Track Awesome Ctf Updates Daily
A curated list of CTF frameworks, libraries, resources and softwares
🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 apsdehal/awesome-ctf · ⭐ 7.4K · 🏷️ Security
May 18, 2020
Tutorials
- IppSec - Video tutorials and walkthroughs of popular CTF platforms.
Wargames
- Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
May 14, 2020
Platforms
- MotherFucking-CTF (⭐42) - Badass lightweight plaform to host CTFs. No JS involved.
Steganography
- StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
Tutorials
- Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
Websites
- Awesome CTF Cheatsheet - CTF Cheatsheet.
Apr 30, 2020
Platforms
- echoCTF.RED (⭐40) - Develop, deploy and maintain your own CTF infrastructure.
Bruteforcers
- Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests
Wargames
- CryptoHack - Fun cryptography challenges.
- echoCTF.RED - Online CTF with a variety of targets to attack.
- Hacker101 - CTF from HackerOne
Jan 18, 2020
Forensics
- Kroll Artifact Parser and Extractor (KAPE) - Triage program.
- Magnet AXIOM - Artifact-centric DFIR tool.
- Wireshark - Used to analyze pcap or pcapng files
Crypto
- QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
Networking
- Monit - A linux tool to check a host on the network (and other non-network activities).
Reversing
- Boomerang (⭐322) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
- Pwndbg (⭐5k) - A GDB plugin that provides a suite of utilities to hack around GDB easily.
Steganography
- SteganographyOnline - Online steganography encoder and decoder.
Web
- BurpSuite - A graphical tool to testing website security.
Wargames
- PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
Wikis
- CTF Cheatsheet - CTF tips and tricks.
Oct 15, 2019
Forensics
- Snow - A Whitespace Steganography Tool.
Oct 14, 2019
Wargames
- PentesterLab - Variety of VM and online challenges (paid).
- SANS HHC - Challenges with a holiday theme released annually and maintained by SANS.
Writeups Collections
- HackThisSite (⭐216) - CTF write-ups repo maintained by HackThisSite team.
Oct 11, 2019
Forensics
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
apt-get install pngcheck
Oct 10, 2019
Bruteforcers
- Hydra - A parallelized login cracker which supports numerous protocols to attack
Steganography
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
Writeups Collections
- 0e85dc6eaf (⭐83) - Write-ups for CTF challenges by 0e85dc6eaf
- Mzfr (⭐109) - CTF competition write-ups by mzfr
- SababaSec (⭐15) - A collection of CTF write-ups by the SababaSec team
Oct 09, 2019
Forensics
- Dnscat2 (⭐2.8k) - Hosts communication through DNS.
- Registry Dumper - Dump your registry.
- CFF Explorer - PE Editor.
- Creddump (⭐219) - Dump windows credentials.
- DVCS Ripper (⭐1.5k) - Rips web accessible (distributed) version control systems.
- Exif Tool - Read, write and edit file metadata.
- Extundelete - Used for recovering lost data from mountable images.
- Fibratus (⭐1.7k) - Tool for exploration and tracing of the Windows kernel.
- Fsck.ext4 - Used to fix corrupt filesystems.
- Malzilla - Malware hunting tool.
- NetworkMiner - Network Forensic Analysis Tool.
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
- ResourcesExtract - Extract various filetypes from exes.
- Shellbags (⭐139) - Investigate NT_USER.dat files.
- USBRip (⭐1.1k) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Volatility (⭐5.7k) - To investigate memory dumps.
- OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
- Registry Viewer® - Used to view Windows registries.
Platforms
- CTFd (⭐4.3k) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
- FBCTF (⭐6.5k) - Platform to host Capture the Flag competitions from Facebook.
- Haaukins (⭐146)- A Highly Accessible and Automated Virtualization Platform for Security Education.
- HackTheArch (⭐62) - CTF scoring platform.
- Mellivora (⭐405) - A CTF engine written in PHP.
- NightShade (⭐104) - A simple security CTF framework.
- OpenCTF (⭐78) - CTF in a box. Minimal setup required.
- PicoCTF (⭐265) - The platform used to run picoCTF. A great framework to host any CTF.
- PyChallFactory (⭐83) - Small framework to create/manage/package jeopardy CTF challenges.
- RootTheBox (⭐691) - A Game of Hackers (CTF Scoreboard & Game Manager).
- Scorebot (⭐46) - Platform for CTFs by Legitbs (Defcon).
- SecGen (⭐2.4k) - Security Scenario Generator. Creates randomly vulnerable virtual machines.
Web
- Hackbar - Firefox addon for easy web exploitation.
- Postman - Add on for chrome for debugging network requests.
- Raccoon (⭐2.6k) - A high performance offensive security tool for reconnaissance and vulnerability scanning.
- SQLMap (⭐25k) - Automatic SQL injection and database takeover tool.
pip install sqlmap
- XSSer - Automated XSS testor.
Attacks
- Yersinia (⭐548) - Attack various protocols on layer 2.
Crypto
- CyberChef - Web app for analysing and decoding data.
- FeatherDuster (⭐989) - An automated, modular cryptanalysis tool.
- Hash Extender (⭐888) - A utility tool for performing hash length extension attacks.
- padding-oracle-attacker (⭐154) - A CLI tool to execute padding oracle attacks.
- PkCrack - A tool for Breaking PkZip-encryption.
- RSACTFTool (⭐3.9k) - A tool for recovering RSA private key with various attack.
- RSATool (⭐851) - Generate private key with knowledge of p and q.
- XORTool (⭐1.2k) - A tool to analyze multi-byte xor cipher.
Bruteforcers
- John The Jumbo (⭐6.9k) - Community enhanced version of John the Ripper.
- John The Ripper - Password Cracker.
Exploits
- DLLInjector (⭐453) - Inject dlls in processes.
- Pwntools (⭐9.5k) - CTF Framework for writing exploits.
- Qira (⭐3.6k) - QEMU Interactive Runtime Analyser.
- ROP Gadget (⭐3.2k) - Framework for ROP exploitation.
- V0lt (⭐358) - Security CTF Toolkit.
Networking
- Zeek - An open-source network security monitor.
Reversing
- Androguard (⭐4.1k) - Reverse engineer Android applications.
- Angr (⭐6.2k) - platform-agnostic binary analysis framework.
- Apk2Gold (⭐616) - Yet another Android decompiler.
- ApkTool - Android Decompiler.
- Barf (⭐1.3k) - Binary Analysis and Reverse engineering Framework.
- Binary Ninja - Binary analysis framework.
- BinUtils - Collection of binary tools.
- ctf_import (⭐100) – run basic functions from stripped binaries cross platform.
- cwe_checker (⭐741) - cwe_checker finds vulnerable patterns in binary executables.
- demovfuscator (⭐597) - A work-in-progress deobfuscator for movfuscated binaries.
- Frida - Dynamic Code Injection.
- GDB - The GNU project debugger.
- GEF (⭐5.1k) - GDB plugin.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
- IDA Pro - Most used Reversing software.
- Jadx (⭐32k) - Decompile Android files.
- Java Decompilers - An online decompiler for Java and Android APKs.
- Krakatau (⭐1.6k) - Java decompiler and disassembler.
- Objection (⭐5.4k) - Runtime Mobile Exploration.
- PEDA (⭐5.2k) - GDB plugin (only python2.7).
- Pin - A dynamic binary instrumentaion tool by Intel.
- PINCE (⭐1.5k) - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
- PinCTF (⭐449) - A tool which uses intel pin for Side Channel Analysis.
- radare2 (⭐17k) - A portable reversing framework.
- Triton (⭐2.6k) - Dynamic Binary Analysis (DBA) framework.
- Uncompyle (⭐410) - Decompile Python 2.7 binaries (.pyc).
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Z3 (⭐8.1k) - A theorem prover from Microsoft Research.
- Detox - A Javascript malware analysis tool.
- Revelo - Analyze obfuscated Javascript code.
- Swftools - Collection of utilities to work with SWF files.
Services
- CSWSH - Cross-Site WebSocket Hijacking Tester.
- Request Bin - Lets you inspect http requests to a particular url.
Steganography
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- Convert - Convert images b/w formats and apply filters.
- Exif - Shows EXIF information in JPEG files.
- Exiftool - Read and write meta information in files.
- Exiv2 - Image metadata manipulation tool.
- ImageMagick - Tool for manipulating images.
- Outguess - Universal steganographic tool.
- SmartDeblur (⭐2.2k) - Used to deblur and fix defocused images.
- Steganabara - Tool for stegano analysis written in Java.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- StegCracker (⭐471) - Steganography brute-force utility to uncover hidden data inside files.
- stegextract (⭐98) - Detect hidden files and text in images.
- Steghide - Hide data in various kind of images.
- Stegsolve - Apply various steganography techniques to images.
- Zsteg (⭐940) - PNG/BMP analysis.
Operating Systems
- Android Tamer - Based on Debian.
- BackBox - Based on Ubuntu.
- BlackArch Linux - Based on Arch Linux.
- Fedora Security Lab - Based on Fedora.
- Kali Linux - Based on Debian.
- Parrot Security OS - Based on Debian.
- Pentoo - Based on Gentoo.
- URIX OS - Based on openSUSE.
- Wifislax - Based on Slackware.
- Flare VM (⭐4.1k) - Based on Windows.
- REMnux - Based on Debian.
Tutorials
- CTF Field Guide - Field Guide by Trails of Bits.
- CTF Resources - Start Guide maintained by community.
- LiveOverFlow - Video tutorials on Exploitation.
- MIPT CTF (⭐250) - A small course for beginners in CTFs (in Russian).
Wargames
- Crackmes - Reverse Engineering Challenges.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Exploit.Education - Variety of VMs to learn variety of computer security issues.
- Gracker (⭐4) - Binary challenges having a slow learning curve, and write-ups for each level.
- Microcorruption - Embedded security CTF.
- Over The Wire - Wargame maintained by OvertheWire Community.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Pwnable.xyz - Binary Exploitation Wargame.
- Reversin.kr - Reversing challenge.
- Ringzer0Team - Ringzer0 Team Online CTF.
- ROP Wargames (⭐20) - ROP Wargames.
- Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
Websites
- CTF Time - General information on CTF occuring around the worlds.
- Reddit Security CTF - Reddit CTF category.
Wikis
- Bamboofox - Chinese resources to learn CTF.
- bi0s Wiki - Wiki from team bi0s.
- ISIS Lab (⭐379) - CTF Wiki by Isis lab.
- OpenToAll (⭐122) - CTF tips by OTA CTF team members.
Writeups Collections
- Captf - Dumped CTF challenges and materials by psifertex.
- CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community.
- CTFTime Scrapper (⭐27) - Scraps all writeup from CTF Time and organize which to read first.
- pwntools writeups (⭐458) - A collection of CTF write-ups all using pwntools.
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
Sep 05, 2019
Exploits
- Metasploit - Penetration testing software.
Apr 15, 2019
Reversing
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
Oct 10, 2018
Web
Jun 23, 2018
Wargames
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
Jun 11, 2018
Wargames
- Hone Your Ninja Skills - Web challenges starting from basic ones.
Mar 11, 2018
Attacks
- Bettercap (⭐12k) - Framework to perform MITM (Man in the Middle) attacks.
Feb 09, 2018
Wargames
- Root-Me - Hacking and Information Security learning platform.
Dec 12, 2017
Networking
- Masscan (⭐20k) - Mass IP port scanner, TCP port scanner.
- Nmap - An open source utility for network discovery and security auditing.
- Zmap - An open-source network scanner.
Nov 14, 2017
Wargames
- W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
Oct 12, 2017
Wargames
- Hack The Box - Weekly CTFs for all types of security enthusiasts.
Jun 12, 2017
Exploits
- one_gadget (⭐1.7k) - A tool to find the one gadget
execve('/bin/sh', NULL, NULL)
call.gem install one_gadget
Mar 22, 2017
Bruteforcers
- Nozzlr (⭐61) - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Patator (⭐3k) - Patator is a multi-purpose brute-forcer, with a modular design.
Feb 15, 2017
Bruteforcers
- Hashcat - Password Cracker
Exploits
- libformatstr (⭐332) - Simplify format string exploitation.
Web
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
Feb 03, 2017
Wargames
- Juice Shop CTF (⭐317) - Scripts and tools for hosting a CTF on OWASP Juice Shop easily.
Dec 21, 2016
Networking
- Nipe (⭐1.5k) - Nipe is a script to make Tor Network your default gateway.
Dec 04, 2016
Reversing
- Plasma (⭐3k) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
Nov 17, 2016
Web
- Commix (⭐3.5k) - Automated All-in-One OS Command Injection and Exploitation Tool.
Oct 31, 2016
Starter Packs
- LazyKali (⭐41) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
Sep 29, 2016
Reversing
- Xxxswf - A Python script for analyzing Flash files.
Web
- W3af (⭐4k) - Web Application Attack and Audit Framework.
Sep 28, 2016
Networking
- Wireshark - Analyze the network dumps.
apt-get install wireshark
Jun 07, 2016
Wargames
- IO - Wargame for binary challenges.
May 13, 2016
Wargames
- WebHacking - Hacking challenges for web.
Oct 27, 2015
Wargames
- Backdoor - Security Platform by SDSLabs.
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
Sep 08, 2015
Starter Packs
- CTF Tools (⭐7k) - Collection of setup scripts to install various security research tools.
Jul 18, 2015
Reversing
- RABCDAsm (⭐402) - Collection of utilities including an ActionScript 3 assembler/disassembler.
Wargames
- VulnHub - VM-based for practical in digital security, computer application & network administration.
Jun 29, 2015
Tutorials
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
Apr 30, 2015
Forensics
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
apt-get install aircrack-ng
Apr 28, 2015
Writeups Collections
- Smoke Leet Everyday (⭐180) - CTF write-ups repo maintained by SmokeLeetEveryday team.
Apr 27, 2015
Wargames
- Hack This Site - Training ground for hackers.
Apr 26, 2015
Bruteforcers
- Ophcrack - Windows password cracker based on rainbow tables.
Forensics
- Audacity - Analyze sound files (mp3, m4a, whatever).
apt-get install audacity
- Bkhive and Samdump2 - Dump SYSTEM and SAM files.
apt-get install samdump2 bkhive
- Foremost - Extract particular kind of files using headers.
apt-get install foremost
Reversing
- BinWalk (⭐8.6k) - Analyze, reverse engineer, and extract firmware images.
Steganography
- Pngtools - For various analysis related to PNGs.
apt-get install pngtools