A composite list of various vulnerabilities and tools to look for and use while exploiting common CTF challenges
| Tool |
Description |
Link |
| Wireshark |
Capture packets sent by devices and analyze pcap files |
Wireshark |
| pkcrack |
Crack zip passwords or run known plaintext attacks |
pkcrack |
| volatility |
Analyze memory dumps |
volatility |
| rockyou.txt |
List of common passwords helpful in many categories |
rockyou.txt |
| Aperi Solve |
Image forensics tool that runs many stegonography tools |
Aperi Solve |
| Audacity |
Analyze, visualize, and modify audio files |
Audacity |
| SleuthKit |
Analyze disk drives and dumps |
SleuthKit |
| John The Ripper |
General purpose password cracker |
John The Ripper |
| dsniff |
Sniff passwords from packet capture files |
dsniff |
| foremost |
Extract files from other files by header |
sudo apt install foremost |
| stegsnow |
white space steganography |
sudo apt install steganography |
| Tool |
Description |
Link |
| RequestBin |
Capture web requests |
RequestBin |
| revshells |
Generate reverse web shells for upload to a variety of different server types |
revshells |
| BurpSuite |
Intercept http requests, analyze them, and modify them before sending |
BurpSuite |
| sqlmap |
Automate sending sql injection payloads and detect sql injections on webpages |
sqlmap |
| SQL Injection |
SQL Injection authentication bypass cheatsheet |
sql cheatsheet |
| SUID Find |
Find SUID binaries on a linux system using find / -perm -u=s -type f 2>/dev/null |
|
| root binary find |
Find binaries that run with root privileges |
sudo -l |
| Dirbuster |
Find hidden directory and file paths on web servers |
Dirbuster |
| Postman |
General purpose HTTP request debugger and generator |
Postman |
| Tool |
Description |
Link |
| ir0nstone |
PWN tutorials containing many resources/scripts for solving pwn challenges |
ir0nstone |
| pwntools |
Python library for prototyping and writing exploits |
pwntools |
| ROPGadget |
Tool for find ROP tools and crafting ROP chains |
ROPGadget |
| shellstorm |
Database of shellcode in both assembly and byte format |
shellstorm |
| Wiremask Buffer Overflow |
Buffer overflow pattern generator that when combined with gdb can determine the offset to EIP/RIP when no canary is present |
Wiremask |
| one_gadget |
Find ROP gadgets specifically for spawning a shell i.e ROPing to execve('/bin/sh/, NULL, NULL) |
one_gadget |
| checksec |
check binary security properties of the executable revealing which attack vectors will be possible |
sudo apt-get install checksec |
| Guide to Reading Assembly |
The faker's guide to reading (x86) assembly language |
Assembly Guide |
| Tool |
Description |
Link |
| Ghidra |
Reverse Engineering toolkit for decompiling binaries into C code for static analysis |
Ghidra |
| Uncompyle |
Decompile Python binaries |
Uncompyle |
| angr |
Binary analysis platform for Python with static/dynamic analysis support and symbolic execution |
angr |
| jdgui |
Java decompiler for .class files |
jdgui |
| IDA Freeware |
Binary code analysis and reverse engineering |
IDA Freeware |
| ImHex |
Hex Editor for reverse engineering with patterns |
ImHex |
| Tool |
Description |
Link |
| alpertron |
Factor very large integers |
alpertron |
| factordb |
Database of many factored large integers |
factordb |
| CyberChef |
Generally useful for analyze encoded/encrypted strings and files |
CyberChef |
| z3 |
Theorem prover |
z3 |
| OR-Tools |
Similar to z3 but supposedly faster |
OR-Tools |
| RsaCtfTool |
Python script for automatically running known RSA attacks given various inputs |
RsaCtfTool |
| sage |
Fast math good. Fast math as python library good for quick scripting solutions |
sage |
| xortool |
Good for multi-byte xor analysis |
xortool |
| randcrack |
Predict values generated by Python's random module |
randcrack |
| RSA Algorithm |
A nice explanation of the RSA algorithm by Lei Mao |
RSA Tutorial |
| Elliptic Curves |
Elliptic Curve notes by Ben Lynn |
Elliptic Curves |
| cryptopals |
Website with learning tools and challenges for learning about cryptography |
cryptopals |
| Tool |
Description |
Link |
| ARPSyndicate |
List of helpful OSINT resources |
ARPSyndicate |
| Epieos |
OSINT Tool search engine that performs a variety of searches |
Epieos |
| Category |
Title |
Link |
| crypto |
Solving problems with the LLL algorithm |
LLL |