Skip to content

d4rkr00t-ctf/Resources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

Resources

This is our first version of useful CTF tools / resources.

Web

Tools used for solving Web challenges

  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar - Firefox addon for easy web exploitation
  • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman - Add on for chrome for debugging network requests
  • SQLMap - Automatic SQL injection and database takeover tooli
  • W3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor
  • BurpSuite

Reverse Engineering:

GDB - http://www.gnu.org/software/gdb/download/
IDA Pro - https://www.hex-rays.com/products/ida/support/download.shtml
Immunity Debugger - http://debugger.immunityinc.com/
OllyDbg - http://www.ollydbg.de/
radare2 - http://www.radare.org/y/?p=download
Hopper - http://www.hopperapp.com/download.html
nm - unix/linux tool
objdump - linux tool
strace - linux tool
ILSpy - http://ilspy.net/
JD-GUI - http://jd.benow.ca/#jd-gui-overview
FFDec - http://www.free-decompiler.com/flash/download.html
dex2jar - http://code.google.com/p/dex2jar/
uncompyle2 - https://github.com/wibiti/uncompyle2

tools used for solving Reversing Challenges

  • Androguard - Reverse engineer Android applications
  • Angr - platform-agnostic binary analysis framework
  • Apk2Gold - Yet another Android decompiler
  • ApkTool - Android Decompiler
  • Barf - Binary Analysis and Reverse engineering Framework
  • Binary Ninja - Binary analysis framework
  • BinUtils - Collection of binary tools
  • BinWalk - Analyze, reverse engineer, and extract firmware images.
  • Boomerang - Decompile x86 binaries to C
  • ctf_import – run basic functions from stripped binaries cross platform
  • GDB - The GNU project debugger
  • GEF - GDB plugin
  • Hopper - Reverse engineering tool (disassembler) for OSX and Linux
  • IDA Pro - Most used Reversing software
  • Jadx - Decompile Android files
  • Java Decompilers - An online decompiler for Java and Android APKs
  • Krakatau - Java decompiler and disassembler
  • PEDA - GDB plugin (only python2.7)
  • Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 - A portable reversing framework
  • Uncompyle - Decompile Python 2.7 binaries (.pyc)
  • WinDbg - Windows debugger distributed by Microsoft
  • Xocopy - Program that can copy executables with execute, but no read permission
  • Z3 - a theorem prover from Microsoft Research

JavaScript Deobfustcators

  • Detox - A Javascript malware analysis tool
  • Revelo - Analyze obfuscated Javascript code

SWF Analyzers

  • RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools - Collection of utilities to work with SWF files
  • Xxxswf - A Python script for analyzing Flash files.

Hex editors:

Windows:
HxD - http://mh-nexus.de/en/hxd/
Neo - http://www.new-hex-editor.com/hex-editor-downloads.html
Linux:
Bless - http://home.gna.org/bless/downloads.html
wxHexEditor - http://www.wxhexeditor.org/download.php
Exe unpackers - Unpacking Kit 2012 - http://forum.exetools.com/showthread.php?t=13610

Networking:

Tools used for solving Networking challenges

  • Wireshark - Analyze the network dumps
  • Masscan - Mass IP port scanner, TCP port scanner
  • Nipe - Nipe is a script to make Tor Network your default gateway.
  • Nmap - open source utility for network discovery and security auditing
  • Zmap - an open-source network scanner

Steganography:

OpenStego - http://www.openstego.info/
OutGuess - http://www.outguess.org/download.php
SilentEye - http://www.silenteye.org/download.html
Steghide - http://steghide.sourceforge.net/download.php
StegFS - http://sourceforge.net/projects/stegfs/
pngcheck - http://www.libpng.org/pub/png/apps/pngcheck.html
GIMP - http://www.gimp.org/downloads/
Audacity - http://audacity.sourceforge.net/download/
MP3Stego - http://www.petitcolas.net/steganography/mp3stego/
ffmpeg (for video analysis) - https://www.ffmpeg.org/download.html
zsteg - https://github.com/zed-0xff/zsteg

Forensics:

dd - unix/linux tool
strings - unix/linux tool
scalpel - https://github.com/sleuthkit/scalpel
TrID - http://mark0.net/soft-trid-e.html
binwalk - http://binwalk.org/
foremost - http://foremost.sourceforge.net/
ExifTool - http://www.sno.phy.queensu.ca/~phil/exiftool/
Digital Forensics Framework (DFF) - http://www.digital-forensic.org/download/
Computer Aided INvestigative Environment (CAINE) Linux forensics live distribution - http://www.caine-live.net/
The Sleuth Kit (TSK) - http://www.sleuthkit.org/sleuthkit/download.php

Tools used for solving Forensics challenges

  • Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
    • apt-get install aircrack-ng
  • Audacity - Analyze sound files (mp3, m4a, whatever)
    • apt-get install audacity
  • Bkhive and Samdump2 - Dump SYSTEM and SAM files
    • apt-get install samdump2 bkhive
  • CFF Explorer - PE Editor
  • Creddump - Dump windows credentials
  • DVCS Ripper - Rips web accessible (distributed) version control systems
  • Exif Tool - Read, write and edit file metadata
  • Extundelete - Used for recovering lost data from mountable images
  • Fibratus - Tool for exploration and tracing of the Windows kernel
  • Foremost - Extract particular kind of files using headers
    • apt-get install foremost
  • Fsck.ext4 - Used to fix corrupt filesystems
  • Malzilla - Malware hunting tool
  • NetworkMiner - Network Forensic Analysis Tool
  • PDF Streams Inflater - Find and extract zlib files compressed in PDF files
  • ResourcesExtract - Extract various filetypes from exes
  • Shellbags - Investigate NT_USER.dat files
  • UsbForensics - Contains many tools for usb forensics
  • Volatility - To investigate memory dumps

Crypto:

Tools used for solving Crypto challenges

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

  • Hashcat - Password Cracker
  • John The Jumbo - Community enhanced version of John the Ripper
  • John The Ripper - Password Cracker
  • Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack - Windows password cracker based on rainbow tables.
  • Patator - Patator is a multi-purpose brute-forcer, with a modular design.

Exploits

Tools used for solving Exploits challenges

  • DLLInjector - Inject dlls in processes
  • libformatstr - Simplify format string exploitation.
  • Metasploit - Penetration testing software
  • one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call
    • gem install one_gadget
  • Pwntools - CTF Framework for writing exploits
  • Qira - QEMU Interactive Runtime Analyser
  • ROP Gadget - Framework for ROP exploitation
  • V0lt - Security CTF Toolkit

Online tools:

http://www.crypo.com/
http://www.cryptool-online.org/
http://rumkin.com/tools/cipher/
Modules for python - pycrypto - https://www.dlitz.net/software/pycrypto/

Various kind of useful services available around the internet

  • CSWSH - Cross-Site WebSocket Hijacking Tester
  • Request Bin - Lets you inspect http requests to a particular url

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published