This is our first version of useful CTF tools / resources.
Tools used for solving Web challenges
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Hackbar - Firefox addon for easy web exploitation
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests
- SQLMap - Automatic SQL injection and database takeover tooli
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor
- BurpSuite
GDB - http://www.gnu.org/software/gdb/download/
IDA Pro - https://www.hex-rays.com/products/ida/support/download.shtml
Immunity Debugger - http://debugger.immunityinc.com/
OllyDbg - http://www.ollydbg.de/
radare2 - http://www.radare.org/y/?p=download
Hopper - http://www.hopperapp.com/download.html
nm - unix/linux tool
objdump - linux tool
strace - linux tool
ILSpy - http://ilspy.net/
JD-GUI - http://jd.benow.ca/#jd-gui-overview
FFDec - http://www.free-decompiler.com/flash/download.html
dex2jar - http://code.google.com/p/dex2jar/
uncompyle2 - https://github.com/wibiti/uncompyle2
- Androguard - Reverse engineer Android applications
- Angr - platform-agnostic binary analysis framework
- Apk2Gold - Yet another Android decompiler
- ApkTool - Android Decompiler
- Barf - Binary Analysis and Reverse engineering Framework
- Binary Ninja - Binary analysis framework
- BinUtils - Collection of binary tools
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86 binaries to C
- ctf_import – run basic functions from stripped binaries cross platform
- GDB - The GNU project debugger
- GEF - GDB plugin
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Java Decompilers - An online decompiler for Java and Android APKs
- Krakatau - Java decompiler and disassembler
- PEDA - GDB plugin (only python2.7)
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- radare2 - A portable reversing framework
- Uncompyle - Decompile Python 2.7 binaries (.pyc)
- WinDbg - Windows debugger distributed by Microsoft
- Xocopy - Program that can copy executables with execute, but no read permission
- Z3 - a theorem prover from Microsoft Research
JavaScript Deobfustcators
SWF Analyzers
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Swftools - Collection of utilities to work with SWF files
- Xxxswf - A Python script for analyzing Flash files.
Windows:
HxD - http://mh-nexus.de/en/hxd/
Neo - http://www.new-hex-editor.com/hex-editor-downloads.html
Linux:
Bless - http://home.gna.org/bless/downloads.html
wxHexEditor - http://www.wxhexeditor.org/download.php
Exe unpackers - Unpacking Kit 2012 - http://forum.exetools.com/showthread.php?t=13610
Tools used for solving Networking challenges
- Wireshark - Analyze the network dumps
- Masscan - Mass IP port scanner, TCP port scanner
- Nipe - Nipe is a script to make Tor Network your default gateway.
- Nmap - open source utility for network discovery and security auditing
- Zmap - an open-source network scanner
OpenStego - http://www.openstego.info/
OutGuess - http://www.outguess.org/download.php
SilentEye - http://www.silenteye.org/download.html
Steghide - http://steghide.sourceforge.net/download.php
StegFS - http://sourceforge.net/projects/stegfs/
pngcheck - http://www.libpng.org/pub/png/apps/pngcheck.html
GIMP - http://www.gimp.org/downloads/
Audacity - http://audacity.sourceforge.net/download/
MP3Stego - http://www.petitcolas.net/steganography/mp3stego/
ffmpeg (for video analysis) - https://www.ffmpeg.org/download.html
zsteg - https://github.com/zed-0xff/zsteg
dd - unix/linux tool
strings - unix/linux tool
scalpel - https://github.com/sleuthkit/scalpel
TrID - http://mark0.net/soft-trid-e.html
binwalk - http://binwalk.org/
foremost - http://foremost.sourceforge.net/
ExifTool - http://www.sno.phy.queensu.ca/~phil/exiftool/
Digital Forensics Framework (DFF) - http://www.digital-forensic.org/download/
Computer Aided INvestigative Environment (CAINE) Linux forensics live distribution - http://www.caine-live.net/
The Sleuth Kit (TSK) - http://www.sleuthkit.org/sleuthkit/download.php
Tools used for solving Forensics challenges
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
apt-get install aircrack-ng
- Audacity - Analyze sound files (mp3, m4a, whatever)
apt-get install audacity
- Bkhive and Samdump2 - Dump SYSTEM and SAM files
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor
- Creddump - Dump windows credentials
- DVCS Ripper - Rips web accessible (distributed) version control systems
- Exif Tool - Read, write and edit file metadata
- Extundelete - Used for recovering lost data from mountable images
- Fibratus - Tool for exploration and tracing of the Windows kernel
- Foremost - Extract particular kind of files using headers
apt-get install foremost
- Fsck.ext4 - Used to fix corrupt filesystems
- Malzilla - Malware hunting tool
- NetworkMiner - Network Forensic Analysis Tool
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files
- ResourcesExtract - Extract various filetypes from exes
- Shellbags - Investigate NT_USER.dat files
- UsbForensics - Contains many tools for usb forensics
- Volatility - To investigate memory dumps
Tools used for solving Crypto challenges
- Cryptool
- hashpump
- Sage
- John the Ripper
- FeatherDuster - An automated, modular cryptanalysis tool
- Hash Extender - A utility tool for performing hash length extension attacks
- PkCrack - A tool for Breaking PkZip-encryption
- RSATool - Generate private key with knowledge of p and q
- XORTool - A tool to analyze multi-byte xor cipher
- RsaCtfTool - RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
Tools used for various kind of bruteforcing (passwords etc.)
- Hashcat - Password Cracker
- John The Jumbo - Community enhanced version of John the Ripper
- John The Ripper - Password Cracker
- Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Ophcrack - Windows password cracker based on rainbow tables.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design.
Tools used for solving Exploits challenges
- DLLInjector - Inject dlls in processes
- libformatstr - Simplify format string exploitation.
- Metasploit - Penetration testing software
- one_gadget - A tool to find the one gadget
execve('/bin/sh', NULL, NULL)
callgem install one_gadget
- Pwntools - CTF Framework for writing exploits
- Qira - QEMU Interactive Runtime Analyser
- ROP Gadget - Framework for ROP exploitation
- V0lt - Security CTF Toolkit
http://www.crypo.com/
http://www.cryptool-online.org/
http://rumkin.com/tools/cipher/
Modules for python - pycrypto - https://www.dlitz.net/software/pycrypto/
Various kind of useful services available around the internet
- CSWSH - Cross-Site WebSocket Hijacking Tester
- Request Bin - Lets you inspect http requests to a particular url