decompiling Android apps to Java.
    • ApkTool - A tool for reverse engineering 3rd party, closed, binary Android apps.
    • CTF_import - Run basic functions from stripped binaries cross platform.
    • CWE_checker - Finds vulnerable patterns in binary executables.
    • dnSpy - .NET debugger and assembly editor.
    • GEF - A modern experience for GDB with advanced debugging features for exploit developers & reverse engineers.
    • Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA.
    • Jadx - Command line and GUI tools for producing Java source code from Android Dex and Apk files.
    • Java Decompilers - An online decompiler for Java and Android APKs.
    • JSDetox - A JavaScript malware analysis tool.
    • miasm - Reverse engineering framework in Python.
    • Objection - Runtime mobile exploration.
    • Online Assembler/Disassembler - Online wrappers around the Keystone and Capstone projects.
    • PEDA - Python Exploit Development Assistance for GDB.
    • PEfile - Python module to read and work with PE (Portable Executable) files.
    • Pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy.
    • radare2 - UNIX-like reverse engineering framework and command-line toolset.
    • Rizin - Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.
    • Uncompyle - A Python 2.7 byte-code decompiler (.pyc)
    • WinDBG - Windows debugger distributed by Microsoft.
    • Z3 - A theorem prover from Microsoft Research.
    • IDA Pro - Most used Reversing software.

  • Steganography

    • AperiSolve - Platform which performs layer analysis on images.
    • DTMF Tones - Audio frequencies common to a phone button.
    • FotoForensics - Provides budding researchers and professional investigators access to cutting-edge tools for digital photo forensics.
    • hipshot - Tool to converts a video file or series of photographs into a single image simulating a long-exposure photograph.
    • Image Error Level Analyzer - Tool to analyze digital images. It's also free and web based. It features error level analysis, clone detection and more.
Programming Languages
Python 41 JavaScript 8 C 6 Go 4 PHP 4 Shell 4 Ruby 3 C++ 3 Java 3 TypeScript 2
Categories
Online Platforms 50 Steganography 36 Reversing 35 Cryptography 33 Forensics 28 Web 24 Misc 22 Platforms 13 Exploiting / Pwn 9 Courses 4 Writeups Repositories 3 Collaborative Tools 1
Sub Categories
Keywords
security 21 ctf 15 python 13 pentesting 10 reverse-engineering 9 steganography 6 exploitation 5 cryptography 5 exploit 5 infosec 5 bugbounty 4 capture-the-flag 4 android 4 ctf-framework 4 encryption 4 python3 3 rop 3 pwnable 3 stego 3 vulnerability-scanner 3 penetration-testing 3 pentest 3 ctf-tools 3 appsec 3 fuzzing 3 security-tools 3 ctfd 3 malware-analysis 3 debugging 3 linux 3 disassembler 3 sql-injection 2 takeover 2 ida-pro 2 hacking 2 gef 2 binary-analysis 2 c 2 gdb 2 ctf-scoreboard 2 ctf-platform 2 forensics 2 exploit-development 2 dex 2 java 2 web 2 encoding 2 binary-ninja 2 fuzzer 2 brute-force 2