User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome CTF

A curated list of CTF frameworks, libraries, resources and softwares

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Dec. 3, 2020, 12:05 p.m.

Thank you apsdehal & contributors
View Topic on GitHub:
apsdehal/awesome-ctf

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Create

Online book on building, testing, and customizing your own Capture the Flag challenges.

Forensics

Platforms

CTFs as you need them

3.09K
1.16K
2d
Apache-2.0

The online echoCTF.RED platform user interfaces and codebase

8
3
4d
BSD-2-Clause

Platform to host Capture the Flag competitions

6.33K
1.32K
2y 81d
n/a

A Highly Accessible and Automated Virtualization Platform for Security Education

98
17
16d
GPL-3.0

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

52
25
8m
MIT

Mellivora is a CTF engine written in PHP

357
167
32d
GPL-3.0

What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.

33
5
1y 6m
BSD-2-Clause

A simple capture the flag framework.

94
28
3y 6m
n/a

CTF in a box. Minimal setup required. (not production-ready yet)

78
13
7d
GPL-3.0

The platform used to run picoCTF. A great framework to host any CTF.

181
73
24d
MIT

A CTF framework to create, build, deploy and monitor challenges

63
14
19d
GPL-3.0

A Game of Hackers (CTF Scoreboard & Game Manager)

502
211
26d
Apache-2.0
45
11
3y 72d
n/a

Create randomly insecure VMs

1.98K
245
13d
GPL-3.0

Web

Metasploit Framework

22.24K
10.69K
3d
n/a

JavaScript parser / mangler / compressor / beautifier toolkit

11.14K
1.16K
3d
n/a

Attacks

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

8.18K
841
50d
GPL-3.0

A framework for layer 2 attacks

381
78
1y 7m
GPL-2.0

Crypto

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

863
124
1y 8m
BSD-3-Clause

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

131
29
2d
MIT

RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

1.82K
430
2d
n/a

rsatool can be used to calculate RSA and RSA-CRT parameters

382
111
3y 7m
BSD-2-Clause

A tool to analyze multi-byte xor cipher

951
142
62d
n/a

Web app for analysing and decoding data.

A tool for Breaking PkZip-encryption.

An online tool for breaking substitution ciphers or vigenere ciphers (without key).

Bruteforcers

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

4.29K
1.1K
2d
n/a

Nozzlr is a bruteforce framework, trully modular and script-friendly

52
15
2y 12m
n/a

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

2.32K
636
4d
GPL-2.0

A parallelized login cracker which supports numerous protocols to attack

Windows password cracker based on rainbow tables.

Burp Suite extension for sending large numbers of HTTP requests

Exploits

dll injection tool that implements various methods

405
110
7y 11m
n/a

Simplify format string exploitation.

323
39
3y 4m
n/a

The best tool for finding one gadget RCE in libc.so.6

1.24K
109
26d
MIT

CTF framework and exploit development library

7.3K
1.32K
3d
n/a

QEMU Interactive Runtime Analyser

2.99K
398
8m
MIT

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

2.51K
491
4m
n/a

Security CTF Toolkit (Not maintained anymore)

335
107
2y 10m
n/a

Penetration testing software.

Forensics

Automatically exported from code.google.com/p/creddump

176
42
3y 4m
GPL-3.0

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

1.18K
265
108d
GPL-2.0

Tool for exploration and tracing of the Windows kernel

533
96
1d
n/a

Cross-platform, open-source shellbag parser

118
32
3y 10m
Apache-2.0

Tracking history of USB events on GNU/Linux

880
88
4m
GPL-3.0

An advanced memory forensics framework

4.13K
880
109d
GPL-2.0

Crack 802.11 WEP and WPA-PSK keys.

open source, cross-platform software for recording and editing sounds.

Read, write and edit file metadata.

Used for recovering lost data from mountable images.

Extract particular kind of files using headers.

Used to fix corrupt filesystems.

Find and extract zlib files compressed in PDF files.

Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.

A Whitespace Steganography Tool.

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.

Networking

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

14.38K
2.27K
1y 73d
n/a

An engine to make Tor network your default gateway

944
216
26d
n/a

A linux tool to check a host on the network (and other non-network activities).

An open source utility for network discovery and security auditing.

A network protocol analyzer. ![Open-Source Software][oss icon] ![Freeware][freeware icon]

An open-source network security monitor.

An open-source network scanner.

Reversing

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.29K
827
9d
Apache-2.0

A powerful and user-friendly binary analysis platform!

4.71K
783
5d
BSD-2-Clause

CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

578
101
6y 28d
n/a

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

1.25K
168
1y 10d
BSD-2-Clause

Firmware Analysis Tool

6.84K
1.04K
8d
MIT

Boomerang Decompiler - Fighting the code-rot :)

256
45
8m
n/a

Run basic functions from stripped binaries cross platform

97
4
3y 11m
n/a

cwe_checker finds vulnerable patterns in binary executables

286
47
3d
LGPL-3.0

A work-in-progress deobfuscator for movfuscated binaries

536
49
1y 8m
BSD-2-Clause

GEF - GDB Enhanced Features for exploit devs & reversers

3.28K
474
8d
MIT

Dex to Java decompiler

24.27K
2.95K
2d
Apache-2.0

Java decompiler, assembler, and disassembler

1.25K
148
5m
GPL-3.0

📱 objection - runtime mobile exploration

3.15K
451
63d
GPL-3.0

PEDA - Python Exploit Development Assistance for GDB

4.34K
710
10m
n/a

A reverse engineering tool that'll supply the place of Cheat Engine for linux

928
91
38d
n/a

Using Intel's PIN tool to solve CTF problems

383
49
7m
n/a

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

2.89K
302
1y 9m
GPL-3.0

Exploit Development and Reverse Engineering with GDB Made Easy

3.23K
491
20d
MIT

UNIX-like reverse engineering framework and command-line toolset

13.49K
2.35K
4d
LGPL-3.0

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.

1.64K
355
95d
Apache-2.0

Python decompiler

390
388
4y 64d
n/a

The Z3 Theorem Prover

5.94K
978
3d
n/a

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

375
84
1y 18d
GPL-3.0

Binary analysis framework.

Open Source suite of reverse engineering tools. Similar to IDA Pro.

Reverse engineering tool (disassembler) for OSX and Linux.

Most used Reversing software.

An online decompiler for Java and Android APKs.

Pin

A dynamic binary instrumentaion tool by Intel.

Windows debugger distributed by Microsoft.

Program that can copy executables with execute, but no read permission.

A Javascript malware analysis tool.

Analyze obfuscated Javascript code.

Collection of utilities to work with SWF files.

A Python script for analyzing Flash files.

Services

Steganography

Restoration of defocused and blurred photos/images

2K
337
2y 36d
n/a

Steganography brute-force utility to uncover hidden data inside files

373
90
89d
MIT

Detect hidden files and text in images

72
24
2y 6m
MIT

detect stegano-hidden data in PNG & BMP

609
78
117d
n/a

Aperi'Solve is a platform which performs layer analysis on image (open-source).

Convert images b/w formats and apply filters.

Shows EXIF information in JPEG files.

Read and write meta information in files.

Image metadata manipulation tool.

Embeds text and files in images with optional encryption. Easy-to-use UI.

This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images

For various analysis related to PNGs.

Tool for stegano analysis written in Java.

Online steganography encoder and decoder.

Launches brute-force dictionary attacks on JPG image.

Hide data in various kind of images.

Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).

Apply various steganography techniques to images.

Web

Automated All-in-One OS command injection and exploitation tool.

2.45K
572
6d
n/a

A high performance offensive security tool for reconnaissance and vulnerability scanning

1.94K
295
2y 10d
MIT

Automatic SQL injection and database takeover tool

18.79K
4.07K
1d
n/a

w3af: web application attack and audit framework, the open source web vulnerability scanner.

3.41K
1.04K
5m
n/a

A graphical tool to testing website security.

Firefox addon for easy web exploitation.

Intercepting proxy to replay, debug, and fuzz HTTP requests and responses

Add on for chrome for debugging network requests.

Automated XSS testor.

Operating Systems

2.21K
378
4m
Apache-2.0

Based on Ubuntu.

(Security/Forensics) - An Arch Linux-based distribution designed for penetration testers and security researchers.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).

Based on Gentoo.

Based on openSUSE.

Based on Slackware.

Based on Debian.

Starter Packs

Some setup scripts for security research tools.

5.27K
1.45K
6m
BSD-3-Clause

A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.

34
9
4y 91d
GPL-3.0

Tutorials

A small course on CTF (wargames) for beginners [in Russian]

217
58
10m
n/a

Field Guide by Trails of Bits.

Start Guide maintained by community.

Short guideline for CTF beginners by Endgame

A free course that teaches beginners the basics of forensics, crypto, and web-ex.

Video tutorials and walkthroughs of popular CTF platforms.

Wargames

WebEngineering Project

4
0
9y 20d
n/a

ROP Wargame repository

13
28
3y 84d
n/a

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

227
60
53d
MIT

Security Platform by SDSLabs.

Reverse Engineering Challenges.

A platform with lots of interactive cryptography challenges, similar to Cryptopals.

Online CTF with a variety of targets to attack.

Variety of VMs to learn variety of computer security issues.

Variety of VMs to learn variety of computer security issues.

Weekly CTFs for all types of security enthusiasts.

Training ground for hackers.

Ethical hacking, computer network and security challenge platform.

Web challenges starting from basic ones.

IO

Wargame for binary challenges.

Wargame maintained by OvertheWire Community.

Variety of VM and online challenges (paid).

All year round ctf game. Questions from the yearly picoCTF competition.

Binary Exploitation Wargame.

Binary Exploitation Wargame.

Reversing challenge.

Ringzer0 Team Online CTF.

Hacking and Information Security learning platform.

A variety of wargames maintained by the SmashTheStack Community.

Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.

VM-based for practical in digital security, computer application & network administration.

A penetration testing training platform, which offers various computer challenges, in various categories.

Hacking challenges for web.

PHP/MySQL web application that is damn vulnerable.

Websites

CTF Cheatsheet

156
39
90d
CC0-1.0

General information on CTF occuring around the worlds.

Wikis

A place to discuss potential projects for students of the ISIS Lab.

362
78
7y 5m
n/a

Useful tips by OTA CTF members

97
17
1y 60d
n/a

Chinese resources to learn CTF.

Writeups Collections

Writeups/solutions

71
32
9m
MIT

Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!

22
9
3y 7m
n/a

Things we learned from Capture The Flag hacking competitions we participated in.

144
45
6m
n/a

Writeups of Capture The Flag Competitions

97
27
10m
n/a

A colleciton of CTF write-ups all using pwntools

403
106
4y 5m
MIT

Capture The Flag competition challenge write-ups

7
4
4m
n/a

CTF Writeups

179
45
3y 57d
n/a

Dumped CTF challenges and materials by psifertex.

CTF challenge archive maintained by Jonathan Salwan.