Awesome CTF : Top Learning Resource Labs

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/TutorialBoy

Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • Metasploit

    Metasploit Framework

    Metasploit - Penetration testing software.

  • dnscat2

    Dnscat2 - Hosts communication through DNS.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • CTFd

    CTFs as you need them [Moved to: https://github.com/CTFd/CTFd] (by isislab)

    CTFd - Platform to host Jeopardy-style CTFs from ISISLab, NYU Tandon.

  • qualcomm_android_monitor_mode

    Qualcomm QCACLD WiFi monitor mode for Android

    Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys. apt-get install aircrack-ng

  • fbctf

    Platform to host Capture the Flag competitions [Moved to: https://github.com/facebookarchive/fbctf] (by facebook)

    FBCTF - Platform to host Capture the Flag competitions from Facebook.

  • Apktool

    A tool for reverse engineering Android apk files

    ApkTool - Android Decompiler.

  • haaukins

    A Highly Accessible and Automated Virtualization Platform for Security Education

    Haaukins- A Highly Accessible and Automated Virtualization Platform for Security Education.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • hashcat

    World's fastest and most advanced password recovery utility

    Hashcat - Password Cracker

  • hack-the-arch

    Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

    HackTheArch - CTF scoring platform.

  • CyberChef

    The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

    CyberChef - Web app for analyzing and decoding data.

  • mellivora

    Mellivora is a CTF engine written in PHP

    Mellivora - A CTF engine written in PHP.

  • NightShade

    A simple capture the flag framework. (by UnrealAkama)

    NightShade - A simple security CTF framework.

  • librectf

    CTF in a box. Minimal setup required. (not production-ready yet)

    OpenCTF - CTF in a box. Minimal setup required.

  • picoCTF

    The platform used to run picoCTF 2019.

    PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.

  • mkctf

    A CTF framework to create, build, deploy and monitor challenges

    PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.

  • RootTheBox

    A Game of Hackers (CTF Scoreboard & Game Manager)

    RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).

  • scorebot

    Scorebot - Platform for CTFs by Legitbs (Defcon).

  • SecGen

    Create randomly insecure VMs

    SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.

  • UglifyJS2

    JavaScript parser / mangler / compressor / beautifier toolkit

    Uglify

  • bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    Bettercap - Framework to perform MITM (Man in the Middle) attacks.

  • yersinia

    A framework for layer 2 attacks

    Yersinia - Attack various protocols on layer 2.

  • featherduster

    An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

    FeatherDuster - An automated, modular cryptanalysis tool.

  • hash_extender

    Hash Extender - A utility tool for performing hash length extension attacks.

  • padding-oracle-attacker

    🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

    padding-oracle-attacker - A CLI tool to execute padding oracle attacks.

  • RsaCtfTool

    RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

    RSACTFTool - A tool for recovering RSA private keys with various attacks.

  • rsatool

    rsatool can be used to calculate RSA and RSA-CRT parameters

    RSATool - Generate private key with knowledge of p and q.

  • xortool

    A tool to analyze multi-byte xor cipher

    XORTool - A tool to analyze multi-byte xor cipher.

  • JohnTheRipper

    John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs [Moved to: https://github.com/openwall/john]

    John The Jumbo - Community enhanced version of John the Ripper.

  • nozzlr

    Nozzlr is a bruteforce framework, trully modular and script-friendly

    Nozzlr - Nozzlr is a brute-force framework, truly modular and script-friendly.

  • patator

    Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

    Patator - Patator is a multi-purpose brute-forcer, with a modular design.

  • dllinjector

    dll injection tool that implements various methods

    DLLInjector - Inject DLLs in processes.

  • libformatstr

    Simplify format string exploitation.

    libformatstr - Simplify format string exploitation.

  • one_gadget

    The best tool for finding one gadget RCE in libc.so.6

    one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.

  • pwntools

    CTF framework and exploit development library

    Pwntools - CTF Framework for writing exploits.

  • qira

    QEMU Interactive Runtime Analyser [Moved to: https://github.com/geohot/qira] (by BinaryAnalysisPlatform)

    Qira - QEMU Interactive Runtime Analyser.

  • ROPgadget

    This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

    ROP Gadget - Framework for ROP exploitation.

  • v0lt

    Security CTF Toolkit (Not maintained anymore)

    V0lt - Security CTF Toolkit.

  • creddump

    Automatically exported from code.google.com/p/creddump

    Creddump - Dump windows credentials.

  • dvcs-ripper

    Rip web accessible (distributed) version control systems: SVN/GIT/HG...

    DVCS Ripper - Rips web-accessible (distributed) version control systems.

  • fibratus

    A modern tool for the Windows kernel exploration and tracing

    Fibratus - Tool for exploration and tracing of the Windows kernel.

  • shellbags

    Cross-platform, open-source shellbag parser

    Shellbags - Investigate NT_USER.dat files.

  • usbrip

    Tracking history of USB events on GNU/Linux

    USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.

  • volatility

    An advanced memory forensics framework

    Volatility - To investigate memory dumps.

  • masscan

    TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

    Masscan - Mass IP port scanner, TCP port scanner.

  • nipe

    An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)

    Nipe - Nipe is a script to make Tor Network your default gateway.

  • androguard

    Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

    Androguard - Reverse engineer Android applications.

  • apk2gold

    CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

    Apk2Gold - Yet another Android decompiler.

  • barf-project

    BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

    Barf - Binary Analysis and Reverse engineering Framework.

  • binwalk

    Firmware Analysis Tool [Moved to: https://github.com/ReFirmLabs/binwalk] (by devttys0)

    BinWalk - Analyze, reverse engineer, and extracting firmware images.

  • boomerang

    Boomerang Decompiler - Fighting the code-rot :)

    Boomerang - Decompile x86 binaries to C.

  • ctf_import

    Run basic functions from stripped binaries cross platform

    ctf_import – run basic functions from stripped binaries cross-platform.

  • cwe_checker

    cwe_checker finds vulnerable patterns in binary executables

    cwe_checker - cwe_checker finds vulnerable patterns in binary executables.

  • demovfuscator

    A work-in-progress deobfuscator for movfuscated binaries

    demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.

  • gef

    GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers

    GEF - GDB plugin.

  • jadx

    Dex to Java decompiler

    Jadx - Decompile Android files.

  • Krakatau

    Java decompiler, assembler, and disassembler

    Krakatau - Java decompiler and disassembler.

  • objection

    📱 objection - runtime mobile exploration

    Objection - Runtime Mobile Exploration.

  • peda

    PEDA - Python Exploit Development Assistance for GDB

    PEDA - GDB plugin (only python2.7).

  • PINCE

    A reverse engineering tool that'll supply the place of Cheat Engine for linux

    PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.

  • PinCTF

    Using Intel's PIN tool to solve CTF problems

    PinCTF - A tool that uses intel pin for Side-Channel Analysis.

  • plasma

    Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

    Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.

  • pwndbg

    Exploit Development and Reverse Engineering with GDB Made Easy

    Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.

  • radare2

    UNIX-like reverse engineering framework and command-line toolset [Moved to: https://github.com/radareorg/radare2] (by radare)

    radare2 - A portable reversing framework.

  • Triton

    Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)

    Triton - Dynamic Binary Analysis (DBA) framework.

  • uncompyle

    Python decompiler

    Uncompyle - Decompile Python 2.7 binaries (.pyc).

  • z3

    The Z3 Theorem Prover

    Z3 - A theorem prover from Microsoft Research.

  • RABCDAsm

    Robust ABC (ActionScript Bytecode) [Dis-]Assembler

    RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.

  • SmartDeblur

    Restoration of defocused and blurred photos/images

    SmartDeblur - Used to deblur and fix defocused images.

  • StegCracker

    Steganography brute-force utility to uncover hidden data inside files

    StegCracker - Steganography brute-force utility to uncover hidden data inside files.

  • stegextract

    Detect hidden files and text in images

    stegextract - Detect hidden files and text in images.

  • zsteg

    detect stegano-hidden data in PNG & BMP

    Zsteg - PNG/BMP analysis.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts