User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome CTF

A curated list of CTF frameworks, libraries, resources and softwares

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Feb. 27, 2021, 9:06 p.m.

Thank you apsdehal & contributors
View Topic on GitHub:
apsdehal/awesome-ctf

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Create

Online book on building, testing, and customizing your own Capture the Flag challenges.

Forensics

Platforms

CTFs as you need them

3.19K
1.21K
10d
Apache-2.0

The online echoCTF.RED platform user interfaces and codebase

11
3
17d
BSD-2-Clause

Platform to host Capture the Flag competitions

6.35K
1.32K
2y 5m
n/a

A Highly Accessible and Automated Virtualization Platform for Security Education

109
18
19d
GPL-3.0

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

52
26
11m
MIT

Mellivora is a CTF engine written in PHP

363
168
119d
GPL-3.0

What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.

35
5
1y 9m
BSD-2-Clause

A simple capture the flag framework.

95
28
3y 9m
n/a

CTF in a box. Minimal setup required. (not production-ready yet)

78
13
94d
GPL-3.0

The platform used to run picoCTF. A great framework to host any CTF.

199
75
9d
MIT

A CTF framework to create, build, deploy and monitor challenges

66
14
106d
GPL-3.0

A Game of Hackers (CTF Scoreboard & Game Manager)

523
212
25d
Apache-2.0
45
11
3y 5m
n/a

Create randomly insecure VMs

2.04K
248
9d
GPL-3.0

Web

Metasploit Framework

23.2K
10.98K
4d
n/a

JavaScript parser / mangler / compressor / beautifier toolkit

11.28K
1.17K
9d
n/a

Attacks

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

8.55K
884
32d
GPL-3.0

A framework for layer 2 attacks

401
82
1y 10m
GPL-2.0

Crypto

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

873
126
1y 11m
BSD-3-Clause
650
105
11m
n/a

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

134
31
89d
MIT

RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

2.01K
447
18d
n/a

rsatool can be used to calculate RSA and RSA-CRT parameters

435
116
3y 9m
BSD-2-Clause

A tool to analyze multi-byte xor cipher

979
143
4m
n/a

Web app for analysing and decoding data.

A tool for Breaking PkZip-encryption.

An online tool for breaking substitution ciphers or vigenere ciphers (without key).

Bruteforcers

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

4.6K
1.19K
18d
n/a

Nozzlr is a bruteforce framework, trully modular and script-friendly

52
15
3y 83d
n/a

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

2.43K
657
30d
GPL-2.0

A parallelized login cracker which supports numerous protocols to attack

Windows password cracker based on rainbow tables.

Burp Suite extension for sending large numbers of HTTP requests

Exploits

dll injection tool that implements various methods

408
110
8y 54d
n/a

Simplify format string exploitation.

323
39
3y 7m
n/a

The best tool for finding one gadget RCE in libc.so.6

1.29K
111
12d
MIT

CTF framework and exploit development library

7.55K
1.36K
9d
n/a

QEMU Interactive Runtime Analyser

3.15K
411
81d
MIT

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

2.59K
493
38d
n/a

Security CTF Toolkit (Not maintained anymore)

340
108
3y 38d
n/a

Penetration testing software.

Forensics

Automatically exported from code.google.com/p/creddump

181
44
3y 7m
GPL-3.0

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

1.22K
268
6m
GPL-2.0

A modern tool for the Windows kernel exploration and tracing

1.1K
128
9d
n/a

Cross-platform, open-source shellbag parser

121
33
4y 48d
Apache-2.0

Tracking history of USB events on GNU/Linux

901
91
54d
GPL-3.0

An advanced memory forensics framework

4.3K
917
79d
GPL-2.0

Crack 802.11 WEP and WPA-PSK keys.

open source, cross-platform software for recording and editing sounds.

Read, write and edit file metadata.

Used for recovering lost data from mountable images.

Extract particular kind of files using headers.

Used to fix corrupt filesystems.

Find and extract zlib files compressed in PDF files.

Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.

A Whitespace Steganography Tool.

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.

Networking

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

14.97K
2.36K
20d
n/a

An engine to make Tor network your default gateway

1K
229
52d
n/a

A linux tool to check a host on the network (and other non-network activities).

An open source utility for network discovery and security auditing.

A network protocol analyzer. ![Open-Source Software][oss icon] ![Freeware][freeware icon]

An open-source network security monitor.

An open-source network scanner.

Reversing

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.41K
854
96d
Apache-2.0

A powerful and user-friendly binary analysis platform!

4.85K
793
9d
BSD-2-Clause

CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

583
102
6y 115d
n/a

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

1.27K
169
1y 97d
BSD-2-Clause

Firmware Analysis Tool

7.09K
1.08K
27d
MIT

Boomerang Decompiler - Fighting the code-rot :)

264
46
62d
n/a

Run basic functions from stripped binaries cross platform

98
4
4y 78d
n/a

cwe_checker finds vulnerable patterns in binary executables

361
47
11d
LGPL-3.0

A work-in-progress deobfuscator for movfuscated binaries

539
47
1y 11m
BSD-2-Clause

GEF - GDB Enhanced Features for exploit devs & reversers

3.46K
489
13d
MIT

Dex to Java decompiler

25.16K
3.07K
15d
Apache-2.0

Java decompiler, assembler, and disassembler

1.29K
153
8m
GPL-3.0

📱 objection - runtime mobile exploration

3.41K
477
11d
GPL-3.0

PEDA - Python Exploit Development Assistance for GDB

4.46K
729
56d
n/a

A reverse engineering tool that'll supply the place of Cheat Engine for linux

970
94
4m
n/a

Using Intel's PIN tool to solve CTF problems

389
49
10m
n/a

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

2.91K
302
1y 12m
GPL-3.0

Exploit Development and Reverse Engineering with GDB Made Easy

3.44K
513
39d
MIT

UNIX-like reverse engineering framework and command-line toolset

13.97K
2.41K
9d
LGPL-3.0

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.

1.64K
355
6m
Apache-2.0

Python decompiler

394
391
4y 5m
n/a

The Z3 Theorem Prover

6.16K
1.01K
9d
n/a

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

384
86
20d
GPL-3.0

Binary analysis framework.

Open Source suite of reverse engineering tools. Similar to IDA Pro.

Reverse engineering tool (disassembler) for OSX and Linux.

Most used Reversing software.

An online decompiler for Java and Android APKs.

Pin

A dynamic binary instrumentaion tool by Intel.

Windows debugger distributed by Microsoft.

Program that can copy executables with execute, but no read permission.

A Javascript malware analysis tool.

Analyze obfuscated Javascript code.

Collection of utilities to work with SWF files.

A Python script for analyzing Flash files.

Services

Steganography

Restoration of defocused and blurred photos/images

2.02K
339
2y 4m
n/a

Steganography brute-force utility to uncover hidden data inside files

389
93
65d
MIT

Detect hidden files and text in images

77
25
2y 9m
MIT

detect stegano-hidden data in PNG & BMP

609
78
6m
n/a

Aperi'Solve is a platform which performs layer analysis on image (open-source).

Convert images b/w formats and apply filters.

Shows EXIF information in JPEG files.

Read and write meta information in files.

Image metadata manipulation tool.

Embeds text and files in images with optional encryption. Easy-to-use UI.

This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images

For various analysis related to PNGs.

Tool for stegano analysis written in Java.

Online steganography encoder and decoder.

Launches brute-force dictionary attacks on JPG image.

Hide data in various kind of images.

Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).

Apply various steganography techniques to images.

Web

Automated All-in-One OS command injection and exploitation tool.

2.54K
591
9d
n/a

A high performance offensive security tool for reconnaissance and vulnerability scanning

2.01K
304
2y 97d
MIT

Automatic SQL injection and database takeover tool

19.42K
4.19K
7d
n/a

w3af: web application attack and audit framework, the open source web vulnerability scanner.

3.5K
1.05K
8m
n/a

A graphical tool to testing website security.

Firefox addon for easy web exploitation.

Intercepting proxy to replay, debug, and fuzz HTTP requests and responses

Add on for chrome for debugging network requests.

Automated XSS testor.

Operating Systems

2.21K
378
7m
Apache-2.0

Based on Ubuntu.

(Security/Forensics) - An Arch Linux-based distribution designed for penetration testers and security researchers.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).

Based on Gentoo.

Based on openSUSE.

Based on Slackware.

Based on Debian.

Starter Packs

Some setup scripts for security research tools.

5.44K
1.49K
9m
BSD-3-Clause

A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.

34
10
4y 5m
GPL-3.0

Tutorials

A small course on CTF (wargames) for beginners [in Russian]

219
60
1y 33d
n/a

Field Guide by Trails of Bits.

Start Guide maintained by community.

Short guideline for CTF beginners by Endgame

A free course that teaches beginners the basics of forensics, crypto, and web-ex.

Video tutorials and walkthroughs of popular CTF platforms.

Wargames

WebEngineering Project

4
0
9y 107d
n/a

ROP Wargame repository

13
28
3y 5m
n/a

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

231
61
56d
MIT

Security Platform by SDSLabs.

Reverse Engineering Challenges.

A platform with lots of interactive cryptography challenges, similar to Cryptopals.

Online CTF with a variety of targets to attack.

Variety of VMs to learn variety of computer security issues.

Variety of VMs to learn variety of computer security issues.

Weekly CTFs for all types of security enthusiasts.

Training ground for hackers.

Ethical hacking, computer network and security challenge platform.

Web challenges starting from basic ones.

IO

Wargame for binary challenges.

Wargame maintained by OvertheWire Community.

Variety of VM and online challenges (paid).

All year round ctf game. Questions from the yearly picoCTF competition.

Binary Exploitation Wargame.

Binary Exploitation Wargame.

Reversing challenge.

Ringzer0 Team Online CTF.

Hacking and Information Security learning platform.

A variety of wargames maintained by the SmashTheStack Community.

Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.

VM-based for practical in digital security, computer application & network administration.

A penetration testing training platform, which offers various computer challenges, in various categories.

Hacking challenges for web.

PHP/MySQL web application that is damn vulnerable.

Websites

CTF Cheatsheet

190
44
5m
CC0-1.0

General information on CTF occuring around the worlds.

Wikis

A place to discuss potential projects for students of the ISIS Lab.

362
78
7y 8m
n/a

Useful tips by OTA CTF members

104
16
1y 4m
n/a

Chinese resources to learn CTF.

Writeups Collections

Writeups/solutions

73
33
1y 4d
MIT

Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!

22
9
3y 10m
n/a

Things we learned from Capture The Flag hacking competitions we participated in.

154
45
9m
n/a

Writeups of Capture The Flag Competitions

97
27
1y 35d
n/a

A colleciton of CTF write-ups all using pwntools

410
109
4y 8m
MIT

Capture The Flag competition challenge write-ups

7
4
7m
n/a

CTF Writeups

179
44
3y 4m
n/a

Dumped CTF challenges and materials by psifertex.

CTF challenge archive maintained by Jonathan Salwan.