awesome-ctf-resources
A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
https://github.com/devploit/awesome-ctf-resources
Last synced: 14 days ago
JSON representation
-
Steganography
- Snow - Whitespace Steganography Tool
- Sonic Visualizer - Audio file visualization.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- Stegsolve - Apply various steganography techniques to images.
- BPStegano - Python3 based LSB steganography.
- DeepSound - Freeware steganography tool and audio converter that hides secret data into audio files.
- DTMF Detection - Audio frequencies common to a phone button.
- jsteg - Command-line tool to use against JPEG images.
- Magic Eye Solver - Get hidden information from images.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- sigBits - Steganography significant bits image decoder.
- SmartDeblur - Restoration of defocused and blurred photos/images.
- Snow - Whitespace Steganography Tool
- Steganography Online - Online steganography encoder and decoder.
- StegCracker - Brute-force utility to uncover hidden data inside files.
- stegextract - Detect hidden files and text in images.
- Stegosaurus - A steganography tool for embedding payloads within Python bytecode.
- StegoVeritas - Yet another stego tool.
- Stegpy - Simple steganography program based on the LSB method.
- stegseek - Lightning fast steghide cracker that can be used to extract hidden data from files.
- stegsnow - Whitespace steganography program.
- Exif - Shows EXIF information in JPEG files.
- Outguess - Universal steganographic tool.
-
Web
- Metasploit JavaScript Obfuscator - How to obfuscate JavaScript in Metasploit.
- Beautifier.io - Online JavaScript Beautifier.
- BurpSuite - A graphical tool to testing website security.
- JSFiddle - Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.
- ngrok - Secure introspectable tunnels to localhost.
- Postman - Addon for chrome for debugging network requests.
- REQBIN - Online REST & SOAP API Testing Tool.
- XSSer - Automated XSS testor.
- Arachni - Web Application Security Scanner Framework.
- Commix - Automated All-in-One OS Command Injection Exploitation Tool.
- debugHunter - Discover hidden debugging parameters and uncover web application secrets.
- Dirhunt - Find web directories without bruteforce.
- dirsearch - Web path scanner.
- nomore403 - Tool to bypass 40x errors.
- ffuf - Fast web fuzzer written in Go.
- git-dumper - A tool to dump a git repository from a website.
- Gopherus - Tool that generates gopher link for exploiting SSRF and gaining RCE in various servers.
- PHPGGC - Library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
- Revelo - Analyze obfuscated Javascript code.
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python3.
- SQLMap - Automatic SQL injection and database takeover tool.
- W3af - Web application attack and audit framework.
- ysoserial - Tool for generating payloads that exploit unsafe Java object deserialization.
- Hookbin - Free service that enables you to collect, parse, and view HTTP requests.
-
Writeups Repositories
- Courgettes.Club - CTF Writeup Finder.
- CTFtime - CTFtime Writeups Collection.
- Github.com/CTFs - Collection of CTF Writeups.
Programming Languages
Categories
Sub Categories
Keywords
security
21
ctf
15
python
13
pentesting
10
reverse-engineering
9
steganography
6
exploitation
5
cryptography
5
exploit
5
infosec
5
bugbounty
4
capture-the-flag
4
android
4
ctf-framework
4
encryption
4
python3
3
rop
3
pwnable
3
stego
3
vulnerability-scanner
3
penetration-testing
3
pentest
3
ctf-tools
3
appsec
3
fuzzing
3
security-tools
3
ctfd
3
malware-analysis
3
debugging
3
linux
3
disassembler
3
sql-injection
2
takeover
2
ida-pro
2
hacking
2
gef
2
binary-analysis
2
c
2
gdb
2
ctf-scoreboard
2
ctf-platform
2
forensics
2
exploit-development
2
dex
2
java
2
web
2
encoding
2
binary-ninja
2
fuzzer
2
brute-force
2