awesome-ctf
A curated list of CTF frameworks, libraries, resources and softwares
10k stars
284 watching
1k forks
Language: JavaScript
last commit: 3 months ago
Linked from 13 awesome lists
awesomectfpenetrationsecurity
Create | |||
Kali Linux CTF Blueprints | Online book on building, testing, and customizing your own Capture the Flag challenges | ||
Create / Forensics | |||
Dnscat2 | 3,428 | 7 months ago | Hosts communication through DNS |
Kroll Artifact Parser and Extractor (KAPE) | Triage program | ||
Magnet AXIOM | Artifact-centric DFIR tool | ||
Registry Dumper | Dump your registry | ||
Create / Platforms | |||
CTFd | 5,586 | 10 days ago | Platform to host jeopardy style CTFs from ISISLab, NYU Tandon |
echoCTF.RED | 111 | 19 days ago | Develop, deploy and maintain your own CTF infrastructure |
FBCTF | 6,523 | 10 months ago | Platform to host Capture the Flag competitions from Facebook |
Haaukins | 184 | about 2 months ago | A Highly Accessible and Automated Virtualization Platform for Security Education |
HackTheArch | 67 | over 1 year ago | CTF scoring platform |
Mellivora | 441 | 10 months ago | A CTF engine written in PHP |
MotherFucking-CTF | 48 | over 5 years ago | Badass lightweight plaform to host CTFs. No JS involved |
NightShade | 119 | over 7 years ago | A simple security CTF framework |
OpenCTF | 80 | over 1 year ago | CTF in a box. Minimal setup required |
PicoCTF | 287 | 5 months ago | The platform used to run picoCTF. A great framework to host any CTF |
PyChallFactory | 106 | 12 days ago | Small framework to create/manage/package jeopardy CTF challenges |
RootTheBox | 928 | 27 days ago | A Game of Hackers (CTF Scoreboard & Game Manager) |
Scorebot | 50 | about 7 years ago | Platform for CTFs by Legitbs (Defcon) |
SecGen | 2,624 | 10 days ago | Security Scenario Generator. Creates randomly vulnerable virtual machines |
Create / Web | |||
Metasploit JavaScript Obfuscator | 33,868 | 10 days ago | |
Uglify | 13,127 | 13 days ago | |
Solve / Attacks | |||
Bettercap | 16,457 | 15 days ago | Framework to perform MITM (Man in the Middle) attacks |
Yersinia | 706 | about 1 year ago | Attack various protocols on layer 2 |
Solve / Crypto | |||
CyberChef | Web app for analysing and decoding data | ||
FeatherDuster | 1,084 | almost 3 years ago | An automated, modular cryptanalysis tool |
Hash Extender | 1,080 | about 1 year ago | A utility tool for performing hash length extension attacks |
padding-oracle-attacker | 199 | over 1 year ago | A CLI tool to execute padding oracle attacks |
PkCrack | A tool for Breaking PkZip-encryption | ||
QuipQuip | An online tool for breaking substitution ciphers or vigenere ciphers (without key) | ||
RSACTFTool | 5,548 | 12 days ago | A tool for recovering RSA private key with various attack |
RSATool | 1,173 | about 2 months ago | Generate private key with knowledge of p and q |
XORTool | 1,382 | over 1 year ago | A tool to analyze multi-byte xor cipher |
Solve / Bruteforcers | |||
Hashcat | Password Cracker | ||
Hydra | A parallelized login cracker which supports numerous protocols to attack | ||
John The Jumbo | 10,104 | 14 days ago | Community enhanced version of John the Ripper |
John The Ripper | Password Cracker | ||
Nozzlr | 63 | almost 2 years ago | Nozzlr is a bruteforce framework, trully modular and script-friendly |
Ophcrack | Windows password cracker based on rainbow tables | ||
Patator | 3,547 | 9 months ago | Patator is a multi-purpose brute-forcer, with a modular design |
Turbo Intruder | Burp Suite extension for sending large numbers of HTTP requests | ||
Solve / Exploits | |||
DLLInjector | 485 | almost 12 years ago | Inject dlls in processes |
libformatstr | 338 | almost 3 years ago | Simplify format string exploitation |
Metasploit | Penetration testing software | ||
Solve / Exploits / Metasploit | |||
Cheatsheet | |||
Solve / Exploits | |||
one_gadget | 2,042 | 9 days ago | A tool to find the one gadget call |
Pwntools | 11,978 | 9 days ago | CTF Framework for writing exploits |
Qira | 3,939 | over 2 years ago | QEMU Interactive Runtime Analyser |
ROP Gadget | 3,880 | 12 days ago | Framework for ROP exploitation |
V0lt | 366 | over 6 years ago | Security CTF Toolkit |
Solve / Forensics | |||
Aircrack-Ng | Crack 802.11 WEP and WPA-PSK keys | ||
Audacity | Analyze sound files (mp3, m4a, whatever) | ||
Bkhive and Samdump2 | Dump SYSTEM and SAM files | ||
CFF Explorer | PE Editor | ||
Creddump | 243 | over 5 years ago | Dump windows credentials |
DVCS Ripper | 1,694 | 3 months ago | Rips web accessible (distributed) version control systems |
Exif Tool | Read, write and edit file metadata | ||
Extundelete | Used for recovering lost data from mountable images | ||
Fibratus | 2,205 | 9 days ago | Tool for exploration and tracing of the Windows kernel |
Foremost | Extract particular kind of files using headers | ||
Fsck.ext4 | Used to fix corrupt filesystems | ||
Malzilla | Malware hunting tool | ||
NetworkMiner | Network Forensic Analysis Tool | ||
PDF Streams Inflater | Find and extract zlib files compressed in PDF files | ||
Pngcheck | Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form | ||
ResourcesExtract | Extract various filetypes from exes | ||
Shellbags | 149 | over 1 year ago | Investigate NT_USER.dat files |
Snow | A Whitespace Steganography Tool | ||
USBRip | 1,154 | about 2 years ago | Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux |
Volatility | 7,219 | over 1 year ago | To investigate memory dumps |
Wireshark | Used to analyze pcap or pcapng files | ||
OfflineRegistryView | Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format | ||
Registry Viewer® | Used to view Windows registries | ||
Solve / Networking | |||
Masscan | 23,456 | 2 months ago | Mass IP port scanner, TCP port scanner |
Monit | A linux tool to check a host on the network (and other non-network activities) | ||
Nipe | 1,929 | about 1 month ago | Nipe is a script to make Tor Network your default gateway |
Nmap | An open source utility for network discovery and security auditing | ||
Wireshark | Analyze the network dumps | ||
Zeek | An open-source network security monitor | ||
Zmap | An open-source network scanner | ||
Solve / Reversing | |||
Androguard | 5,211 | 19 days ago | Reverse engineer Android applications |
Angr | 7,508 | 9 days ago | platform-agnostic binary analysis framework |
Apk2Gold | 663 | 7 months ago | Yet another Android decompiler |
ApkTool | Android Decompiler | ||
Barf | 1,408 | almost 5 years ago | Binary Analysis and Reverse engineering Framework |
Binary Ninja | Binary analysis framework | ||
BinUtils | Collection of binary tools | ||
BinWalk | 10,749 | 9 days ago | Analyze, reverse engineer, and extract firmware images |
Boomerang | 372 | almost 4 years ago | Decompile x86/SPARC/PowerPC/ST-20 binaries to C |
ctf_import | 109 | almost 8 years ago | – run basic functions from stripped binaries cross platform |
cwe_checker | 1,104 | about 2 months ago | cwe_checker finds vulnerable patterns in binary executables |
demovfuscator | 698 | 7 months ago | A work-in-progress deobfuscator for movfuscated binaries |
Frida | Dynamic Code Injection | ||
GDB | The GNU project debugger | ||
GEF | 6,875 | 11 days ago | GDB plugin |
Ghidra | Open Source suite of reverse engineering tools. Similar to IDA Pro | ||
Hopper | Reverse engineering tool (disassembler) for OSX and Linux | ||
IDA Pro | Most used Reversing software | ||
Jadx | 41,156 | 13 days ago | Decompile Android files |
Java Decompilers | An online decompiler for Java and Android APKs | ||
Krakatau | 1,974 | 6 months ago | Java decompiler and disassembler |
Objection | 7,413 | 29 days ago | Runtime Mobile Exploration |
PEDA | 5,861 | 3 months ago | GDB plugin (only python2.7) |
Pin | A dynamic binary instrumentaion tool by Intel | ||
PINCE | 2,068 | 11 days ago | GDB front-end/reverse engineering tool, focused on game-hacking and automation |
PinCTF | 488 | over 4 years ago | A tool which uses intel pin for Side Channel Analysis |
Plasma | 3,050 | about 3 years ago | An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax |
Pwndbg | 7,440 | 9 days ago | A GDB plugin that provides a suite of utilities to hack around GDB easily |
radare2 | 20,462 | 8 days ago | A portable reversing framework |
Triton | 3,493 | about 1 month ago | Dynamic Binary Analysis (DBA) framework |
Uncompyle | 423 | over 7 years ago | Decompile Python 2.7 binaries (.pyc) |
WinDbg | Windows debugger distributed by Microsoft | ||
Xocopy | Program that can copy executables with execute, but no read permission | ||
Z3 | 10,223 | 9 days ago | A theorem prover from Microsoft Research |
Detox | A Javascript malware analysis tool | ||
Revelo | Analyze obfuscated Javascript code | ||
RABCDAsm | 431 | over 1 year ago | Collection of utilities including an ActionScript 3 assembler/disassembler |
Swftools | Collection of utilities to work with SWF files | ||
Xxxswf | A Python script for analyzing Flash files | ||
Solve / Services | |||
CSWSH | Cross-Site WebSocket Hijacking Tester | ||
Request Bin | Lets you inspect http requests to a particular url | ||
Solve / Steganography | |||
AperiSolve | Aperi'Solve is a platform which performs layer analysis on image (open-source) | ||
Convert | Convert images b/w formats and apply filters | ||
Exif | Shows EXIF information in JPEG files | ||
Exiftool | Read and write meta information in files | ||
Exiv2 | Image metadata manipulation tool | ||
Image Steganography | Embeds text and files in images with optional encryption. Easy-to-use UI | ||
Image Steganography Online | This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images | ||
ImageMagick | Tool for manipulating images | ||
Outguess | Universal steganographic tool | ||
Pngtools | For various analysis related to PNGs | ||
SmartDeblur | 2,337 | over 5 years ago | Used to deblur and fix defocused images |
Steganabara | Tool for stegano analysis written in Java | ||
SteganographyOnline | Online steganography encoder and decoder | ||
Stegbreak | Launches brute-force dictionary attacks on JPG image | ||
StegCracker | 548 | almost 4 years ago | Steganography brute-force utility to uncover hidden data inside files |
stegextract | 110 | over 1 year ago | Detect hidden files and text in images |
Steghide | Hide data in various kind of images | ||
StegOnline | Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source) | ||
Stegsolve | Apply various steganography techniques to images | ||
Zsteg | 1,280 | 7 months ago | PNG/BMP analysis |
Solve / Web | |||
BurpSuite | A graphical tool to testing website security | ||
Commix | 4,531 | 9 days ago | Automated All-in-One OS Command Injection and Exploitation Tool |
Hackbar | Firefox addon for easy web exploitation | ||
OWASP ZAP | Intercepting proxy to replay, debug, and fuzz HTTP requests and responses | ||
Postman | Add on for chrome for debugging network requests | ||
Raccoon | 3,075 | 4 months ago | A high performance offensive security tool for reconnaissance and vulnerability scanning |
SQLMap | 32,113 | 17 days ago | Automatic SQL injection and database takeover tool |
W3af | 4,534 | over 1 year ago | Web Application Attack and Audit Framework |
XSSer | Automated XSS testor | ||
Resources / Operating Systems | |||
Android Tamer | Based on Debian | ||
BackBox | Based on Ubuntu | ||
BlackArch Linux | Based on Arch Linux | ||
Fedora Security Lab | Based on Fedora | ||
Kali Linux | Based on Debian | ||
Parrot Security OS | Based on Debian | ||
Pentoo | Based on Gentoo | ||
URIX OS | Based on openSUSE | ||
Wifislax | Based on Slackware | ||
Flare VM | 6,440 | 10 days ago | Based on Windows |
REMnux | Based on Debian | ||
Resources / Starter Packs | |||
CTF Tools | 8,418 | 11 months ago | Collection of setup scripts to install various security research tools |
LazyKali | 44 | about 8 years ago | A 2016 refresh of LazyKali which simplifies install of tools and configuration |
Resources / Tutorials | |||
CTF Field Guide | Field Guide by Trails of Bits | ||
CTF Resources | Start Guide maintained by community | ||
How to Get Started in CTF | Short guideline for CTF beginners by Endgame | ||
Intro. to CTF Course | A free course that teaches beginners the basics of forensics, crypto, and web-ex | ||
IppSec | Video tutorials and walkthroughs of popular CTF platforms | ||
LiveOverFlow | Video tutorials on Exploitation | ||
MIPT CTF | 271 | almost 3 years ago | A small course for beginners in CTFs (in Russian) |
Resources / Wargames | |||
Backdoor | Security Platform by SDSLabs | ||
Crackmes | Reverse Engineering Challenges | ||
CryptoHack | Fun cryptography challenges | ||
echoCTF.RED | Online CTF with a variety of targets to attack | ||
Exploit Exercises | Variety of VMs to learn variety of computer security issues | ||
Exploit.Education | Variety of VMs to learn variety of computer security issues | ||
Gracker | 9 | almost 13 years ago | Binary challenges having a slow learning curve, and write-ups for each level |
Hack The Box | Weekly CTFs for all types of security enthusiasts | ||
Hack This Site | Training ground for hackers | ||
Hacker101 | CTF from HackerOne | ||
Hacking-Lab | Ethical hacking, computer network and security challenge platform | ||
Hone Your Ninja Skills | Web challenges starting from basic ones | ||
IO | Wargame for binary challenges | ||
Microcorruption | Embedded security CTF | ||
Over The Wire | Wargame maintained by OvertheWire Community | ||
PentesterLab | Variety of VM and online challenges (paid) | ||
PicoCTF | All year round ctf game. Questions from the yearly picoCTF competition | ||
PWN Challenge | Binary Exploitation Wargame | ||
Pwnable.kr | Pwn Game | ||
Pwnable.tw | Binary wargame | ||
Pwnable.xyz | Binary Exploitation Wargame | ||
Reversin.kr | Reversing challenge | ||
Ringzer0Team | Ringzer0 Team Online CTF | ||
Root-Me | Hacking and Information Security learning platform | ||
ROP Wargames | 26 | about 7 years ago | ROP Wargames |
SANS HHC | Challenges with a holiday theme released annually and maintained by SANS | ||
SmashTheStack | A variety of wargames maintained by the SmashTheStack Community | ||
Viblo CTF | Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode | ||
VulnHub | VM-based for practical in digital security, computer application & network administration | ||
W3Challs | A penetration testing training platform, which offers various computer challenges, in various categories | ||
WebHacking | Hacking challenges for web | ||
Damn Vulnerable Web Application | PHP/MySQL web application that is damn vulnerable | ||
Juice Shop CTF | 404 | 4 months ago | Scripts and tools for hosting a CTF on easily |
Resources / Websites | |||
Awesome CTF Cheatsheet | 43 | 4 months ago | CTF Cheatsheet |
CTF Time | General information on CTF occuring around the worlds | ||
Reddit Security CTF | Reddit CTF category | ||
Resources / Wikis | |||
Bamboofox | Chinese resources to learn CTF | ||
bi0s Wiki | Wiki from team bi0s | ||
CTF Cheatsheet | CTF tips and tricks | ||
ISIS Lab | 384 | over 11 years ago | CTF Wiki by Isis lab |
OpenToAll | 135 | about 5 years ago | CTF tips by OTA CTF team members |
Resources / Writeups Collections | |||
0e85dc6eaf | 94 | over 4 years ago | Write-ups for CTF challenges by 0e85dc6eaf |
Captf | Dumped CTF challenges and materials by psifertex | ||
CTF write-ups (community) | CTF challenges + write-ups archive maintained by the community | ||
CTFTime Scrapper | 31 | over 7 years ago | Scraps all writeup from CTF Time and organize which to read first |
HackThisSite | 247 | over 3 years ago | CTF write-ups repo maintained by HackThisSite team |
Mzfr | 122 | about 2 years ago | CTF competition write-ups by mzfr |
pwntools writeups | 496 | about 8 years ago | A collection of CTF write-ups all using pwntools |
SababaSec | 19 | over 1 year ago | A collection of CTF write-ups by the SababaSec team |
Shell Storm | CTF challenge archive maintained by Jonathan Salwan | ||
Smoke Leet Everyday | 186 | about 7 years ago | CTF write-ups repo maintained by SmokeLeetEveryday team |
Backlinks from these awesome lists:
- sindresorhus/awesome
- hack-with-github/awesome-hacking
- enaqx/awesome-pentest
- jivoi/awesome-osint
- sbilly/awesome-security
- rshipp/awesome-malware-analysis
- jnv/lists
- decalage2/awesome-security-hardening
- cugu/awesome-forensics
- jaredthecoder/awesome-vehicle-security
- 0ex/more-awesome
- netanmangal/awesome-hacking
- hexsecs/awesome-embedded-security