21 days of CTF: lessons learned

• SecLists

  177 53,546 9.6 PHP

  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

choose your wordlists carefully, as rockyou.txt won't work everywhere magically*

• blackarch

  13 2,675 9.8 Shell

  An ArchLinux based distribution for penetration testers and security researchers.

  

Kali Linux is fantastic but there are alternatives like Black-Arch

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• PrivEsc

  1 935 10.0 C

  A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Use PrivEsc tools such as linpeas to quickly hack you way in

• PEASS-ng

  90 14,874 8.5 C#

  PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

  

Use PrivEsc tools such as linpeas to quickly hack you way in

• ghidra-scripts

  49 212 7.0 Java

  A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.

most CTFs can be achieved using only Gobuster, Nmap, and reverse shells, but others require more advanced approaches like reverse engineering with Ghidra

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Suggest a related project