rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
awesome-awesomeness/html/ctf.md2.html
rhetenor 652812eed0 update
2025-07-18 23:13:11 +02:00

698 lines
32 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<h1 id="awesome-ctf-build-status-awesome">Awesome CTF <a
href="https://travis-ci.org/apsdehal/awesome-ctf"><img
src="https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master"
alt="Build Status" /></a> <a
href="https://github.com/sindresorhus/awesome"><img
src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"
alt="Awesome" /></a></h1>
<p>A curated list of <a
href="https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security">Capture
The Flag</a> (CTF) frameworks, libraries, resources, softwares and
tutorials. This list aims to help starters as well as seasoned CTF
players to find everything related to CTFs at one place.</p>
<h3 id="contributing">Contributing</h3>
<p>Please take a quick look at the <a
href="https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md">contribution
guidelines</a> first.</p>
<h4
id="if-you-know-a-tool-that-isnt-present-here-feel-free-to-open-a-pull-request."><em>If
you know a tool that isnt present here, feel free to open a pull
request.</em></h4>
<h3 id="why">Why?</h3>
<p>It takes time to build up collection of tools used in CTF and
remember them all. This repo helps to keep all these scattered tools at
one place.</p>
<h3 id="contents">Contents</h3>
<ul>
<li><a href="#awesome-ctf">Awesome CTF</a>
<ul>
<li><a href="#create">Create</a>
<ul>
<li><a href="#forensics">Forensics</a></li>
<li><a href="#platforms">Platforms</a></li>
<li><a href="#steganography">Steganography</a></li>
<li><a href="#web">Web</a></li>
</ul></li>
<li><a href="#solve">Solve</a>
<ul>
<li><a href="#attacks">Attacks</a></li>
<li><a href="#bruteforcers">Bruteforcers</a></li>
<li><a href="#crypto">Cryptography</a></li>
<li><a href="#exploits">Exploits</a></li>
<li><a href="#forensics-1">Forensics</a></li>
<li><a href="#networking">Networking</a></li>
<li><a href="#reversing">Reversing</a></li>
<li><a href="#services">Services</a></li>
<li><a href="#steganography-1">Steganography</a></li>
<li><a href="#web-1">Web</a></li>
</ul></li>
</ul></li>
<li><a href="#resources">Resources</a>
<ul>
<li><a href="#operating-systems">Operating Systems</a></li>
<li><a href="#starter-packs">Starter Packs</a></li>
<li><a href="#tutorials">Tutorials</a></li>
<li><a href="#wargames">Wargames</a></li>
<li><a href="#websites">Websites</a></li>
<li><a href="#wikis">Wikis</a></li>
<li><a href="#writeups-collections">Writeups Collections</a></li>
</ul></li>
</ul>
<h1 id="create">Create</h1>
<p><em>Tools used for creating CTF challenges</em></p>
<ul>
<li><a
href="https://www.packtpub.com/eu/networking-and-servers/kali-linux-ctf-blueprints">Kali
Linux CTF Blueprints</a> - Online book on building, testing, and
customizing your own Capture the Flag challenges.</li>
</ul>
<h2 id="forensics">Forensics</h2>
<p><em>Tools used for creating Forensics challenges</em></p>
<ul>
<li><a href="https://github.com/iagox86/dnscat2">Dnscat2</a> - Hosts
communication through DNS.</li>
<li><a href="https://learn.duffandphelps.com/kape">Kroll Artifact Parser
and Extractor (KAPE)</a> - Triage program.</li>
<li><a href="https://www.magnetforensics.com/downloadaxiom">Magnet
AXIOM</a> - Artifact-centric DFIR tool.</li>
<li><a
href="http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html">Registry
Dumper</a> - Dump your registry.</li>
</ul>
<h2 id="platforms">Platforms</h2>
<p><em>Projects that can be used to host a CTF</em></p>
<ul>
<li><a href="https://github.com/isislab/CTFd">CTFd</a> - Platform to
host jeopardy style CTFs from ISISLab, NYU Tandon.</li>
<li><a href="https://github.com/echoCTF/echoCTF.RED">echoCTF.RED</a> -
Develop, deploy and maintain your own CTF infrastructure.</li>
<li><a href="https://github.com/facebook/fbctf">FBCTF</a> - Platform to
host Capture the Flag competitions from Facebook.</li>
<li><a
href="https://github.com/aau-network-security/haaukins">Haaukins</a>- A
Highly Accessible and Automated Virtualization Platform for Security
Education.</li>
<li><a
href="https://github.com/mcpa-stlouis/hack-the-arch">HackTheArch</a> -
CTF scoring platform.</li>
<li><a href="https://github.com/Nakiami/mellivora">Mellivora</a> - A CTF
engine written in PHP.</li>
<li><a
href="https://github.com/andreafioraldi/motherfucking-ctf">MotherFucking-CTF</a>
- Badass lightweight plaform to host CTFs. No JS involved.</li>
<li><a href="https://github.com/UnrealAkama/NightShade">NightShade</a> -
A simple security CTF framework.</li>
<li><a href="https://github.com/easyctf/openctf">OpenCTF</a> - CTF in a
box. Minimal setup required.</li>
<li><a href="https://github.com/picoCTF/picoCTF">PicoCTF</a> - The
platform used to run picoCTF. A great framework to host any CTF.</li>
<li><a
href="https://github.com/pdautry/py_chall_factory">PyChallFactory</a> -
Small framework to create/manage/package jeopardy CTF challenges.</li>
<li><a href="https://github.com/moloch--/RootTheBox">RootTheBox</a> - A
Game of Hackers (CTF Scoreboard &amp; Game Manager).</li>
<li><a href="https://github.com/legitbs/scorebot">Scorebot</a> -
Platform for CTFs by Legitbs (Defcon).</li>
<li><a href="https://github.com/cliffe/SecGen">SecGen</a> - Security
Scenario Generator. Creates randomly vulnerable virtual machines.</li>
</ul>
<h2 id="steganography">Steganography</h2>
<p><em>Tools used to create stego challenges</em></p>
<p>Check solve section for steganography.</p>
<h2 id="web">Web</h2>
<p><em>Tools used for creating Web challenges</em></p>
<p><em>JavaScript Obfustcators</em></p>
<ul>
<li><a
href="https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit">Metasploit
JavaScript Obfuscator</a></li>
<li><a href="https://github.com/mishoo/UglifyJS">Uglify</a></li>
</ul>
<h1 id="solve">Solve</h1>
<p><em>Tools used for solving CTF challenges</em></p>
<h2 id="attacks">Attacks</h2>
<p><em>Tools used for performing various kinds of attacks</em></p>
<ul>
<li><a href="https://github.com/bettercap/bettercap">Bettercap</a> -
Framework to perform MITM (Man in the Middle) attacks.</li>
<li><a href="https://github.com/tomac/yersinia">Yersinia</a> - Attack
various protocols on layer 2.</li>
</ul>
<h2 id="crypto">Crypto</h2>
<p><em>Tools used for solving Crypto challenges</em></p>
<ul>
<li><a href="https://gchq.github.io/CyberChef">CyberChef</a> - Web app
for analysing and decoding data.</li>
<li><a
href="https://github.com/nccgroup/featherduster">FeatherDuster</a> - An
automated, modular cryptanalysis tool.</li>
<li><a href="https://github.com/iagox86/hash_extender">Hash Extender</a>
- A utility tool for performing hash length extension attacks.</li>
<li><a
href="https://github.com/KishanBagaria/padding-oracle-attacker">padding-oracle-attacker</a>
- A CLI tool to execute padding oracle attacks.</li>
<li><a
href="https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html">PkCrack</a>
- A tool for Breaking PkZip-encryption.</li>
<li><a href="https://quipqiup.com">QuipQuip</a> - An online tool for
breaking substitution ciphers or vigenere ciphers (without key).</li>
<li><a href="https://github.com/Ganapati/RsaCtfTool">RSACTFTool</a> - A
tool for recovering RSA private key with various attack.</li>
<li><a href="https://github.com/ius/rsatool">RSATool</a> - Generate
private key with knowledge of p and q.</li>
<li><a href="https://github.com/hellman/xortool">XORTool</a> - A tool to
analyze multi-byte xor cipher.</li>
</ul>
<h2 id="bruteforcers">Bruteforcers</h2>
<p><em>Tools used for various kind of bruteforcing (passwords
etc.)</em></p>
<ul>
<li><a href="https://hashcat.net/hashcat/">Hashcat</a> - Password
Cracker</li>
<li><a href="https://tools.kali.org/password-attacks/hydra">Hydra</a> -
A parallelized login cracker which supports numerous protocols to
attack</li>
<li><a href="https://github.com/magnumripper/JohnTheRipper">John The
Jumbo</a> - Community enhanced version of John the Ripper.</li>
<li><a href="http://www.openwall.com/john/">John The Ripper</a> -
Password Cracker.</li>
<li><a href="https://github.com/intrd/nozzlr">Nozzlr</a> - Nozzlr is a
bruteforce framework, trully modular and script-friendly.</li>
<li><a href="http://ophcrack.sourceforge.net/">Ophcrack</a> - Windows
password cracker based on rainbow tables.</li>
<li><a href="https://github.com/lanjelot/patator">Patator</a> - Patator
is a multi-purpose brute-forcer, with a modular design.</li>
<li><a
href="https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack">Turbo
Intruder</a> - Burp Suite extension for sending large numbers of HTTP
requests</li>
</ul>
<h2 id="exploits">Exploits</h2>
<p><em>Tools used for solving Exploits challenges</em></p>
<ul>
<li><a
href="https://github.com/OpenSecurityResearch/dllinjector">DLLInjector</a>
- Inject dlls in processes.</li>
<li><a href="https://github.com/hellman/libformatstr">libformatstr</a> -
Simplify format string exploitation.</li>
<li><a href="http://www.metasploit.com/">Metasploit</a> - Penetration
testing software.
<ul>
<li><a
href="https://www.comparitech.com/net-admin/metasploit-cheat-sheet/">Cheatsheet</a></li>
</ul></li>
<li><a href="https://github.com/david942j/one_gadget">one_gadget</a> - A
tool to find the one gadget <code>execve('/bin/sh', NULL, NULL)</code>
call.
<ul>
<li><code>gem install one_gadget</code></li>
</ul></li>
<li><a href="https://github.com/Gallopsled/pwntools">Pwntools</a> - CTF
Framework for writing exploits.</li>
<li><a href="https://github.com/BinaryAnalysisPlatform/qira">Qira</a> -
QEMU Interactive Runtime Analyser.</li>
<li><a href="https://github.com/JonathanSalwan/ROPgadget">ROP Gadget</a>
- Framework for ROP exploitation.</li>
<li><a href="https://github.com/P1kachu/v0lt">V0lt</a> - Security CTF
Toolkit.</li>
</ul>
<h2 id="forensics-1">Forensics</h2>
<p><em>Tools used for solving Forensics challenges</em></p>
<ul>
<li><a href="http://www.aircrack-ng.org/">Aircrack-Ng</a> - Crack 802.11
WEP and WPA-PSK keys.
<ul>
<li><code>apt-get install aircrack-ng</code></li>
</ul></li>
<li><a href="http://sourceforge.net/projects/audacity/">Audacity</a> -
Analyze sound files (mp3, m4a, whatever).
<ul>
<li><code>apt-get install audacity</code></li>
</ul></li>
<li><a
href="http://sourceforge.net/projects/ophcrack/files/samdump2/">Bkhive
and Samdump2</a> - Dump SYSTEM and SAM files.
<ul>
<li><code>apt-get install samdump2 bkhive</code></li>
</ul></li>
<li><a href="http://www.ntcore.com/exsuite.php">CFF Explorer</a> - PE
Editor.</li>
<li><a href="https://github.com/moyix/creddump">Creddump</a> - Dump
windows credentials.</li>
<li><a href="https://github.com/kost/dvcs-ripper">DVCS Ripper</a> - Rips
web accessible (distributed) version control systems.</li>
<li><a href="http://www.sno.phy.queensu.ca/~phil/exiftool/">Exif
Tool</a> - Read, write and edit file metadata.</li>
<li><a href="http://extundelete.sourceforge.net/">Extundelete</a> - Used
for recovering lost data from mountable images.</li>
<li><a href="https://github.com/rabbitstack/fibratus">Fibratus</a> -
Tool for exploration and tracing of the Windows kernel.</li>
<li><a href="http://foremost.sourceforge.net/">Foremost</a> - Extract
particular kind of files using headers.
<ul>
<li><code>apt-get install foremost</code></li>
</ul></li>
<li><a href="http://linux.die.net/man/8/fsck.ext3">Fsck.ext4</a> - Used
to fix corrupt filesystems.</li>
<li><a href="http://malzilla.sourceforge.net/">Malzilla</a> - Malware
hunting tool.</li>
<li><a
href="http://www.netresec.com/?page=NetworkMiner">NetworkMiner</a> -
Network Forensic Analysis Tool.</li>
<li><a href="http://malzilla.sourceforge.net/downloads.html">PDF Streams
Inflater</a> - Find and extract zlib files compressed in PDF files.</li>
<li><a
href="http://www.libpng.org/pub/png/apps/pngcheck.html">Pngcheck</a> -
Verifies the integrity of PNG and dump all of the chunk-level
information in human-readable form.
<ul>
<li><code>apt-get install pngcheck</code></li>
</ul></li>
<li><a
href="http://www.nirsoft.net/utils/resources_extract.html">ResourcesExtract</a>
- Extract various filetypes from exes.</li>
<li><a href="https://github.com/williballenthin/shellbags">Shellbags</a>
- Investigate NT_USER.dat files.</li>
<li><a
href="https://sbmlabs.com/notes/snow_whitespace_steganography_tool">Snow</a>
- A Whitespace Steganography Tool.</li>
<li><a href="https://github.com/snovvcrash/usbrip">USBRip</a> - Simple
CLI forensics tool for tracking USB device artifacts (history of USB
events) on GNU/Linux.</li>
<li><a
href="https://github.com/volatilityfoundation/volatility">Volatility</a>
- To investigate memory dumps.</li>
<li><a href="https://www.wireshark.org">Wireshark</a> - Used to analyze
pcap or pcapng files</li>
</ul>
<p><em>Registry Viewers</em> - <a
href="https://www.nirsoft.net/utils/offline_registry_view.html">OfflineRegistryView</a>
- Simple tool for Windows that allows you to read offline Registry files
from external drive and view the desired Registry key in .reg file
format. - <a
href="https://accessdata.com/product-download/registry-viewer-2-0-0">Registry
Viewer®</a> - Used to view Windows registries.</p>
<h2 id="networking">Networking</h2>
<p><em>Tools used for solving Networking challenges</em></p>
<ul>
<li><a href="https://github.com/robertdavidgraham/masscan">Masscan</a> -
Mass IP port scanner, TCP port scanner.</li>
<li><a href="https://linoxide.com/monitoring-2/monit-linux/">Monit</a> -
A linux tool to check a host on the network (and other non-network
activities).</li>
<li><a href="https://github.com/GouveaHeitor/nipe">Nipe</a> - Nipe is a
script to make Tor Network your default gateway.</li>
<li><a href="https://nmap.org/">Nmap</a> - An open source utility for
network discovery and security auditing.</li>
<li><a href="https://www.wireshark.org/">Wireshark</a> - Analyze the
network dumps.
<ul>
<li><code>apt-get install wireshark</code></li>
</ul></li>
<li><a href="https://www.zeek.org">Zeek</a> - An open-source network
security monitor.</li>
<li><a href="https://zmap.io/">Zmap</a> - An open-source network
scanner.</li>
</ul>
<h2 id="reversing">Reversing</h2>
<p><em>Tools used for solving Reversing challenges</em></p>
<ul>
<li><a href="https://github.com/androguard/androguard">Androguard</a> -
Reverse engineer Android applications.</li>
<li><a href="https://github.com/angr/angr">Angr</a> - platform-agnostic
binary analysis framework.</li>
<li><a href="https://github.com/lxdvs/apk2gold">Apk2Gold</a> - Yet
another Android decompiler.</li>
<li><a href="http://ibotpeaches.github.io/Apktool/">ApkTool</a> -
Android Decompiler.</li>
<li><a href="https://github.com/programa-stic/barf-project">Barf</a> -
Binary Analysis and Reverse engineering Framework.</li>
<li><a href="https://binary.ninja/">Binary Ninja</a> - Binary analysis
framework.</li>
<li><a
href="http://www.gnu.org/software/binutils/binutils.html">BinUtils</a> -
Collection of binary tools.</li>
<li><a href="https://github.com/devttys0/binwalk">BinWalk</a> - Analyze,
reverse engineer, and extract firmware images.</li>
<li><a
href="https://github.com/BoomerangDecompiler/boomerang">Boomerang</a> -
Decompile x86/SPARC/PowerPC/ST-20 binaries to C.</li>
<li><a href="https://github.com/docileninja/ctf_import">ctf_import</a>
run basic functions from stripped binaries cross platform.</li>
<li><a href="https://github.com/fkie-cad/cwe_checker">cwe_checker</a> -
cwe_checker finds vulnerable patterns in binary executables.</li>
<li><a
href="https://github.com/kirschju/demovfuscator">demovfuscator</a> - A
work-in-progress deobfuscator for movfuscated binaries.</li>
<li><a href="https://github.com/frida/">Frida</a> - Dynamic Code
Injection.</li>
<li><a href="https://www.gnu.org/software/gdb/">GDB</a> - The GNU
project debugger.</li>
<li><a href="https://github.com/hugsy/gef">GEF</a> - GDB plugin.</li>
<li><a href="https://ghidra-sre.org/">Ghidra</a> - Open Source suite of
reverse engineering tools. Similar to IDA Pro.</li>
<li><a href="http://www.hopperapp.com/">Hopper</a> - Reverse engineering
tool (disassembler) for OSX and Linux.</li>
<li><a href="https://www.hex-rays.com/products/ida/">IDA Pro</a> - Most
used Reversing software.</li>
<li><a href="https://github.com/skylot/jadx">Jadx</a> - Decompile
Android files.</li>
<li><a href="http://www.javadecompilers.com">Java Decompilers</a> - An
online decompiler for Java and Android APKs.</li>
<li><a href="https://github.com/Storyyeller/Krakatau">Krakatau</a> -
Java decompiler and disassembler.</li>
<li><a href="https://github.com/sensepost/objection">Objection</a> -
Runtime Mobile Exploration.</li>
<li><a href="https://github.com/longld/peda">PEDA</a> - GDB plugin (only
python2.7).</li>
<li><a
href="https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool">Pin</a>
- A dynamic binary instrumentaion tool by Intel.</li>
<li><a href="https://github.com/korcankaraokcu/PINCE">PINCE</a> - GDB
front-end/reverse engineering tool, focused on game-hacking and
automation.</li>
<li><a href="https://github.com/ChrisTheCoolHut/PinCTF">PinCTF</a> - A
tool which uses intel pin for Side Channel Analysis.</li>
<li><a href="https://github.com/joelpx/plasma">Plasma</a> - An
interactive disassembler for x86/ARM/MIPS which can generate indented
pseudo-code with colored syntax.</li>
<li><a href="https://github.com/pwndbg/pwndbg">Pwndbg</a> - A GDB plugin
that provides a suite of utilities to hack around GDB easily.</li>
<li><a href="https://github.com/radare/radare2">radare2</a> - A portable
reversing framework.</li>
<li><a href="https://github.com/JonathanSalwan/Triton/">Triton</a> -
Dynamic Binary Analysis (DBA) framework.</li>
<li><a href="https://github.com/gstarnberger/uncompyle">Uncompyle</a> -
Decompile Python 2.7 binaries (.pyc).</li>
<li><a href="http://www.windbg.org/">WinDbg</a> - Windows debugger
distributed by Microsoft.</li>
<li><a href="http://reverse.lostrealm.com/tools/xocopy.html">Xocopy</a>
- Program that can copy executables with execute, but no read
permission.</li>
<li><a href="https://github.com/Z3Prover/z3">Z3</a> - A theorem prover
from Microsoft Research.</li>
</ul>
<p><em>JavaScript Deobfuscators</em></p>
<ul>
<li><a
href="http://relentless-coding.org/projects/jsdetox/install">Detox</a> -
A Javascript malware analysis tool.</li>
<li><a
href="http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html">Revelo</a>
- Analyze obfuscated Javascript code.</li>
</ul>
<p><em>SWF Analyzers</em> - <a
href="https://github.com/CyberShadow/RABCDAsm">RABCDAsm</a> - Collection
of utilities including an ActionScript 3 assembler/disassembler. - <a
href="http://www.swftools.org/">Swftools</a> - Collection of utilities
to work with SWF files. - <a
href="https://bitbucket.org/Alexander_Hanel/xxxswf">Xxxswf</a> - A
Python script for analyzing Flash files.</p>
<h2 id="services">Services</h2>
<p><em>Various kind of useful services available around the
internet</em></p>
<ul>
<li><a href="http://cow.cat/cswsh.html">CSWSH</a> - Cross-Site WebSocket
Hijacking Tester.</li>
<li><a href="https://requestbin.com/">Request Bin</a> - Lets you inspect
http requests to a particular url.</li>
</ul>
<h2 id="steganography-1">Steganography</h2>
<p><em>Tools used for solving Steganography challenges</em></p>
<ul>
<li><a href="https://aperisolve.fr/">AperiSolve</a> - AperiSolve is a
platform which performs layer analysis on image (open-source).</li>
<li><a href="http://www.imagemagick.org/script/convert.php">Convert</a>
- Convert images b/w formats and apply filters.</li>
<li><a
href="http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html">Exif</a>
- Shows EXIF information in JPEG files.</li>
<li><a href="https://linux.die.net/man/1/exiftool">Exiftool</a> - Read
and write meta information in files.</li>
<li><a href="http://www.exiv2.org/manpage.html">Exiv2</a> - Image
metadata manipulation tool.</li>
<li><a href="https://sourceforge.net/projects/image-steg/">Image
Steganography</a> - Embeds text and files in images with optional
encryption. Easy-to-use UI.</li>
<li><a href="https://incoherency.co.uk/image-steganography">Image
Steganography Online</a> - This is a client-side Javascript tool to
steganographically hide images inside the lower “bits” of other
images</li>
<li><a
href="http://www.imagemagick.org/script/index.php">ImageMagick</a> -
Tool for manipulating images.</li>
<li><a
href="https://www.freebsd.org/cgi/man.cgi?query=outguess+&amp;apropos=0&amp;sektion=0&amp;manpath=FreeBSD+Ports+5.1-RELEASE&amp;format=html">Outguess</a>
- Universal steganographic tool.</li>
<li><a href="https://packages.debian.org/sid/pngtools">Pngtools</a> -
For various analysis related to PNGs.
<ul>
<li><code>apt-get install pngtools</code></li>
</ul></li>
<li><a href="https://github.com/Y-Vladimir/SmartDeblur">SmartDeblur</a>
- Used to deblur and fix defocused images.</li>
<li><a href="https://www.openhub.net/p/steganabara">Steganabara</a> -
Tool for stegano analysis written in Java.</li>
<li><a
href="https://stylesuxx.github.io/steganography/">SteganographyOnline</a>
- Online steganography encoder and decoder.</li>
<li><a href="https://linux.die.net/man/1/stegbreak">Stegbreak</a> -
Launches brute-force dictionary attacks on JPG image.</li>
<li><a href="https://github.com/Paradoxis/StegCracker">StegCracker</a> -
Steganography brute-force utility to uncover hidden data inside
files.</li>
<li><a
href="https://github.com/evyatarmeged/stegextract">stegextract</a> -
Detect hidden files and text in images.</li>
<li><a href="http://steghide.sourceforge.net/">Steghide</a> - Hide data
in various kind of images.</li>
<li><a href="https://georgeom.net/StegOnline/upload">StegOnline</a> -
Conduct a wide range of image steganography operations, such as
concealing/revealing files hidden within bits (open-source).</li>
<li><a href="http://www.caesum.com/handbook/Stegsolve.jar">Stegsolve</a>
- Apply various steganography techniques to images.</li>
<li><a href="https://github.com/zed-0xff/zsteg/">Zsteg</a> - PNG/BMP
analysis.</li>
</ul>
<h2 id="web-1">Web</h2>
<p><em>Tools used for solving Web challenges</em></p>
<ul>
<li><a href="https://portswigger.net/burp">BurpSuite</a> - A graphical
tool to testing website security.</li>
<li><a href="https://github.com/commixproject/commix">Commix</a> -
Automated All-in-One OS Command Injection and Exploitation Tool.</li>
<li><a
href="https://addons.mozilla.org/en-US/firefox/addon/hackbartool/">Hackbar</a>
- Firefox addon for easy web exploitation.</li>
<li><a
href="https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project">OWASP
ZAP</a> - Intercepting proxy to replay, debug, and fuzz HTTP requests
and responses</li>
<li><a
href="https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en">Postman</a>
- Add on for chrome for debugging network requests.</li>
<li><a href="https://github.com/evyatarmeged/Raccoon">Raccoon</a> - A
high performance offensive security tool for reconnaissance and
vulnerability scanning.</li>
<li><a href="https://github.com/sqlmapproject/sqlmap">SQLMap</a> -
Automatic SQL injection and database takeover tool.
<code>pip install sqlmap</code></li>
<li><a href="https://github.com/andresriancho/w3af">W3af</a> - Web
Application Attack and Audit Framework.</li>
<li><a href="http://xsser.sourceforge.net/">XSSer</a> - Automated XSS
testor.</li>
</ul>
<h1 id="resources">Resources</h1>
<p><em>Where to discover about CTF</em></p>
<h2 id="operating-systems">Operating Systems</h2>
<p><em>Penetration testing and security lab Operating Systems</em></p>
<ul>
<li><a href="https://androidtamer.com/">Android Tamer</a> - Based on
Debian.</li>
<li><a href="https://backbox.org/">BackBox</a> - Based on Ubuntu.</li>
<li><a href="https://blackarch.org/">BlackArch Linux</a> - Based on Arch
Linux.</li>
<li><a href="https://labs.fedoraproject.org/security/">Fedora Security
Lab</a> - Based on Fedora.</li>
<li><a href="https://www.kali.org/">Kali Linux</a> - Based on
Debian.</li>
<li><a href="https://www.parrotsec.org/">Parrot Security OS</a> - Based
on Debian.</li>
<li><a href="http://www.pentoo.ch/">Pentoo</a> - Based on Gentoo.</li>
<li><a href="http://urix.us/">URIX OS</a> - Based on openSUSE.</li>
<li><a href="http://www.wifislax.com/">Wifislax</a> - Based on
Slackware.</li>
</ul>
<p><em>Malware analysts and reverse-engineering</em></p>
<ul>
<li><a href="https://github.com/fireeye/flare-vm/">Flare VM</a> - Based
on Windows.</li>
<li><a href="https://remnux.org/">REMnux</a> - Based on Debian.</li>
</ul>
<h2 id="starter-packs">Starter Packs</h2>
<p><em>Collections of installer scripts, useful tools</em></p>
<ul>
<li><a href="https://github.com/zardus/ctf-tools">CTF Tools</a> -
Collection of setup scripts to install various security research
tools.</li>
<li><a href="https://github.com/jlevitsk/lazykali">LazyKali</a> - A 2016
refresh of LazyKali which simplifies install of tools and
configuration.</li>
</ul>
<h2 id="tutorials">Tutorials</h2>
<p><em>Tutorials to learn how to play CTFs</em></p>
<ul>
<li><a href="https://trailofbits.github.io/ctf/">CTF Field Guide</a> -
Field Guide by Trails of Bits.</li>
<li><a href="http://ctfs.github.io/resources/">CTF Resources</a> - Start
Guide maintained by community.</li>
<li><a href="https://www.endgame.com/blog/how-get-started-ctf">How to
Get Started in CTF</a> - Short guideline for CTF beginners by
Endgame</li>
<li><a href="https://www.hoppersroppers.org/courseCTF.html">Intro. to
CTF Course</a> - A free course that teaches beginners the basics of
forensics, crypto, and web-ex.</li>
<li><a
href="https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA">IppSec</a>
- Video tutorials and walkthroughs of popular CTF platforms.</li>
<li><a
href="https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w">LiveOverFlow</a>
- Video tutorials on Exploitation.</li>
<li><a href="https://github.com/xairy/mipt-ctf">MIPT CTF</a> - A small
course for beginners in CTFs (in Russian).</li>
</ul>
<h2 id="wargames">Wargames</h2>
<p><em>Always online CTFs</em></p>
<ul>
<li><a href="https://backdoor.sdslabs.co/">Backdoor</a> - Security
Platform by SDSLabs.</li>
<li><a href="https://crackmes.one/">Crackmes</a> - Reverse Engineering
Challenges.</li>
<li><a href="https://cryptohack.org/">CryptoHack</a> - Fun cryptography
challenges.</li>
<li><a href="https://echoctf.red/">echoCTF.RED</a> - Online CTF with a
variety of targets to attack.</li>
<li><a href="https://exploit-exercises.lains.space/">Exploit
Exercises</a> - Variety of VMs to learn variety of computer security
issues.</li>
<li><a href="http://exploit.education">Exploit.Education</a> - Variety
of VMs to learn variety of computer security issues.</li>
<li><a href="https://github.com/Samuirai/gracker">Gracker</a> - Binary
challenges having a slow learning curve, and write-ups for each
level.</li>
<li><a href="https://www.hackthebox.eu">Hack The Box</a> - Weekly CTFs
for all types of security enthusiasts.</li>
<li><a href="https://www.hackthissite.org/">Hack This Site</a> -
Training ground for hackers.</li>
<li><a href="https://www.hacker101.com/">Hacker101</a> - CTF from
HackerOne</li>
<li><a href="https://hacking-lab.com/">Hacking-Lab</a> - Ethical
hacking, computer network and security challenge platform.</li>
<li><a href="https://honeyourskills.ninja/">Hone Your Ninja Skills</a> -
Web challenges starting from basic ones.</li>
<li><a href="http://io.netgarage.org/">IO</a> - Wargame for binary
challenges.</li>
<li><a href="https://microcorruption.com">Microcorruption</a> - Embedded
security CTF.</li>
<li><a href="http://overthewire.org/wargames/">Over The Wire</a> -
Wargame maintained by OvertheWire Community.</li>
<li><a href="https://pentesterlab.com/">PentesterLab</a> - Variety of VM
and online challenges (paid).</li>
<li><a href="https://2019game.picoctf.com">PicoCTF</a> - All year round
ctf game. Questions from the yearly picoCTF competition.</li>
<li><a href="http://pwn.eonew.cn/">PWN Challenge</a> - Binary
Exploitation Wargame.</li>
<li><a href="http://pwnable.kr/">Pwnable.kr</a> - Pwn Game.</li>
<li><a href="https://pwnable.tw/">Pwnable.tw</a> - Binary wargame.</li>
<li><a href="https://pwnable.xyz/">Pwnable.xyz</a> - Binary Exploitation
Wargame.</li>
<li><a href="http://reversing.kr/">Reversin.kr</a> - Reversing
challenge.</li>
<li><a href="https://ringzer0team.com/">Ringzer0Team</a> - Ringzer0 Team
Online CTF.</li>
<li><a href="https://www.root-me.org/">Root-Me</a> - Hacking and
Information Security learning platform.</li>
<li><a href="https://github.com/xelenonz/game">ROP Wargames</a> - ROP
Wargames.</li>
<li><a href="https://holidayhackchallenge.com/past-challenges/">SANS
HHC</a> - Challenges with a holiday theme released annually and
maintained by SANS.</li>
<li><a href="http://smashthestack.org/">SmashTheStack</a> - A variety of
wargames maintained by the SmashTheStack Community.</li>
<li><a href="https://ctf.viblo.asia">Viblo CTF</a> - Various amazing CTF
challenges, in many different categories. Has both Practice mode and
Contest mode.</li>
<li><a href="https://www.vulnhub.com/">VulnHub</a> - VM-based for
practical in digital security, computer application &amp; network
administration.</li>
<li><a href="https://w3challs.com">W3Challs</a> - A penetration testing
training platform, which offers various computer challenges, in various
categories.</li>
<li><a href="http://webhacking.kr">WebHacking</a> - Hacking challenges
for web.</li>
</ul>
<p><em>Self-hosted CTFs</em> - <a href="http://www.dvwa.co.uk/">Damn
Vulnerable Web Application</a> - PHP/MySQL web application that is damn
vulnerable. - <a
href="https://github.com/bkimminich/juice-shop-ctf">Juice Shop CTF</a> -
Scripts and tools for hosting a CTF on <a
href="https://www.owasp.org/index.php/OWASP_Juice_Shop_Project">OWASP
Juice Shop</a> easily.</p>
<h2 id="websites">Websites</h2>
<p><em>Various general websites about and on CTF</em></p>
<ul>
<li><a
href="https://github.com/uppusaikiran/awesome-ctf-cheatsheet#awesome-ctf-cheatsheet-">Awesome
CTF Cheatsheet</a> - CTF Cheatsheet.</li>
<li><a href="https://ctftime.org/">CTF Time</a> - General information on
CTF occuring around the worlds.</li>
<li><a href="http://www.reddit.com/r/securityctf">Reddit Security
CTF</a> - Reddit CTF category.</li>
</ul>
<h2 id="wikis">Wikis</h2>
<p><em>Various Wikis available for learning about CTFs</em></p>
<ul>
<li><a href="https://bamboofox.github.io/">Bamboofox</a> - Chinese
resources to learn CTF.</li>
<li><a href="https://teambi0s.gitlab.io/bi0s-wiki/">bi0s Wiki</a> - Wiki
from team bi0s.</li>
<li><a
href="https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/">CTF
Cheatsheet</a> - CTF tips and tricks.</li>
<li><a href="https://github.com/isislab/Project-Ideas/wiki">ISIS Lab</a>
- CTF Wiki by Isis lab.</li>
<li><a href="https://github.com/OpenToAllCTF/Tips">OpenToAll</a> - CTF
tips by OTA CTF team members.</li>
</ul>
<h2 id="writeups-collections">Writeups Collections</h2>
<p><em>Collections of CTF write-ups</em></p>
<ul>
<li><a href="https://github.com/0e85dc6eaf/CTF-Writeups">0e85dc6eaf</a>
- Write-ups for CTF challenges by 0e85dc6eaf</li>
<li><a href="http://captf.com/">Captf</a> - Dumped CTF challenges and
materials by psifertex.</li>
<li><a href="https://github.com/ctfs/">CTF write-ups (community)</a> -
CTF challenges + write-ups archive maintained by the community.</li>
<li><a href="https://github.com/abdilahrf/CTFWriteupScrapper">CTFTime
Scrapper</a> - Scraps all writeup from CTF Time and organize which to
read first.</li>
<li><a
href="https://github.com/HackThisSite/CTF-Writeups">HackThisSite</a> -
CTF write-ups repo maintained by HackThisSite team.</li>
<li><a href="https://github.com/mzfr/ctf-writeups/">Mzfr</a> - CTF
competition write-ups by mzfr</li>
<li><a href="https://github.com/Gallopsled/pwntools-write-ups">pwntools
writeups</a> - A collection of CTF write-ups all using pwntools.</li>
<li><a href="https://github.com/SababaSec/ctf-writeups">SababaSec</a> -
A collection of CTF write-ups by the SababaSec team</li>
<li><a href="http://shell-storm.org/repo/CTF/">Shell Storm</a> - CTF
challenge archive maintained by Jonathan Salwan.</li>
<li><a href="https://github.com/smokeleeteveryday/CTF_WRITEUPS">Smoke
Leet Everyday</a> - CTF write-ups repo maintained by SmokeLeetEveryday
team.</li>
</ul>
<h3 id="license">LICENSE</h3>
<p>CC0 :)</p>
<p><a href="https://github.com/apsdehal/awesome-ctf">ctf.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink