awesome-ctf
A curated list of CTF frameworks, libraries, resources and softwares
https://github.com/eric-erki/awesome-ctf
Last synced: about 3 hours ago
JSON representation
-
Uncategorized
-
Uncategorized
- Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
-
-
Forensics
- Foremost - Extract particular kind of files using headers.
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Magnet AXIOM - Artifact-centric DFIR tool.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
- Creddump - Dump windows credentials.
- DVCS Ripper - Rips web accessible (distributed) version control systems.
- Fsck.ext4 - Used to fix corrupt filesystems.
- Bkhive and Samdump2 - Dump SYSTEM and SAM files.
- ResourcesExtract - Extract various filetypes from exes.
- Snow - A Whitespace Steganography Tool.
- Registry Dumper - Dump your registry.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
- Shellbags - Investigate NT\_USER.dat files.
- USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Volatility - To investigate memory dumps.
- OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
- Audacity - Analyze sound files (mp3, m4a, whatever).
- CFF Explorer - PE Editor.
- NetworkMiner - Network Forensic Analysis Tool.
- Registry Viewer® - Used to view Windows registries.
- Dnscat2 - Hosts communication through DNS.
-
Web
- XSSer - Automated XSS testor.
- Postman - Add on for chrome for debugging network requests.
- Uglify
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Metasploit JavaScript Obfuscator
- BurpSuite - A graphical tool to testing website security.
- Postman - Add on for chrome for debugging network requests.
- Hackbar - Firefox addon for easy web exploitation.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
- SQLMap - Automatic SQL injection and database takeover tool.
- W3af - Web Application Attack and Audit Framework.
-
Bruteforcers
- Ophcrack - Windows password cracker based on rainbow tables.
- John The Ripper - Password Cracker.
- Hashcat - Password Cracker
- Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design.
-
Wargames
- Ringzer0Team - Ringzer0 Team Online CTF.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Reversin.kr - Reversing challenge.
- Backdoor - Security Platform by SDSLabs.
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- PentesterLab - Variety of VM and online challenges (paid).
- PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Pwnable.xyz - Binary Exploitation Wargame.
- Reversin.kr - Reversing challenge.
- Root-Me - Hacking and Information Security learning platform.
- SANS HHC - Challenges with a holiday theme
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- Crackmes - Reverse Engineering Challenges.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- ROP Wargames - ROP Wargames.
- Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- Over The Wire - Wargame maintained by OvertheWire Community.
- Hack This Site - Training ground for hackers.
- IO - Wargame for binary challenges.
-
Steganography
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- ImageMagick - Tool for manipulating images.
- Pngtools - For various analysis related to PNGs.
- Convert - Convert images b/w formats and apply filters.
- Stegsolve - Apply various steganography techniques to images.
- StegCracker - Steganography brute-force utility to uncover hidden data inside files.
- SmartDeblur - Used to deblur and fix defocused images.
- SteganographyOnline - Online steganography encoder and decoder.
- stegextract - Detect hidden files and text in images.
- Exiftool - Read and write meta information in files.
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- Stegsolve - Apply various steganography techniques to images.
- Exif - Shows EXIF information in JPEG files.
- Outguess - Universal steganographic tool.
- Zsteg - PNG/BMP analysis.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- Convert - Convert images b/w formats and apply filters.
-
Networking
- Monit - A linux tool to check a host on the network (and other non-network activities).
- Nmap - An open source utility for network discovery and security auditing.
- Nipe - Nipe is a script to make Tor Network your default gateway.
- Wireshark - Analyze the network dumps.
- Zmap - An open-source network scanner.
- Zeek - An open-source network security monitor.
- Masscan - Mass IP port scanner, TCP port scanner.
-
Reversing
- Androguard - Reverse engineer Android applications.
- Frida - Dynamic Code Injection.
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Detox - A Javascript malware analysis tool.
- Swftools - Collection of utilities to work with SWF files.
- Java Decompilers - An online decompiler for Java and Android APKs.
- Krakatau - Java decompiler and disassembler.
- Objection - Runtime Mobile Exploration.
- PEDA - GDB plugin (only python2.7).
- PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
- PinCTF - A tool which uses intel pin for Side Channel Analysis.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- Uncompyle - Decompile Python 2.7 binaries (.pyc).
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Z3 - A theorem prover from Microsoft Research.
- Revelo - Analyze obfuscated Javascript code.
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Xxxswf - A Python script for analyzing Flash files.
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.
- Frida - Dynamic Code Injection.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
- Pin - A dynamic binary instrumentaion tool by Intel.
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- Angr - platform-agnostic binary analysis framework.
- Apk2Gold - Yet another Android decompiler.
- Barf - Binary Analysis and Reverse engineering Framework.
- Binary Ninja - Binary analysis framework.
- BinUtils - Collection of binary tools.
- Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
- cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
- GDB - The GNU project debugger.
- GEF - GDB plugin.
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
- Jadx - Decompile Android files.
-
Operating Systems
- BackBox - Based on Ubuntu.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- URIX OS - Based on openSUSE.
- BlackArch Linux - Based on Arch Linux.
- Kali Linux - Based on Debian.
- Parrot Security OS - Based on Debian.
- Android Tamer - Based on Debian.
- BackBox - Based on Ubuntu.
- URIX OS - Based on openSUSE.
- Pentoo - Based on Gentoo.
- REMnux - Based on Debian.
-
Tutorials
- MIPT CTF - A small course for beginners in CTFs (in Russian).
- Damn Vulnerable Web Application
- CTF Resources - Start Guide maintained by community.
- CTF Field Guide - Field Guide by Trails of Bits.
- CTF Resources - Start Guide maintained by community.
- Damn Vulnerable Web Application
-
Services
-
Wikis
- bi0s Wiki - Wiki from team bi0s.
- Bamboofox - Chinese resources to learn CTF.
- CTF Cheatsheet - CTF tips and tricks.
- OpenToAll - CTF tips by OTA CTF team members.
-
Writeups Collections
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
- 0e85dc6eaf - Write-ups for CTF challenges by 0e85dc6eaf
- Captf - Dumped CTF challenges and materials by psifertex.
- HackThisSite - CTF write-ups repo maintained by HackThisSite team.
- pwntools writeups - A collection of CTF write-ups all using pwntools.
- SababaSec - A collection of CTF write-ups by the SababaSec team
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
- Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.
- CTFTime Scrapper - Scraps all writeup from CTF Time and organize which to read first.
-
Exploits
- ROP Gadget - Framework for ROP exploitation.
- DLLInjector - Inject dlls in processes.
- libformatstr - Simplify format string exploitation.
- Cheatsheet
- one_gadget - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.
- Pwntools - CTF Framework for writing exploits.
- V0lt - Security CTF Toolkit.
-
Websites
- CTF Time - General information on CTF occuring around the worlds.
- Reddit Security CTF - Reddit CTF category.
-
Platforms
- PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.
- FBCTF - Platform to host Capture the Flag competitions from Facebook.
- Haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education.
- HackTheArch - CTF scoring platform.
- Mellivora - A CTF engine written in PHP.
- CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
- PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
- RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).
- Scorebot - Platform for CTFs by Legitbs (Defcon).
- SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.
-
Attacks
-
Crypto
- FeatherDuster - An automated, modular cryptanalysis tool.
- Hash Extender - A utility tool for performing hash length extension attacks.
- padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
- PkCrack - A tool for Breaking PkZip-encryption.
- RSACTFTool - A tool for recovering RSA private key with various attack.
- RSATool - Generate private key with knowledge of p and q.
- XORTool - A tool to analyze multi-byte xor cipher.
-
Starter Packs
Categories
Sub Categories
Keywords
python
10
security
9
ctf
8
reverse-engineering
8
pentesting
5
vulnerability-scanner
4
exploit
4
linux
4
cryptography
4
android
3
capture-the-flag
3
pwnable
3
exploitation
3
gdb
3
sql-injection
2
takeover
2
detection
2
x86
2
virtualization
2
binary-analysis
2
rop
2
instrumentation
2
pentest
2
decompiler
2
dex
2
encryption
2
crypto
2
cryptanalysis
2
hacking
2
security-scanner
2
scanner
2
golang
2
windows
2
gef
2
ida-pro
2
malware-analysis
2
pwn
2
pwntools
2
sparc
2
disassembler
2
hacking-tool
2
exploit-development
2
ctf-framework
2
debugging
2
binary-ninja
2
python3
2
wifi
1
game-hacking
1
gdb-python-scripts
1
spoofing
1