ctf
🏴☠️ Tools, scripts and other stuff helpful in CTF challenges.
Articles/tutorials
Tools
- Katana - Automatic CTF Challenge Solver
- pyWhat - Identify anything
Recon
| Name |
Description |
Usage |
| Recon-ng |
Conduct open source web-based reconnaissance quickly and thoroughly |
Github |
| sherlock |
Find social media accounts by username |
Github |
| nmap |
Port scanning & network exploration |
Official Site |
| Gobuster |
Brute force directories and files names on servers |
Github |
| subfinder |
Subdomain discovery tool using passive online sources |
Github |
| git-dumper |
Dump .git repository from a website |
Github |
| PhoneInfoga |
Information gathering for phone numbers |
Github |
| Shodan |
Search engine that lets users search for various types of servers |
shodan.io |
Enumaration & privilege escalation
| Name |
Description |
Usage |
| Traitor |
Automatic Linux privesc via exploitation of low-hanging fruit |
Github |
| LinEnum |
Local Linux enumeration & privilege escalation checking |
Github |
| PEASS |
Privilege escalation tools for Windows and Linux/Unix |
Github |
Attacks
| Name |
Description |
Usage |
| bettercap |
WiFi, BLE, wireless HID, Ethernet toolset |
Documentation |
Exploits
Find software exploits on Exploit Database.
| Name |
Description |
Usage |
| pwntools |
CTF framework and exploit development library |
Documentation |
| GTFOBins |
List of Unix binaries that can be used to bypass local security restrictions in misconfigured systems |
gtfobins.github.io |
Reverse engineering
| Name |
Description |
Usage |
Notes |
| Ghidra |
Software reverse engineering suite of tools |
Official Site |
|
| strings |
Display printable strings in files |
sudo apt install binutils |
|
| hexdump |
Dump file contents as hexadecimal values |
Pre-installed |
hexdump -C shows hex and ASCII side-by-side |
| gdb |
GNU debugger |
sudo apt install gdb |
Plugins: pwndbg, GDB dashboard |
| ltrace |
Library call tracer |
sudo apt install ltrace |
|
| uncompyle6 |
Translate Python bytecode (.pyc) into Python code |
PyPI |
|
| dnSpy |
.NET and Unity debugger and assembly editor |
Github |
|
| AssetStudio |
Explore, extract and export Unity assets and assetbundes |
Github |
|
Shellcode
Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.
Random values
When the seed is not given for the rand method, the seed will always be starting on 1. Therefore rand will always give the same answer when the method in only called once in the program.
Not every OS/system has the same implementation of the rand function. Therefore you need to determine which random value will be generated on the server.
Web
| Name |
Description |
Usage |
| ZAP |
Web application security scanner |
Official Site |
| Nikto2 |
Web server scanner which performs comprehensive tests |
Github |
| WPScan |
WordPress vulnerability scanner |
Official Site |
| sqlmap |
Automatic SQL injection and database takeover tool |
Github |
Networking
| Name |
Description |
Usage |
| WireShark |
Examine packets in a network and in .pcap files |
Official Site |
| NetworkMiner |
Extract files, images and other useful data from .pcap files |
Official Site |
Mobile
Android
| Name |
Description |
Usage |
| Apktool |
Reverse engineer Android APK files |
Official Site |
| JADX |
Dex to Java decompiler |
Github |
| dex2jar |
Generate .jar file from .dex |
Github |
| Frida |
Reverse engineering toolkit for iOS and Android |
Official Site |
Passwords
Dictionary attacks
Programming Languages
PHP
Magic Hashes
Common vulnerability in PHP that fakes hash "collisions" where the == operator falls short in PHP type comparison, thinking everything that follows 0e is considered scientific notation (and therefore 0).
Esoteric Languages
| Name |
Description |
Usage |
| Try It Online |
Online interpreter that has tons of esoteric languages |
tio.run |
Piet
A graphical programming language in which programs look like abstract paintings. It uses 20 colors, of which 18 are related cyclically through a lightness cycle and a hue cycle.
Forensics
| Name |
Description |
Usage |
| binvis.io |
Visual analysis of binary files |
binvis.io |
| binwalk |
Analyzing, reverse engineering, and extracting firmware images |
Github |
| TestDisk |
Data recovery software, useful for .img or .dd files |
Official Site |
Steganography
| Name |
Description |
Usage |
| steghide |
Hide and extract data from image and audio files |
SourceForge |
| StegCracker |
Brute-force utility to uncover hidden data inside files |
Github |
| stegsolve.jar |
View through different renditions of an image |
Direct Download |
| OpenStego |
Hiding data and invisible file watermarking |
Official Site |
| Steganography Online |
Message decoding service for low-hanging-fruits |
Website |
| Forensically |
Set of free tools for digital image forensics |
Website |
Magic numbers
The starting values that identify a file format. These are often crucial for programs to properly read a certain file type, so they must be correct. If some files are acting strangely, try verifying their magic number with a trusted list of file signatures.
Cryptography
| Name |
Description |
Usage |
| Ciphey |
Decrypt keys and ciphers automatically, without knowing the cipher |
Github |
Caesar Cipher
Classic shift cipher. Below is a bash one-liner using caesar (from package bsdgames) to try all shift positions.
$ cipher='jeoi{geiwev_gmtliv_ws_svmkmrep}' ; for i in {0..25}; do echo $cipher | caesar $i; done
Vigenère Cipher
Vigenère cipher has several Caesar ciphers in sequence with different shift values.
Frequency analysis
Frequency analysis is a technique used to break classical ciphers. Frequency analysis is based on the fact that, in any given stretch of written language, certain letters and combinations of letters occur with varying frequencies.
Substitution cipher
Substitution cipher is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
RSA
| Name |
Description |
Usage |
| RsaCtfTool |
RSA multi attacks tool |
Github |
