Capture The Flag (CTF)
CTFs are information security competitions in conferences or events.
There are several different challenges:
- Cryptography Can be "real world" scenarios about encryption (base64, roman cypher, RSA, etc) ransomware and others.
- Exploitation Basicly using exploit like SQL injection, buffer overflow, string format, etc.
- Penetration Testing Labs/Pwn - Exploiting a servers.
- Programming Require some sort of programming like PHP, C#, Java, ect.
- Reverse Engineering/Binary - Reverse engineering or exploiting a binary file.
- Steganography Finding information hidden in files or image.
- Web Exploiting web pages
Operating System | Distro | Description |
---|---|---|
Android Tamer | Debian | For Android Security professionals to work on large array of android security related task’s ranging from Malware Analysis, Penetration Testing and Reverse Engineering. |
BackBox | Ubuntu | It is for penetration testers and security researchers. It is a Free Open Source Community Project with the aim of promoting the culture of security in IT environment and give its contribution to make it better and safer. |
BlackArch Linux | Arch Linux | It is for penetration testers and security researchers. |
Fedora Security Lab | Fedora | Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. |
Kali Linux | Debian | It is an open-source Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. |
Parrot Security OS | Debian | Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure. |
Pentoo | Gentoo | It is designed for penetration testing and security assessment. |
URIX OS | openSUSE | It is the sucessor of NetSecL OS also know as ISlack. |
Wifislax | Slackware | It is alinux live cd designed by www.seguridadwireless.net and is adapted for wireless. |
Tool | Description |
---|---|
Sonic Visualizer | Open source music recording. |
Audacity | Audio editor. |
Tool | Description |
---|---|
CyberChef | The Cyber Swiss Army Knife, a web app for encryption, encoding, compression and data analysis. |
Base64 decoder | BASE64 Decode and Encode |
Enconding tools | Graphical utility for performing common encoding, decoding, and hashing procedures on text or binary data |
Tool | Description |
---|---|
binwalk | Analyze and extract files |
Tool | Description |
---|---|
Dnscat2 | Hosts communication through DNS. |
Kroll Artifact Parser and Extractor (KAPE) | Triage program. |
Magnet AXIOM | Artifact-centric DFIR tool. |
Registry Dumper | Dump your registry. |
UsbRip | Tracking history of USB events on GNU/Linux |
Tool | Type | Description |
---|---|---|
CyberChef | Web app for analysing and decoding data. | |
FeatherDuster | An automated, modular cryptanalysis tool. | |
Hash Extender | A utility tool for performing hash length extension attacks. | |
padding-oracle-attacker | A CLI tool to execute padding oracle attacks. | |
PkCrack | A tool for Breaking PkZip-encryption. | |
QuipQuip | An online tool for breaking substitution ciphers or vigenere ciphers (without key). | |
RSACTFTool | A tool for recovering RSA private key with various attack. | |
RSATool | Generate private key with knowledge of p and q. | |
XORToo | A tool to analyze multi-byte xor cipher. |
Tool | Description |
---|---|
GDB - Binary debugger |
Tool | Type | Description |
---|---|---|
Hashcat | Bruteforce | Password Cracker. |
Hydra | Bruteforce | A parallelized login cracker which supports numerous protocols to attack. |
John The Jumbo | Bruteforce | Community enhanced version of John the Ripper. |
John The Ripper | Bruteforce | Password Cracker. |
Nozzlr | Bruteforce | Nozzlr is a bruteforce framework, trully modular and script-friendly. |
Ophcrack | Bruteforce | Windows password cracker based on rainbow tables. |
Patator | Bruteforce | Patator is a multi-purpose brute-forcer, with a modular design. |
Turbo Intruder | Bruteforce | Burp Suite extension for sending large numbers of HTTP requests. |
Tool | Type | Description |
---|---|---|
DLLInjector | DLL injection | Inject dlls in processes. |
libformatstr | String exploitation | Simplify format string exploitation. |
Metasploit | Penetration testing framework | Penetration testing software. |
Cheatsheet | Cheat Sheet | Metasploit Cheat Sheet |
one_gadget | Remote code execution (CFE) | A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.v (gem install one_gadget) |
Pwntools | CTF framework | CTF framework and exploit development librarys. |
Qira | QEMU Interactive Runtime Analyser. | |
ROP Gadget | Return-oriented programming (ROP) | Framework for ROP exploitation. |
V0lt | Security CTF Toolkit. |
Tool | Type | Description |
---|---|---|
Aircrack-Ng | Crack 802.11 WEP and WPA-PSK keys. (apt-get install aircrack-ng) |
|
Audacity | Analyze sound files (mp3, m4a, whatever). (apt-get install audacity) |
|
Bkhive and Samdump2 | Dump SYSTEM and SAM files (apt-get install samdump2 bkhive) |
|
CFF Explorer | PE Editor. | |
Creddump | Credentials | Dump windows credentials. |
DVCS Ripper | Rips web accessible (distributed) version control systems. | |
Exif Tool | Metadata | Read, write and edit file metadata. |
Extundelete | Images | Used for recovering lost data from mountable images. |
Fibratus | Windows Kernel | Tool for exploration and tracing of the Windows kernel. |
Foremost | Extract particular kind of files using headers.(apt-get install foremost) |
|
Fsck.ext4 - Used to fix corrupt filesystems. | ||
Malzilla | Mallware | Malware hunting tool. |
NetworkMiner | Network | Network Forensic Analysis Tool. |
OfflineRegistryView | Registry Viewer | Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format. |
PDF Streams Inflater | Find and extract zlib files compressed in PDF files. | |
Pngcheck | PNG | Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form. (apt-get install pngcheck) |
Registry Viewer | Registry Viewer | Used to view Windows registries. |
ResourcesExtract | Extract various filetypes from exes. | |
Shellbags | Investigate NT_USER.dat files. | |
USBRip | USB | Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux. |
Volatility | Memory | To investigate memory dumps. |
Wireshark | Network protocol analyzer | Used to analyze pcap or pcapng files |
Tool | Type | Description |
---|---|---|
JWT | Decode, verify and generate JWT |
Tool | Type | Description |
---|---|---|
Bettercap | Man in the Middle | Framework to perform MITM (Man in the Middle) attacks. |
burp suite | Feature packed web penetration testing framework | |
Masscan | Network scanner | Mass IP port scanner, TCP port scanner. |
Monit | Network protocol analyzer | A linux tool to check a host on the network (and other non-network activities). |
Nipe | Tor Network | Nipe is a script to make Tor Network your default gateway. |
Nmap | Network auditing | An open source utility for network discovery and security auditing. |
Wireshark | Network dumps | Analyze the network dumps. (apt-get install wireshark) |
Yersinia | Network layer 2 | Attack various protocols on layer 2. |
Zeek | Network monitor | An open-source network security monitor. |
Zmap | Network auditing | An open-source network scanner. |
Tool | Type | Description |
---|---|---|
Masscan | Mass IP port scanner, TCP port scanner. | |
Monit | A linux tool to check a host on the network (and other non-network activities). | |
Nipe | Nipe is a script to make Tor Network your default gateway. | |
Nmap | An open source utility for network discovery and security auditing. | |
Termshark | Network analyzer | A terminal user-interface for tshark, inspired by Wireshark. |
Wireshark | Network analyzer | Analyze the network dumps. (apt-get install wireshark) |
Zeek | An open-source network security monitor. | |
Zmap | An open-source network scanner. |
Tool | Type | Description |
---|---|---|
RSA tool | Calculate RSA and RSA-CRT parameters | |
RSA CTF TOOL | Retreive private key from weak public key and/or uncipher data | |
Factorization website | Integer factorization calculator | |
Factor DB |
Tool | Type | Description |
---|---|---|
Androguard | Reverse engineer Android applications. | |
Angr | platform-agnostic binary analysis framework. | |
Apk2Gold | Decompilers | Yet another Android decompiler. |
ApkTool | Decompilers | Android Decompiler. |
Barf | Binary Analysis and Reverse engineering Framework. | |
Binary Ninja | Binary analysis framework. | |
BinUtils | Collection of binary tools. | |
BinWalk | Analyze, reverse engineer, and extract firmware images. | |
Boomerang Decompiler | Decompilers | Decompile x86/SPARC/PowerPC/ST-20 binaries to C. |
ctf_import | run basic functions from stripped binaries cross platform. | |
cwe_checker | cwe_checker finds vulnerable patterns in binary executables. | |
demovfuscator | A work-in-progress deobfuscator for movfuscated binaries. | |
Detox | JavaScript Deobfuscators | A Javascript malware analysis tool. |
Flare VM | Malware analysts | Based on Windows |
Frida (C / C++ / C#) | Dynamic Code Injection. | |
GDB | The GNU project debugger. | |
GEF | GDB plugin. | |
Ghidra (C / C++ / C#) | Open Source suite of reverse engineering tools. Similar to IDA Pro. | |
Hopper (C / C++ / C#) | Reverse engineering tool (disassembler) for OSX and Linux. | |
IDA Pro | Most used Reversing software. | |
Jadx (Java) | Decompilers | Decompile Android files. |
Java Decompilers (Java) | Decompilers | An online decompiler for Java and Android APKs. |
Krakatau | Decompilers | Java decompiler and disassembler. |
Objection | Runtime Mobile Exploration. | |
PEDA | GDB plugin (only python2.7). | |
Pin | A dynamic binary instrumentaion tool by Intel. | |
PINCE | GDB front-end/reverse engineering tool, focused on game-hacking and automation. | |
PinCTF | A tool which uses intel pin for Side Channel Analysis. | |
Plasma | An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax. | |
Pwndbg | A GDB plugin that provides a suite of utilities to hack around GDB easily. | |
RABCDAsm | SWF Analyzer | Collection of utilities including an ActionScript 3 assembler/disassembler. |
radare2 | A portable reversing framework. | |
REMnux | Malware analysts | Based on Debian. |
Revelo | JavaScript Deobfuscators | Analyze obfuscated Javascript code. |
Swftools | SWF Analyzer | Collection of utilities to work with SWF files. |
Triton | Dynamic Binary Analysis (DBA) framework. | |
Uncompyle | Decompile Python 2.7 binaries (.pyc). | |
WinDbg | Windows debugger distributed by Microsoft. | |
Xocopy | Program that can copy executables with execute, but no read permission. | |
Xxxswf | SWF Analyzer | A Python script for analyzing Flash files. |
Z3 | A theorem prover from Microsoft Research. |
Tool | Type | Description |
---|---|---|
AperiSolve | Aperi'Solve is a platform which performs layer analysis on image (open-source). | |
Convert | Convert images b/w formats and apply filters. | |
Exif | JPEG | Shows EXIF information in JPEG files. |
Exiftool | Read and write meta information in files. | |
Exiv2 | Image metadata manipulation tool. | |
Image Steganography | Hidden text/files | Embeds text and files in images with optional |
Image Steganography Online | This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images | |
ImageMagick | Tool for manipulating images. | |
Outguess | Universal steganographic tool. | |
Pngtools | PNG | For various analysis related to PNGs. (apt-get install pngtools) |
SmartDeblur | Used to deblur and fix defocused images. | |
Steganabara | Tool for stegano analysis written in Java. | |
SteganographyOnline | Online steganography encoder and decoder. | |
Stegbreak | JPG | Launches brute-force dictionary attacks on JPG image. |
StegCracker | Hidden data | Steganography brute-force utility to uncover hidden data inside files. |
stegextract | Hidden text | Detect hidden files and text in images. |
Steghide | Hide data in various kind of images. | |
StegOnline | Hidden data | Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source). |
Stenography online | ||
stegsolve | Hidden text | Pass various filters over images to look for hidden text |
Snow | Whitespace | A Whitespace Steganography Tool. |
Zsteg | PNG/BMP | PNG/BMP analysis. |
Tool | Type | Description |
---|---|---|
CSWSH | Cross-Site WebSocket | Cross-Site WebSocket Hijacking Tester. |
BurpSuite | A graphical tool to testing website security. | |
Commix | Automated All-in-One OS Command Injection and Exploitation Tool. | |
Detox | JavaScript Deobfuscators | A Javascript malware analysis tool. |
Hackbar | Firefox addon for easy web exploitation. | |
OWASP ZAP | Intercepting proxy to replay, debug, and fuzz HTTP requests and responses. | |
Postman | Add on for chrome for debugging network requests. | |
Metasploit JavaScript Obfuscator | JavaScript Obfustcators | |
Raccoon | Vulnerability scanning | A high performance offensive security tool for reconnaissance and vulnerability scanning. |
Request Bin | Lets you inspect http requests to a particular url. | |
Revelo | JavaScript Deobfuscators | Analyze obfuscated Javascript code. |
SQLMap | SQL injection | Automatic SQL injection and database takeover tool. |
(pip install sqlmap) |
||
Uglify | JavaScript Obfustcators | |
W3af | Web Application Attack and Audit Framework. | |
XSSer | Automated XSS testor. |
- C:\Windows\System32\spool\drivers\color