awesome-ctf
CTF toolkit
A curated collection of tools and resources for Capture The Flag (CTF) challenges and related security activities
A curated list of CTF frameworks, libraries, resources and softwares
10k stars
285 watching
1k forks
Language: JavaScript
last commit: over 1 year ago
Linked from 13 awesome lists
awesomectfpenetrationsecurity
Create | |||
| Kali Linux CTF Blueprints | Online book on building, testing, and customizing your own Capture the Flag challenges | ||
Create / Forensics | |||
| Dnscat2 | 3,468 | over 1 year ago | Hosts communication through DNS |
| Kroll Artifact Parser and Extractor (KAPE) | Triage program | ||
| Magnet AXIOM | Artifact-centric DFIR tool | ||
| Registry Dumper | Dump your registry | ||
Create / Platforms | |||
| CTFd | 5,756 | 11 months ago | Platform to host jeopardy style CTFs from ISISLab, NYU Tandon |
| echoCTF.RED | 115 | 11 months ago | Develop, deploy and maintain your own CTF infrastructure |
| FBCTF | 6,536 | almost 2 years ago | Platform to host Capture the Flag competitions from Facebook |
| Haaukins | 188 | about 1 year ago | A Highly Accessible and Automated Virtualization Platform for Security Education |
| HackTheArch | 67 | over 2 years ago | CTF scoring platform |
| Mellivora | 443 | almost 2 years ago | A CTF engine written in PHP |
| MotherFucking-CTF | 49 | over 6 years ago | Badass lightweight plaform to host CTFs. No JS involved |
| NightShade | 121 | over 8 years ago | A simple security CTF framework |
| OpenCTF | 81 | over 2 years ago | CTF in a box. Minimal setup required |
| PicoCTF | 288 | over 1 year ago | The platform used to run picoCTF. A great framework to host any CTF |
| PyChallFactory | 107 | about 1 year ago | Small framework to create/manage/package jeopardy CTF challenges |
| RootTheBox | 944 | 12 months ago | A Game of Hackers (CTF Scoreboard & Game Manager) |
| Scorebot | 50 | about 8 years ago | Platform for CTFs by Legitbs (Defcon) |
| SecGen | 2,646 | 11 months ago | Security Scenario Generator. Creates randomly vulnerable virtual machines |
Create / Web | |||
| Metasploit JavaScript Obfuscator | 34,393 | 11 months ago | |
| Uglify | 13,199 | 12 months ago | |
Solve / Attacks | |||
| Bettercap | 16,919 | 12 months ago | Framework to perform MITM (Man in the Middle) attacks |
| Yersinia | 732 | about 2 years ago | Attack various protocols on layer 2 |
Solve / Crypto | |||
| CyberChef | Web app for analysing and decoding data | ||
| FeatherDuster | 1,095 | almost 4 years ago | An automated, modular cryptanalysis tool |
| Hash Extender | 1,090 | over 2 years ago | A utility tool for performing hash length extension attacks |
| padding-oracle-attacker | 204 | almost 3 years ago | A CLI tool to execute padding oracle attacks |
| PkCrack | A tool for Breaking PkZip-encryption | ||
| QuipQuip | An online tool for breaking substitution ciphers or vigenere ciphers (without key) | ||
| RSACTFTool | 5,800 | 12 months ago | A tool for recovering RSA private key with various attack |
| RSATool | 1,232 | about 1 year ago | Generate private key with knowledge of p and q |
| XORTool | 1,402 | over 2 years ago | A tool to analyze multi-byte xor cipher |
Solve / Bruteforcers | |||
| Hashcat | Password Cracker | ||
| Hydra | A parallelized login cracker which supports numerous protocols to attack | ||
| John The Jumbo | 10,458 | 11 months ago | Community enhanced version of John the Ripper |
| John The Ripper | Password Cracker | ||
| Nozzlr | 62 | almost 3 years ago | Nozzlr is a bruteforce framework, trully modular and script-friendly |
| Ophcrack | Windows password cracker based on rainbow tables | ||
| Patator | 3,598 | about 1 year ago | Patator is a multi-purpose brute-forcer, with a modular design |
| Turbo Intruder | Burp Suite extension for sending large numbers of HTTP requests | ||
Solve / Exploits | |||
| DLLInjector | 490 | almost 13 years ago | Inject dlls in processes |
| libformatstr | 339 | about 4 years ago | Simplify format string exploitation |
| Metasploit | Penetration testing software | ||
Solve / Exploits / Metasploit | |||
| Cheatsheet | |||
Solve / Exploits | |||
| one_gadget | 2,089 | 11 months ago | A tool to find the one gadget call |
| Pwntools | 12,204 | 11 months ago | CTF Framework for writing exploits |
| Qira | 3,969 | over 3 years ago | QEMU Interactive Runtime Analyser |
| ROP Gadget | 3,975 | about 1 year ago | Framework for ROP exploitation |
| V0lt | 366 | almost 8 years ago | Security CTF Toolkit |
Solve / Forensics | |||
| Aircrack-Ng | Crack 802.11 WEP and WPA-PSK keys | ||
| Audacity | Analyze sound files (mp3, m4a, whatever) | ||
| Bkhive and Samdump2 | Dump SYSTEM and SAM files | ||
| CFF Explorer | PE Editor | ||
| Creddump | 245 | over 6 years ago | Dump windows credentials |
| DVCS Ripper | 1,712 | over 1 year ago | Rips web accessible (distributed) version control systems |
| Exif Tool | Read, write and edit file metadata | ||
| Extundelete | Used for recovering lost data from mountable images | ||
| Fibratus | 2,246 | 11 months ago | Tool for exploration and tracing of the Windows kernel |
| Foremost | Extract particular kind of files using headers | ||
| Fsck.ext4 | Used to fix corrupt filesystems | ||
| Malzilla | Malware hunting tool | ||
| NetworkMiner | Network Forensic Analysis Tool | ||
| PDF Streams Inflater | Find and extract zlib files compressed in PDF files | ||
| Pngcheck | Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form | ||
| ResourcesExtract | Extract various filetypes from exes | ||
| Shellbags | 151 | almost 3 years ago | Investigate NT_USER.dat files |
| Snow | A Whitespace Steganography Tool | ||
| USBRip | 1,154 | about 3 years ago | Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux |
| Volatility | 7,412 | over 2 years ago | To investigate memory dumps |
| Wireshark | Used to analyze pcap or pcapng files | ||
| OfflineRegistryView | Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format | ||
| Registry Viewer® | Used to view Windows registries | ||
Solve / Networking | |||
| Masscan | 23,823 | 11 months ago | Mass IP port scanner, TCP port scanner |
| Monit | A linux tool to check a host on the network (and other non-network activities) | ||
| Nipe | 1,970 | 11 months ago | Nipe is a script to make Tor Network your default gateway |
| Nmap | An open source utility for network discovery and security auditing | ||
| Wireshark | Analyze the network dumps | ||
| Zeek | An open-source network security monitor | ||
| Zmap | An open-source network scanner | ||
Solve / Reversing | |||
| Androguard | 5,324 | 12 months ago | Reverse engineer Android applications |
| Angr | 7,647 | 11 months ago | platform-agnostic binary analysis framework |
| Apk2Gold | 676 | over 1 year ago | Yet another Android decompiler |
| ApkTool | Android Decompiler | ||
| Barf | 1,413 | almost 6 years ago | Binary Analysis and Reverse engineering Framework |
| Binary Ninja | Binary analysis framework | ||
| BinUtils | Collection of binary tools | ||
| BinWalk | 11,530 | 11 months ago | Analyze, reverse engineer, and extract firmware images |
| Boomerang | 377 | almost 5 years ago | Decompile x86/SPARC/PowerPC/ST-20 binaries to C |
| ctf_import | 110 | almost 9 years ago | – run basic functions from stripped binaries cross platform |
| cwe_checker | 1,155 | 11 months ago | cwe_checker finds vulnerable patterns in binary executables |
| demovfuscator | 709 | over 1 year ago | A work-in-progress deobfuscator for movfuscated binaries |
| Frida | Dynamic Code Injection | ||
| GDB | The GNU project debugger | ||
| GEF | 7,088 | 11 months ago | GDB plugin |
| Ghidra | Open Source suite of reverse engineering tools. Similar to IDA Pro | ||
| Hopper | Reverse engineering tool (disassembler) for OSX and Linux | ||
| IDA Pro | Most used Reversing software | ||
| Jadx | 42,178 | 11 months ago | Decompile Android files |
| Java Decompilers | An online decompiler for Java and Android APKs | ||
| Krakatau | 2,003 | about 1 year ago | Java decompiler and disassembler |
| Objection | 7,624 | about 1 year ago | Runtime Mobile Exploration |
| PEDA | 5,911 | over 1 year ago | GDB plugin (only python2.7) |
| Pin | A dynamic binary instrumentaion tool by Intel | ||
| PINCE | 2,151 | about 1 year ago | GDB front-end/reverse engineering tool, focused on game-hacking and automation |
| PinCTF | 496 | over 5 years ago | A tool which uses intel pin for Side Channel Analysis |
| Plasma | 3,050 | about 4 years ago | An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax |
| Pwndbg | 7,760 | 11 months ago | A GDB plugin that provides a suite of utilities to hack around GDB easily |
| radare2 | 20,862 | 11 months ago | A portable reversing framework |
| Triton | 3,565 | 11 months ago | Dynamic Binary Analysis (DBA) framework |
| Uncompyle | 423 | over 8 years ago | Decompile Python 2.7 binaries (.pyc) |
| WinDbg | Windows debugger distributed by Microsoft | ||
| Xocopy | Program that can copy executables with execute, but no read permission | ||
| Z3 | 10,452 | 11 months ago | A theorem prover from Microsoft Research |
| Detox | A Javascript malware analysis tool | ||
| Revelo | Analyze obfuscated Javascript code | ||
| RABCDAsm | 431 | over 2 years ago | Collection of utilities including an ActionScript 3 assembler/disassembler |
| Swftools | Collection of utilities to work with SWF files | ||
| Xxxswf | A Python script for analyzing Flash files | ||
Solve / Services | |||
| CSWSH | Cross-Site WebSocket Hijacking Tester | ||
| Request Bin | Lets you inspect http requests to a particular url | ||
Solve / Steganography | |||
| AperiSolve | Aperi'Solve is a platform which performs layer analysis on image (open-source) | ||
| Convert | Convert images b/w formats and apply filters | ||
| Exif | Shows EXIF information in JPEG files | ||
| Exiftool | Read and write meta information in files | ||
| Exiv2 | Image metadata manipulation tool | ||
| Image Steganography | Embeds text and files in images with optional encryption. Easy-to-use UI | ||
| Image Steganography Online | This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images | ||
| ImageMagick | Tool for manipulating images | ||
| Outguess | Universal steganographic tool | ||
| Pngtools | For various analysis related to PNGs | ||
| SmartDeblur | 2,342 | over 6 years ago | Used to deblur and fix defocused images |
| Steganabara | Tool for stegano analysis written in Java | ||
| SteganographyOnline | Online steganography encoder and decoder | ||
| Stegbreak | Launches brute-force dictionary attacks on JPG image | ||
| StegCracker | 557 | almost 5 years ago | Steganography brute-force utility to uncover hidden data inside files |
| stegextract | 116 | over 2 years ago | Detect hidden files and text in images |
| Steghide | Hide data in various kind of images | ||
| StegOnline | Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source) | ||
| Stegsolve | Apply various steganography techniques to images | ||
| Zsteg | 1,333 | over 1 year ago | PNG/BMP analysis |
Solve / Web | |||
| BurpSuite | A graphical tool to testing website security | ||
| Commix | 4,647 | 11 months ago | Automated All-in-One OS Command Injection and Exploitation Tool |
| Hackbar | Firefox addon for easy web exploitation | ||
| OWASP ZAP | Intercepting proxy to replay, debug, and fuzz HTTP requests and responses | ||
| Postman | Add on for chrome for debugging network requests | ||
| Raccoon | 3,105 | over 1 year ago | A high performance offensive security tool for reconnaissance and vulnerability scanning |
| SQLMap | 32,841 | 11 months ago | Automatic SQL injection and database takeover tool |
| W3af | 4,613 | over 2 years ago | Web Application Attack and Audit Framework |
| XSSer | Automated XSS testor | ||
Resources / Operating Systems | |||
| Android Tamer | Based on Debian | ||
| BackBox | Based on Ubuntu | ||
| BlackArch Linux | Based on Arch Linux | ||
| Fedora Security Lab | Based on Fedora | ||
| Kali Linux | Based on Debian | ||
| Parrot Security OS | Based on Debian | ||
| Pentoo | Based on Gentoo | ||
| URIX OS | Based on openSUSE | ||
| Wifislax | Based on Slackware | ||
| Flare VM | 6,686 | 11 months ago | Based on Windows |
| REMnux | Based on Debian | ||
Resources / Starter Packs | |||
| CTF Tools | 8,580 | almost 2 years ago | Collection of setup scripts to install various security research tools |
| LazyKali | 47 | about 9 years ago | A 2016 refresh of LazyKali which simplifies install of tools and configuration |
Resources / Tutorials | |||
| CTF Field Guide | Field Guide by Trails of Bits | ||
| CTF Resources | Start Guide maintained by community | ||
| How to Get Started in CTF | Short guideline for CTF beginners by Endgame | ||
| Intro. to CTF Course | A free course that teaches beginners the basics of forensics, crypto, and web-ex | ||
| IppSec | Video tutorials and walkthroughs of popular CTF platforms | ||
| LiveOverFlow | Video tutorials on Exploitation | ||
| MIPT CTF | 271 | almost 4 years ago | A small course for beginners in CTFs (in Russian) |
Resources / Wargames | |||
| Backdoor | Security Platform by SDSLabs | ||
| Crackmes | Reverse Engineering Challenges | ||
| CryptoHack | Fun cryptography challenges | ||
| echoCTF.RED | Online CTF with a variety of targets to attack | ||
| Exploit Exercises | Variety of VMs to learn variety of computer security issues | ||
| Exploit.Education | Variety of VMs to learn variety of computer security issues | ||
| Gracker | 9 | almost 14 years ago | Binary challenges having a slow learning curve, and write-ups for each level |
| Hack The Box | Weekly CTFs for all types of security enthusiasts | ||
| Hack This Site | Training ground for hackers | ||
| Hacker101 | CTF from HackerOne | ||
| Hacking-Lab | Ethical hacking, computer network and security challenge platform | ||
| Hone Your Ninja Skills | Web challenges starting from basic ones | ||
| IO | Wargame for binary challenges | ||
| Microcorruption | Embedded security CTF | ||
| Over The Wire | Wargame maintained by OvertheWire Community | ||
| PentesterLab | Variety of VM and online challenges (paid) | ||
| PicoCTF | All year round ctf game. Questions from the yearly picoCTF competition | ||
| PWN Challenge | Binary Exploitation Wargame | ||
| Pwnable.kr | Pwn Game | ||
| Pwnable.tw | Binary wargame | ||
| Pwnable.xyz | Binary Exploitation Wargame | ||
| Reversin.kr | Reversing challenge | ||
| Ringzer0Team | Ringzer0 Team Online CTF | ||
| Root-Me | Hacking and Information Security learning platform | ||
| ROP Wargames | 26 | about 8 years ago | ROP Wargames |
| SANS HHC | Challenges with a holiday theme released annually and maintained by SANS | ||
| SmashTheStack | A variety of wargames maintained by the SmashTheStack Community | ||
| Viblo CTF | Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode | ||
| VulnHub | VM-based for practical in digital security, computer application & network administration | ||
| W3Challs | A penetration testing training platform, which offers various computer challenges, in various categories | ||
| WebHacking | Hacking challenges for web | ||
| Damn Vulnerable Web Application | PHP/MySQL web application that is damn vulnerable | ||
| Juice Shop CTF | 412 | about 1 year ago | Scripts and tools for hosting a CTF on easily |
Resources / Websites | |||
| Awesome CTF Cheatsheet | 54 | over 1 year ago | CTF Cheatsheet |
| CTF Time | General information on CTF occuring around the worlds | ||
| Reddit Security CTF | Reddit CTF category | ||
Resources / Wikis | |||
| Bamboofox | Chinese resources to learn CTF | ||
| bi0s Wiki | Wiki from team bi0s | ||
| CTF Cheatsheet | CTF tips and tricks | ||
| ISIS Lab | 385 | over 12 years ago | CTF Wiki by Isis lab |
| OpenToAll | 135 | about 6 years ago | CTF tips by OTA CTF team members |
Resources / Writeups Collections | |||
| 0e85dc6eaf | 95 | over 5 years ago | Write-ups for CTF challenges by 0e85dc6eaf |
| Captf | Dumped CTF challenges and materials by psifertex | ||
| CTF write-ups (community) | CTF challenges + write-ups archive maintained by the community | ||
| CTFTime Scrapper | 31 | over 8 years ago | Scraps all writeup from CTF Time and organize which to read first |
| HackThisSite | 247 | over 4 years ago | CTF write-ups repo maintained by HackThisSite team |
| Mzfr | 122 | over 3 years ago | CTF competition write-ups by mzfr |
| pwntools writeups | 507 | about 9 years ago | A collection of CTF write-ups all using pwntools |
| SababaSec | 19 | over 2 years ago | A collection of CTF write-ups by the SababaSec team |
| Shell Storm | CTF challenge archive maintained by Jonathan Salwan | ||
| Smoke Leet Everyday | 186 | about 8 years ago | CTF write-ups repo maintained by SmokeLeetEveryday team |
Backlinks from these awesome lists:
-
sindresorhus/awesome
-
hack-with-github/awesome-hacking
-
enaqx/awesome-pentest
-
jivoi/awesome-osint
-
sbilly/awesome-security
-
rshipp/awesome-malware-analysis
-
jnv/lists
-
decalage2/awesome-security-hardening
-
cugu/awesome-forensics
-
jaredthecoder/awesome-vehicle-security
-
0ex/more-awesome
-
hexsecs/awesome-embedded-security
-
netanmangal/awesome-hacking
ivicanikolicsg/maian
abkgroup/probe3.0
erocarrera/pefile
daanx/mimalloc-bench
hrishikesh7665/android-pentesting-checklist
arxsys/dff
m0bilesecurity/rms-runtime-mobile-security
yosyshq/oss-cad-suite-build
zhkl0228/unidbg