CTF-tools

A curated list of frameworks, libraries, resources, scripts and softwares made with ❤️. It takes time to build up collection of tools used in ctf and remember them all. This repo helps to keep all these scattered tools at one place.

If you know a tool that isn't present here, feel free to open a pull request.

Starter Pack

• CC: Pen Testing
• CTF Field Guide
• CTF Resources
• HackTricks
• IT-Security notepad
• Mr. Robot's Netflix 'n' Hack
• Resources-for-Beginner-Bug-Bounty-Hunters

Hash cracking

• MD5Hashing.net

• CyberChef : a web app for encryption, encoding, compression and data analysis.

• hash-identifier : software to identify the different types of hashes used to encrypt data and especially passwords.

• hashID : identify the different types of hashes used to encrypt data and especially passwords.

• HashTag : is a python script written to parse and identify password hashes.

• hashcat : the world's fastest and most advanced password recovery utility.

• John the Ripper : a fast password cracker.

• HashPump : a tool to exploit the hash length extension attack in various hashing algorithms.

Network Utilities

• nmap : used to discover hosts and services on a computer network by sending packets and analyzing the responses.

• Netcat : a networking utility for reading from and writing to network connections using TCP or UDP.

• wireshark : a network protocol analyzer which is often used to look at recorded network traffic.

Reverse Engineering

• Ghidra : a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.

• radare2 : A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging,...

Web

• LEGION : a tool that uses several well-known opensource tools to automatically,semi-automatically or manually enumerate the most frequent found services running in machines that you could need to pentest.

• deksterecon : a Web Application recon automation , it aggregates your target results at one place so that the struggle of manually running each tool on single target/url will get removed and it helps to get a broader view of your attack surface.

• gobuster : a tool used to brute-force URIs (directories and files) in web sites,DNS subdomains (with wildcard support),virtual Host names on target web servers.

• DirBuster : a multi threaded java application designed to brute force directories and files names on web/application servers.

• Burp Suite : an advanced tool for testing website security and automating custom attacks.

  • HackBar
  • Logger++

• OWASP zap : a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

• nikto : an open source web scanner employed for assessing the probable issues and vulnerabilities.

• sqlmap : a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

• THC Hydra : perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more.

• LFI Suite : a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features.

• fimap : a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

• WPScan : a WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.

• Sublist3r : a python tool designed to enumerate subdomains of websites using OSINT.

• subbrute : a community driven project with the goal of creating the fastest,and most accurate subdomain enumeration tool.

• DNSrecon : a powerful DNS enumeration tool, one of it’s feature is to conduct dictionary based sub-domain enumeration using a pre-defined wordlist.

• dnsdumpster : a domain research tool to find host-related information.

• FavFreak : a tool for recon using Favicon hashes, It sorts the domains/subdomains/IPs according to their favicon hashes.

Stegano

• Steganographic Decoder

• Twitter Secret Messages : Hide secret messages in your tweets (or any text) with steg-of-the-dump.js

• Forensically : a set of free tools for digital image forensics. It includes clone detection, error level analysis, meta data extraction and more.

• Steghide : a steganography program that is able to hide data in various kinds of image- and audio-files.

• Audacity : the premiere open-source audio file and waveform-viewing tool.

• WavSteg : a python3 tool that can hide data and files in wav files and can also extract data from wav files.

• OpenStego : a steganography application that provides Data Hiding and Watermarking.

• pngcheck : verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs and decompressing the image data.

• StegCracker : a Steganography brute-force utility to uncover hidden data inside files.

• zsteg : detect stegano-hidden data in PNG & BMP.

• stegsolve : a small java tool that applies many color filters on images.

• binwalk : a tool for searching binary files like images and audio files for embedded files and data.

• foremost : a program that recovers files based on their headers , footers and internal data structures

more...

Wordlist

• SecLists : a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

• FuzzDB : contains comprehensive lists of attack payload primitives for fault injection testing.

• WordList-Compendium : personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, etc.

• Kaonashi : wordlist extracted from real password leaksa, and sorted by number of ocurrences.

Samba

• SMBMap : allows users to enumerate samba share drives across an entire domain.

• enum4linux : a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.

Privilege escalation

• Basic Linux Privilege Escalation

• Windows Privilege Escalation Fundamentals

• linux-smart-enumeration : a script that show relevant information about the security of the local Linux system.

• linux-exploit-suggester : designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine.

• LinEnum : a Scripted Local Linux Enumeration & Privilege Escalation Checks.

• PEASS : Privilege Escalation Awesome Scripts SUITE.

• GTFOBins : a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.

• PowerUp : aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.

• JAWS : script designed to help penetration testers quickly identify potential privilege escalation vectors on Windows systems.

more...

OSINT

• haveibeenpwned

• snusbase

• dehashed

• leakcheck

• Shodan : the world's first search engine for Internet-connected devices.

• BinaryEdge : a custom built platform to scan, acquire and classify public Internet data.

• whopostedwhat : offers reporters a way to similarly search keywords and find the accounts posting about a topic or event.

• Graph.tips : allow anyone to search a wealth of public data on Facebook in very specific ways, such as searching content for keywords in a particular point in time.

• instant-username-search : search for the availability of your username on more than 100 social media sites.

• ExifTool : a command-line application for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers.

• WiGLE : a website for collecting information about the different wireless hotspots around the world

• Creepy : a Geolocation OSINT Tool. Offers geolocation information gathering through social networking platforms.

• Social Mapper : an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale.

• theHarvester : a tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.

• TinEye : a reverse image search engine.

• YandexImages : a reverse image search engine.

more...

Others

• quack : a set of tools to provide denial of service attacks; SMS attack tool, HTTP attack tool and many other attack tools.

• GSMEVIL 2 : a python web based tool which use for capturing imsi numbers and sms and also you able to see sms and imsi on any device using your favorite browser and it's make easy to capture sms and imsi numbers for those who not have much knowledge about gsm packets capturing.

• WhatsaApp-spammer : A simple python script that spams a message to a contact as many times as you want.

• RouterSploit : an open-source exploitation framework dedicated to embedded devices.

• moroccan numbers : site:wa.me "+212"

Writeups

• ctftime
• braincoke
• dominicbreuker