Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/randomsctf/ctf-scripts

A collection of short scripts for analysis, encryption and forensics, that can be used for CTF and/or security assessments
https://github.com/randomsctf/ctf-scripts

Last synced: about 2 months ago
JSON representation

A collection of short scripts for analysis, encryption and forensics, that can be used for CTF and/or security assessments

Awesome Lists containing this project

README 

        
# ctf-scripts

A collection of short scripts for analysis, encryption and forensics, that can be used for CTF and/or security assessments.



All scripts are GPLv3 licensed unless stated otherwise. Use for **good**, not for evil...



Higly recommended (but not necessary) is the `virtualenv` package, as it virtualizes your Python environments.



## forensics/extract_file.py

Extracts files from a pcap file containing a (fragmented) HTTP download or stream.

Example usage:

```

justsniffer -f myfile.pcap -l "%response" -e 'extract_file.py output.file'

```



This will extract the (fragmented) HTTP download from myfile.pcap and writes the output to output.file

justniffer will take care of the lower protocol layers.



Currently `extract_file.py` only handles streamed input.



## web/timing-bruteforcer.py

Bruteforces passwords by using a timing attack on webforms.

Based on the notion that successful password (characters) are expected to take longer(!) to process than unsuccessful passwords.



Example usage:

```

timing_bruteforcer.py http://my.site.com --username admin

```



Currently only hexadecimal 'passwords' are supported.



## Setup

```

git clone https://github.com/RandomsCTF/ctf-scripts.git

which virtualenv && virtualenv ctf-scripts && pushd ctf-scripts

[ -f bin/activate ] && source bin/activate

[ -f Scripts/Activate ] && source Scripts/Activate

```