awesome-ctf

A curated list of CTF frameworks, libraries, resources and softwares

GitHub

10k stars
284 watching
1k forks
Language: JavaScript
last commit: 3 months ago
Linked from 13 awesome lists

awesomectfpenetrationsecurity

Create

Kali Linux CTF Blueprints Online book on building, testing, and customizing your own Capture the Flag challenges

Create / Forensics

Dnscat2 3,428 7 months ago Hosts communication through DNS
Kroll Artifact Parser and Extractor (KAPE) Triage program
Magnet AXIOM Artifact-centric DFIR tool
Registry Dumper Dump your registry

Create / Platforms

CTFd 5,586 10 days ago Platform to host jeopardy style CTFs from ISISLab, NYU Tandon
echoCTF.RED 111 19 days ago Develop, deploy and maintain your own CTF infrastructure
FBCTF 6,523 10 months ago Platform to host Capture the Flag competitions from Facebook
Haaukins 184 about 2 months ago A Highly Accessible and Automated Virtualization Platform for Security Education
HackTheArch 67 over 1 year ago CTF scoring platform
Mellivora 441 10 months ago A CTF engine written in PHP
MotherFucking-CTF 48 over 5 years ago Badass lightweight plaform to host CTFs. No JS involved
NightShade 119 over 7 years ago A simple security CTF framework
OpenCTF 80 over 1 year ago CTF in a box. Minimal setup required
PicoCTF 287 5 months ago The platform used to run picoCTF. A great framework to host any CTF
PyChallFactory 106 12 days ago Small framework to create/manage/package jeopardy CTF challenges
RootTheBox 928 27 days ago A Game of Hackers (CTF Scoreboard & Game Manager)
Scorebot 50 about 7 years ago Platform for CTFs by Legitbs (Defcon)
SecGen 2,624 10 days ago Security Scenario Generator. Creates randomly vulnerable virtual machines

Create / Web

Metasploit JavaScript Obfuscator 33,868 10 days ago
Uglify 13,127 13 days ago

Solve / Attacks

Bettercap 16,457 15 days ago Framework to perform MITM (Man in the Middle) attacks
Yersinia 706 about 1 year ago Attack various protocols on layer 2

Solve / Crypto

CyberChef Web app for analysing and decoding data
FeatherDuster 1,084 almost 3 years ago An automated, modular cryptanalysis tool
Hash Extender 1,080 about 1 year ago A utility tool for performing hash length extension attacks
padding-oracle-attacker 199 over 1 year ago A CLI tool to execute padding oracle attacks
PkCrack A tool for Breaking PkZip-encryption
QuipQuip An online tool for breaking substitution ciphers or vigenere ciphers (without key)
RSACTFTool 5,548 12 days ago A tool for recovering RSA private key with various attack
RSATool 1,173 about 2 months ago Generate private key with knowledge of p and q
XORTool 1,382 over 1 year ago A tool to analyze multi-byte xor cipher

Solve / Bruteforcers

Hashcat Password Cracker
Hydra A parallelized login cracker which supports numerous protocols to attack
John The Jumbo 10,104 14 days ago Community enhanced version of John the Ripper
John The Ripper Password Cracker
Nozzlr 63 almost 2 years ago Nozzlr is a bruteforce framework, trully modular and script-friendly
Ophcrack Windows password cracker based on rainbow tables
Patator 3,547 9 months ago Patator is a multi-purpose brute-forcer, with a modular design
Turbo Intruder Burp Suite extension for sending large numbers of HTTP requests

Solve / Exploits

DLLInjector 485 almost 12 years ago Inject dlls in processes
libformatstr 338 almost 3 years ago Simplify format string exploitation
Metasploit Penetration testing software

Solve / Exploits / Metasploit

Cheatsheet

Solve / Exploits

one_gadget 2,042 9 days ago A tool to find the one gadget call
Pwntools 11,978 9 days ago CTF Framework for writing exploits
Qira 3,939 over 2 years ago QEMU Interactive Runtime Analyser
ROP Gadget 3,880 12 days ago Framework for ROP exploitation
V0lt 366 over 6 years ago Security CTF Toolkit

Solve / Forensics

Aircrack-Ng Crack 802.11 WEP and WPA-PSK keys
Audacity Analyze sound files (mp3, m4a, whatever)
Bkhive and Samdump2 Dump SYSTEM and SAM files
CFF Explorer PE Editor
Creddump 243 over 5 years ago Dump windows credentials
DVCS Ripper 1,694 3 months ago Rips web accessible (distributed) version control systems
Exif Tool Read, write and edit file metadata
Extundelete Used for recovering lost data from mountable images
Fibratus 2,205 9 days ago Tool for exploration and tracing of the Windows kernel
Foremost Extract particular kind of files using headers
Fsck.ext4 Used to fix corrupt filesystems
Malzilla Malware hunting tool
NetworkMiner Network Forensic Analysis Tool
PDF Streams Inflater Find and extract zlib files compressed in PDF files
Pngcheck Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form
ResourcesExtract Extract various filetypes from exes
Shellbags 149 over 1 year ago Investigate NT_USER.dat files
Snow A Whitespace Steganography Tool
USBRip 1,154 about 2 years ago Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux
Volatility 7,219 over 1 year ago To investigate memory dumps
Wireshark Used to analyze pcap or pcapng files
OfflineRegistryView Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format
Registry Viewer® Used to view Windows registries

Solve / Networking

Masscan 23,456 2 months ago Mass IP port scanner, TCP port scanner
Monit A linux tool to check a host on the network (and other non-network activities)
Nipe 1,929 about 1 month ago Nipe is a script to make Tor Network your default gateway
Nmap An open source utility for network discovery and security auditing
Wireshark Analyze the network dumps
Zeek An open-source network security monitor
Zmap An open-source network scanner

Solve / Reversing

Androguard 5,211 19 days ago Reverse engineer Android applications
Angr 7,508 9 days ago platform-agnostic binary analysis framework
Apk2Gold 663 7 months ago Yet another Android decompiler
ApkTool Android Decompiler
Barf 1,408 almost 5 years ago Binary Analysis and Reverse engineering Framework
Binary Ninja Binary analysis framework
BinUtils Collection of binary tools
BinWalk 10,749 9 days ago Analyze, reverse engineer, and extract firmware images
Boomerang 372 almost 4 years ago Decompile x86/SPARC/PowerPC/ST-20 binaries to C
ctf_import 109 almost 8 years ago – run basic functions from stripped binaries cross platform
cwe_checker 1,104 about 2 months ago cwe_checker finds vulnerable patterns in binary executables
demovfuscator 698 7 months ago A work-in-progress deobfuscator for movfuscated binaries
Frida Dynamic Code Injection
GDB The GNU project debugger
GEF 6,875 11 days ago GDB plugin
Ghidra Open Source suite of reverse engineering tools. Similar to IDA Pro
Hopper Reverse engineering tool (disassembler) for OSX and Linux
IDA Pro Most used Reversing software
Jadx 41,156 13 days ago Decompile Android files
Java Decompilers An online decompiler for Java and Android APKs
Krakatau 1,974 6 months ago Java decompiler and disassembler
Objection 7,413 29 days ago Runtime Mobile Exploration
PEDA 5,861 3 months ago GDB plugin (only python2.7)
Pin A dynamic binary instrumentaion tool by Intel
PINCE 2,068 11 days ago GDB front-end/reverse engineering tool, focused on game-hacking and automation
PinCTF 488 over 4 years ago A tool which uses intel pin for Side Channel Analysis
Plasma 3,050 about 3 years ago An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax
Pwndbg 7,440 9 days ago A GDB plugin that provides a suite of utilities to hack around GDB easily
radare2 20,462 8 days ago A portable reversing framework
Triton 3,493 about 1 month ago Dynamic Binary Analysis (DBA) framework
Uncompyle 423 over 7 years ago Decompile Python 2.7 binaries (.pyc)
WinDbg Windows debugger distributed by Microsoft
Xocopy Program that can copy executables with execute, but no read permission
Z3 10,223 9 days ago A theorem prover from Microsoft Research
Detox A Javascript malware analysis tool
Revelo Analyze obfuscated Javascript code
RABCDAsm 431 over 1 year ago Collection of utilities including an ActionScript 3 assembler/disassembler
Swftools Collection of utilities to work with SWF files
Xxxswf A Python script for analyzing Flash files

Solve / Services

CSWSH Cross-Site WebSocket Hijacking Tester
Request Bin Lets you inspect http requests to a particular url

Solve / Steganography

AperiSolve Aperi'Solve is a platform which performs layer analysis on image (open-source)
Convert Convert images b/w formats and apply filters
Exif Shows EXIF information in JPEG files
Exiftool Read and write meta information in files
Exiv2 Image metadata manipulation tool
Image Steganography Embeds text and files in images with optional encryption. Easy-to-use UI
Image Steganography Online This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
ImageMagick Tool for manipulating images
Outguess Universal steganographic tool
Pngtools For various analysis related to PNGs
SmartDeblur 2,337 over 5 years ago Used to deblur and fix defocused images
Steganabara Tool for stegano analysis written in Java
SteganographyOnline Online steganography encoder and decoder
Stegbreak Launches brute-force dictionary attacks on JPG image
StegCracker 548 almost 4 years ago Steganography brute-force utility to uncover hidden data inside files
stegextract 110 over 1 year ago Detect hidden files and text in images
Steghide Hide data in various kind of images
StegOnline Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source)
Stegsolve Apply various steganography techniques to images
Zsteg 1,280 7 months ago PNG/BMP analysis

Solve / Web

BurpSuite A graphical tool to testing website security
Commix 4,531 9 days ago Automated All-in-One OS Command Injection and Exploitation Tool
Hackbar Firefox addon for easy web exploitation
OWASP ZAP Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
Postman Add on for chrome for debugging network requests
Raccoon 3,075 4 months ago A high performance offensive security tool for reconnaissance and vulnerability scanning
SQLMap 32,113 17 days ago Automatic SQL injection and database takeover tool
W3af 4,534 over 1 year ago Web Application Attack and Audit Framework
XSSer Automated XSS testor

Resources / Operating Systems

Android Tamer Based on Debian
BackBox Based on Ubuntu
BlackArch Linux Based on Arch Linux
Fedora Security Lab Based on Fedora
Kali Linux Based on Debian
Parrot Security OS Based on Debian
Pentoo Based on Gentoo
URIX OS Based on openSUSE
Wifislax Based on Slackware
Flare VM 6,440 10 days ago Based on Windows
REMnux Based on Debian

Resources / Starter Packs

CTF Tools 8,418 11 months ago Collection of setup scripts to install various security research tools
LazyKali 44 about 8 years ago A 2016 refresh of LazyKali which simplifies install of tools and configuration

Resources / Tutorials

CTF Field Guide Field Guide by Trails of Bits
CTF Resources Start Guide maintained by community
How to Get Started in CTF Short guideline for CTF beginners by Endgame
Intro. to CTF Course A free course that teaches beginners the basics of forensics, crypto, and web-ex
IppSec Video tutorials and walkthroughs of popular CTF platforms
LiveOverFlow Video tutorials on Exploitation
MIPT CTF 271 almost 3 years ago A small course for beginners in CTFs (in Russian)

Resources / Wargames

Backdoor Security Platform by SDSLabs
Crackmes Reverse Engineering Challenges
CryptoHack Fun cryptography challenges
echoCTF.RED Online CTF with a variety of targets to attack
Exploit Exercises Variety of VMs to learn variety of computer security issues
Exploit.Education Variety of VMs to learn variety of computer security issues
Gracker 9 almost 13 years ago Binary challenges having a slow learning curve, and write-ups for each level
Hack The Box Weekly CTFs for all types of security enthusiasts
Hack This Site Training ground for hackers
Hacker101 CTF from HackerOne
Hacking-Lab Ethical hacking, computer network and security challenge platform
Hone Your Ninja Skills Web challenges starting from basic ones
IO Wargame for binary challenges
Microcorruption Embedded security CTF
Over The Wire Wargame maintained by OvertheWire Community
PentesterLab Variety of VM and online challenges (paid)
PicoCTF All year round ctf game. Questions from the yearly picoCTF competition
PWN Challenge Binary Exploitation Wargame
Pwnable.kr Pwn Game
Pwnable.tw Binary wargame
Pwnable.xyz Binary Exploitation Wargame
Reversin.kr Reversing challenge
Ringzer0Team Ringzer0 Team Online CTF
Root-Me Hacking and Information Security learning platform
ROP Wargames 26 about 7 years ago ROP Wargames
SANS HHC Challenges with a holiday theme released annually and maintained by SANS
SmashTheStack A variety of wargames maintained by the SmashTheStack Community
Viblo CTF Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode
VulnHub VM-based for practical in digital security, computer application & network administration
W3Challs A penetration testing training platform, which offers various computer challenges, in various categories
WebHacking Hacking challenges for web
Damn Vulnerable Web Application PHP/MySQL web application that is damn vulnerable
Juice Shop CTF 404 4 months ago Scripts and tools for hosting a CTF on easily

Resources / Websites

Awesome CTF Cheatsheet 43 4 months ago CTF Cheatsheet
CTF Time General information on CTF occuring around the worlds
Reddit Security CTF Reddit CTF category

Resources / Wikis

Bamboofox Chinese resources to learn CTF
bi0s Wiki Wiki from team bi0s
CTF Cheatsheet CTF tips and tricks
ISIS Lab 384 over 11 years ago CTF Wiki by Isis lab
OpenToAll 135 about 5 years ago CTF tips by OTA CTF team members

Resources / Writeups Collections

0e85dc6eaf 94 over 4 years ago Write-ups for CTF challenges by 0e85dc6eaf
Captf Dumped CTF challenges and materials by psifertex
CTF write-ups (community) CTF challenges + write-ups archive maintained by the community
CTFTime Scrapper 31 over 7 years ago Scraps all writeup from CTF Time and organize which to read first
HackThisSite 247 over 3 years ago CTF write-ups repo maintained by HackThisSite team
Mzfr 122 about 2 years ago CTF competition write-ups by mzfr
pwntools writeups 496 about 8 years ago A collection of CTF write-ups all using pwntools
SababaSec 19 over 1 year ago A collection of CTF write-ups by the SababaSec team
Shell Storm CTF challenge archive maintained by Jonathan Salwan
Smoke Leet Everyday 186 about 7 years ago CTF write-ups repo maintained by SmokeLeetEveryday team

Backlinks from these awesome lists: