Awesome CTF : Top Learning Resource Labs

• Metasploit

  117 32,973 10.0 Ruby

  Metasploit Framework

  

Metasploit - Penetration testing software.

• dnscat2

  5 3,273 0.0 PHP

Dnscat2 - Hosts communication through DNS.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• CTFd

  1 3,703 8.4 Python

  Discontinued CTFs as you need them [Moved to: https://github.com/CTFd/CTFd] (by isislab)

  

CTFd - Platform to host Jeopardy-style CTFs from ISISLab, NYU Tandon.

• qualcomm_android_monitor_mode

  18 269 1.9

  Qualcomm QCACLD WiFi monitor mode for Android

Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys. apt-get install aircrack-ng

• fbctf

  1 6,403 10.0 Hack

  Discontinued Platform to host Capture the Flag competitions [Moved to: https://github.com/facebookarchive/fbctf] (by facebook)

  

FBCTF - Platform to host Capture the Flag competitions from Facebook.

• Apktool

  64 19,055 9.1 Java

  A tool for reverse engineering Android apk files

ApkTool - Android Decompiler.

• haaukins

  1 178 3.2 Go

  A Highly Accessible and Automated Virtualization Platform for Security Education

  

Haaukins- A Highly Accessible and Automated Virtualization Platform for Security Education.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• hashcat

  103 20,067 8.8 C

  World's fastest and most advanced password recovery utility

  

Hashcat - Password Cracker

• hack-the-arch

  1 65 0.0 Ruby

  Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

  

HackTheArch - CTF scoring platform.

• CyberChef

  286 25,918 9.3 JavaScript

  The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

  

CyberChef - Web app for analyzing and decoding data.

• mellivora

  1 436 2.6 PHP

  Mellivora is a CTF engine written in PHP

Mellivora - A CTF engine written in PHP.

• NightShade

  1 117 10.0 JavaScript

  A simple capture the flag framework.

NightShade - A simple security CTF framework.

• librectf

  1 80 0.0 Python

  CTF in a box. Minimal setup required. (not production-ready yet)

  

OpenCTF - CTF in a box. Minimal setup required.

• picoCTF

  2 261 3.7 Python

  Discontinued The platform used to run picoCTF 2019.

  

PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.

• mkctf

  1 104 4.1 Python

  A CTF framework to create, build, deploy and monitor challenges

PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.

• RootTheBox

  3 879 6.8 Python

  A Game of Hackers (CTF Scoreboard & Game Manager)

RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).

• scorebot

  1 49 10.0 Python
  

Scorebot - Platform for CTFs by Legitbs (Defcon).

• SecGen

  7 2,582 8.8 Python

  Create randomly insecure VMs

SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.

• UglifyJS2

  14 12,958 0.0 JavaScript

  JavaScript parser / mangler / compressor / beautifier toolkit

Uglify

• bettercap

  28 15,783 0.6 Go

  The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

  

Bettercap - Framework to perform MITM (Man in the Middle) attacks.

• yersinia

  1 675 0.0 C

  A framework for layer 2 attacks

Yersinia - Attack various protocols on layer 2.

• featherduster

  1 1,058 0.0 Python

  An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

  

FeatherDuster - An automated, modular cryptanalysis tool.

• hash_extender

  2 1,046 0.0 C

Hash Extender - A utility tool for performing hash length extension attacks.

• padding-oracle-attacker

  1 191 0.0 TypeScript

  🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

padding-oracle-attacker - A CLI tool to execute padding oracle attacks.

• RsaCtfTool

  9 5,298 8.9 Python

  RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

  

RSACTFTool - A tool for recovering RSA private keys with various attacks.

• rsatool

  1 1,074 0.0 Python

  rsatool can be used to calculate RSA and RSA-CRT parameters

RSATool - Generate private key with knowledge of p and q.

• xortool

  2 1,335 1.4 Python

  A tool to analyze multi-byte xor cipher

XORTool - A tool to analyze multi-byte xor cipher.

• JohnTheRipper

  5 4,811 0.0 C

  Discontinued John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs [Moved to: https://github.com/openwall/john]

  

John The Jumbo - Community enhanced version of John the Ripper.

• nozzlr

  1 63 10.0 Python

  Nozzlr is a bruteforce framework, trully modular and script-friendly

Nozzlr - Nozzlr is a brute-force framework, truly modular and script-friendly.

• patator

  2 3,475 4.8 Python

  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Patator - Patator is a multi-purpose brute-forcer, with a modular design.

• dllinjector

  1 478 10.0 C++

  dll injection tool that implements various methods

  

DLLInjector - Inject DLLs in processes.

• libformatstr

  2 337 0.0 Python

  Simplify format string exploitation.

libformatstr - Simplify format string exploitation.

• one_gadget

  1 1,975 6.0 Ruby

  The best tool for finding one gadget RCE in libc.so.6

one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.

• pwntools

  8 11,544 9.1 Python

  CTF framework and exploit development library

  

Pwntools - CTF Framework for writing exploits.

• qira

  1 3,377 0.0 C

  Discontinued QEMU Interactive Runtime Analyser [Moved to: https://github.com/geohot/qira] (by BinaryAnalysisPlatform)

Qira - QEMU Interactive Runtime Analyser.

• ROPgadget

  2 3,740 4.6 Python

  This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.

ROP Gadget - Framework for ROP exploitation.

• v0lt

  1 353 10.0 Python

  Discontinued Security CTF Toolkit (Not maintained anymore)

V0lt - Security CTF Toolkit.

• creddump

  1 237 10.0 Python

  Automatically exported from code.google.com/p/creddump

Creddump - Dump windows credentials.

• dvcs-ripper

  1 1,650 0.0 Perl

  Rip web accessible (distributed) version control systems: SVN/GIT/HG...

DVCS Ripper - Rips web-accessible (distributed) version control systems.

• fibratus

  46 2,089 8.9 Go

  A modern tool for Windows kernel exploration and tracing with a focus on security

Fibratus - Tool for exploration and tracing of the Windows kernel.

• shellbags

  1 148 10.0 Python

  Cross-platform, open-source shellbag parser

Shellbags - Investigate NT_USER.dat files.

• usbrip

  2 1,026 1.8 Python

  Discontinued Tracking history of USB events on GNU/Linux

USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.

• volatility

  18 6,964 0.0 Python

  An advanced memory forensics framework

  

Volatility - To investigate memory dumps.

• masscan

  64 22,751 7.4 C

  TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Masscan - Mass IP port scanner, TCP port scanner.

• nipe

  2 1,159 3.2 Perl

  Discontinued An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)

Nipe - Nipe is a script to make Tor Network your default gateway.

• androguard

  1 4,974 8.6 Python

  Reverse engineering and pentesting for Android applications

  

Androguard - Reverse engineer Android applications.

• apk2gold

  1 658 0.0 Shell

  CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Apk2Gold - Yet another Android decompiler.

• barf-project

  1 1,391 10.0 Python

  BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

  

Barf - Binary Analysis and Reverse engineering Framework.

• binwalk

  1 7,847 6.9 Python

  Discontinued Firmware Analysis Tool [Moved to: https://github.com/ReFirmLabs/binwalk] (by devttys0)

  

BinWalk - Analyze, reverse engineer, and extracting firmware images.

• boomerang

  1 364 4.5 C++

  Boomerang Decompiler - Fighting the code-rot :)

  

Boomerang - Decompile x86 binaries to C.

• ctf_import

  1 107 10.0 C

  Run basic functions from stripped binaries cross platform

ctf_import – run basic functions from stripped binaries cross-platform.

• cwe_checker

  1 1,061 8.4 Rust

  cwe_checker finds vulnerable patterns in binary executables

  

cwe_checker - cwe_checker finds vulnerable patterns in binary executables.

• demovfuscator

  3 628 0.0 C++

  Discontinued A work-in-progress deobfuscator for movfuscated binaries [Moved to: https://github.com/leetonidas/demovfuscator]

demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.

• gef

  15 6,538 8.4 Python

  GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

GEF - GDB plugin.

• jadx

  41 39,513 9.2 Java

  Dex to Java decompiler

Jadx - Decompile Android files.

• Krakatau

  10 1,936 0.0 Rust

  Java decompiler, assembler, and disassembler

Krakatau - Java decompiler and disassembler.

• objection

  17 7,050 1.6 Python

  📱 objection - runtime mobile exploration

  

Objection - Runtime Mobile Exploration.

• peda

  7 5,760 0.0 Python

  PEDA - Python Exploit Development Assistance for GDB

PEDA - GDB plugin (only python2.7).

• PINCE

  13 1,936 9.3 Python

  Reverse engineering tool for linux games

PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.

• PinCTF

  1 483 10.0 Python

  Using Intel's PIN tool to solve CTF problems

PinCTF - A tool that uses intel pin for Side-Channel Analysis.

• plasma

  1 3,031 0.0 Python

  Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.

• pwndbg

  9 6,816 9.5 Python

  Exploit Development and Reverse Engineering with GDB Made Easy

  

Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.

• radare2

  1 15,238 9.9 C

  Discontinued UNIX-like reverse engineering framework and command-line toolset [Moved to: https://github.com/radareorg/radare2] (by radare)

  

radare2 - A portable reversing framework.

• Triton

  4 3,333 7.5 C++

  Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)

Triton - Dynamic Binary Analysis (DBA) framework.

• uncompyle

  1 404 10.0 Python

  Discontinued Python decompiler

Uncompyle - Decompile Python 2.7 binaries (.pyc).

• z3

  28 9,803 9.8 C++

  The Z3 Theorem Prover

  

Z3 - A theorem prover from Microsoft Research.

• RABCDAsm

  2 419 0.9 D

  Robust ABC (ActionScript Bytecode) [Dis-]Assembler

RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.

• SmartDeblur

  3 2,301 0.0 C++

  Restoration of defocused and blurred photos/images

SmartDeblur - Used to deblur and fix defocused images.

• StegCracker

  1 428 1.4 Python

  Discontinued Steganography brute-force utility to uncover hidden data inside files

StegCracker - Steganography brute-force utility to uncover hidden data inside files.

• stegextract

  2 107 0.9 Shell

  Detect hidden files and text in images

stegextract - Detect hidden files and text in images.

• zsteg

  4 1,189 0.0 Ruby

  detect stegano-hidden data in PNG & BMP

Zsteg - PNG/BMP analysis.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project