Cyber security

Awesome CTF – The Comprehensive Toolkit For Capture The Flag Challenges

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.

Contributing

Please take a quick look at the contribution guidelines first.

If you know a tool that isn’t present here, feel free to open a pull request.

Why?

It takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place.

Contents

  • Awesome CTF
    • Create
      • Forensics
      • Platforms
      • Steganography
      • Web
    • Solve
      • Attacks
      • Bruteforcers
      • Cryptography
      • Exploits
      • Forensics
      • Networking
      • Reversing
      • Services
      • Steganography
      • Web
  • Resources
    • Operating Systems
    • Starter Packs
    • Tutorials
    • Wargames
    • Websites
    • Wikis
    • Writeups Collections

Create

Tools used for creating CTF challenges

Forensics

Tools used for creating Forensics challenges

Platforms

Projects that can be used to host a CTF

  • CTFd – Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
  • echoCTF.RED – Develop, deploy and maintain your own CTF infrastructure.
  • FBCTF – Platform to host Capture the Flag competitions from Facebook.
  • Haaukins– A Highly Accessible and Automated Virtualization Platform for Security Education.
  • HackTheArch – CTF scoring platform.
  • Mellivora – A CTF engine written in PHP.
  • MotherFucking-CTF – Badass lightweight plaform to host CTFs. No JS involved.
  • NightShade – A simple security CTF framework.
  • OpenCTF – CTF in a box. Minimal setup required.
  • PicoCTF – The platform used to run picoCTF. A great framework to host any CTF.
  • PyChallFactory – Small framework to create/manage/package jeopardy CTF challenges.
  • RootTheBox – A Game of Hackers (CTF Scoreboard & Game Manager).
  • Scorebot – Platform for CTFs by Legitbs (Defcon).
  • SecGen – Security Scenario Generator. Creates randomly vulnerable virtual machines.

Steganography

Tools used to create stego challenges

Check solve section for steganography.

Web

Tools used for creating Web challenges

JavaScript Obfustcators

Solve

Tools used for solving CTF challenges

Attacks

Tools used for performing various kinds of attacks

  • Bettercap – Framework to perform MITM (Man in the Middle) attacks.
  • Yersinia – Attack various protocols on layer 2.

Crypto

Tools used for solving Crypto challenges

  • CyberChef – Web app for analysing and decoding data.
  • FeatherDuster – An automated, modular cryptanalysis tool.
  • Hash Extender – A utility tool for performing hash length extension attacks.
  • padding-oracle-attacker – A CLI tool to execute padding oracle attacks.
  • PkCrack – A tool for Breaking PkZip-encryption.
  • QuipQuip – An online tool for breaking substitution ciphers or vigenere ciphers (without key).
  • RSACTFTool – A tool for recovering RSA private key with various attack.
  • RSATool – Generate private key with knowledge of p and q.
  • XORTool – A tool to analyze multi-byte xor cipher.

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

  • Hashcat – Password Cracker
  • Hydra – A parallelized login cracker which supports numerous protocols to attack
  • John The Jumbo – Community enhanced version of John the Ripper.
  • John The Ripper – Password Cracker.
  • Nozzlr – Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack – Windows password cracker based on rainbow tables.
  • Patator – Patator is a multi-purpose brute-forcer, with a modular design.
  • Turbo Intruder – Burp Suite extension for sending large numbers of HTTP requests
Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

19 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

19 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago