A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
Please take a quick look at the contribution guidelines first.
It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.
Tools used for creating CTF challenges
Tools used for creating Forensics challenges
- Registry Dumper - Dump your registry
Tools used for creating Web challenges
JavaScript Obfustcators
Tools used for solving CTF challenges
Tools used for performing various kinds of attacks
- Layer 2 attacks - Attack various protocols on layer 2
Tools used for solving Crypto challenges
- RSATool - Generate private key with knowledge of p and q
- XORTool - A tool to analyze multi-byte xor cipher
Tools used for various kind of bruteforcing (passwords etc.)
- John The Jumbo - Community enhanced version of John the Ripper
- John The Ripper - Password Cracker
- Ophcrack - Windows password cracker based on rainbow tables.
Tools used for solving Exploits challenges
- Metasploit - Penetration testing software
- pwntools - CTF Framework for writing exploits
Tools used for solving Forensics challenges
- Audacity - Analyze sound files (mp3, m4a, whatever)
apt-get install audacity
- bkhive and samdump2 - Dump SYSTEM and SAM files
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor
- creddump - Dump windows credentials
- extundelete - Used for recovering lost data from mountable images
- Foremost - Extract particular kind of files using headers
apt-get install foremost
- fsck.ext4 - Used to fix corrupt filesystems
- Malzilla - Malware hunting tool
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files
- ResourcesExtract - Extract various filetypes from exes
- Shellbags - Investigate NT_USER.dat files
- UsbForensics - Contains many tools for usb forensics
- Volatility - To investigate memory dumps
- Wireshark - Analyze the network dumps
apt-get install wireshark
Registry Viewers
- RegistryViewer - Used to view windows registries
- Windows Registry Viewers - More registry viewers
Tools used for solving Reversing challenges
- Androguard - Reverse engineer Android applications
- Apk2Gold - Yet another Android decompiler
- ApkTool - Android Decompiler
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86 binaries to C
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Krakatau - Java decompiler and disassembler
- Uncompyle - Decompile Python 2.7 binaries (.pyc)
JavaScript Deobfustcators
Various kind of useful services available around the internet
- CSWSH - Cross-Site WebSocket Hijacking Tester
- Request Bin - Lets you inspect http requests to a particular url
Tools used for solving Steganography challenges
- pngtools - For various analysis related to PNGs
apt-get install pngtools
- SmartDeblur - Used to deblur and fix defocused images
- Steganabara - Tool for stegano analysis written in Java
- Steghide - Hide data in various kind of images
- Stegsolve - Apply various steganography techniques to images
Tools used for solving Web challenges
Where to discover about CTF
Tutorials to learn how to play CTFs
- CTF Field Guide - Field Guide by Trails of Bits
Always online CTFs
- Backdoor - Security Platform by SDSLabs
- Exploit Exercises - Variety of VMs to learn variety of computer security issues
- Hack This Site - Training ground for hackers.
- Over The Wire - Wargame maintained by OvertheWire Community
- WeChall - Always online challenge site
Various general websites about and on ctf
- CTF Time - General information on CTF occuring around the worlds
- Reddit Security CTF - Reddit CTF category
Various Wikis available for learning about CTFs
- ISIS Lab - CTF Wiki by Isis lab
Collections of CTF writeups
- CTF Writeups (Community) - CTF Writeups Repos maintained by community
- Shell Storm - CTF Writeups Repo maintained by Jonathan Salwan
- Smoke Leet Everyday - CTF Writeups Repo maintained by SmokeLeetEveryday team.
MIT :)