Your first time on this page? Allow me to give some explanations.
A curated list of CTF frameworks, libraries, resources and softwares
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you apsdehal & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
CTFs as you need them
The online echoCTF.RED platform user interfaces and codebase
Platform to host Capture the Flag competitions
A Highly Accessible and Automated Virtualization Platform for Security Education
Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!
Mellivora is a CTF engine written in PHP
A simple capture the flag framework.
CTF in a box. Minimal setup required. (not production-ready yet)
The platform used to run picoCTF. A great framework to host any CTF.
A CTF framework to create, build, deploy and monitor challenges
A Game of Hackers (CTF Scoreboard & Game Manager)
Create randomly insecure VMs
The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
A framework for layer 2 attacks
An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
rsatool can be used to calculate RSA and RSA-CRT parameters
A tool to analyze multi-byte xor cipher
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Nozzlr is a bruteforce framework, trully modular and script-friendly
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
A parallelized login cracker which supports numerous protocols to attack
dll injection tool that implements various methods
Simplify format string exploitation.
The best tool for finding one gadget RCE in libc.so.6
CTF framework and exploit development library
QEMU Interactive Runtime Analyser
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
Security CTF Toolkit (Not maintained anymore)
Automatically exported from code.google.com/p/creddump
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
A modern tool for the Windows kernel exploration and tracing
Cross-platform, open-source shellbag parser
Tracking history of USB events on GNU/Linux
An advanced memory forensics framework
open source, cross-platform software for recording and editing sounds.
Used for recovering lost data from mountable images.
Find and extract zlib files compressed in PDF files.
Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.
Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
An engine to make Tor network your default gateway
A linux tool to check a host on the network (and other non-network activities).
A network protocol analyzer. ![Open-Source Software][oss icon] ![Freeware][freeware icon]
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
A powerful and user-friendly binary analysis platform!
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!
BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
Firmware Analysis Tool
Boomerang Decompiler - Fighting the code-rot :)
Run basic functions from stripped binaries cross platform
cwe_checker finds vulnerable patterns in binary executables
A work-in-progress deobfuscator for movfuscated binaries
GEF - GDB Enhanced Features for exploit devs & reversers
Dex to Java decompiler
Java decompiler, assembler, and disassembler
📱 objection - runtime mobile exploration
PEDA - Python Exploit Development Assistance for GDB
A reverse engineering tool that'll supply the place of Cheat Engine for linux
Using Intel's PIN tool to solve CTF problems
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Exploit Development and Reverse Engineering with GDB Made Easy
UNIX-like reverse engineering framework and command-line toolset
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
The Z3 Theorem Prover
Robust ABC (ActionScript Bytecode) [Dis-]Assembler
Program that can copy executables with execute, but no read permission.
Restoration of defocused and blurred photos/images
Steganography brute-force utility to uncover hidden data inside files
Detect hidden files and text in images
detect stegano-hidden data in PNG & BMP
Aperi'Solve is a platform which performs layer analysis on image (open-source).
Embeds text and files in images with optional encryption. Easy-to-use UI.
Online steganography encoder and decoder.
Launches brute-force dictionary attacks on JPG image.
Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
Automated All-in-One OS command injection and exploitation tool.
A high performance offensive security tool for reconnaissance and vulnerability scanning
Automatic SQL injection and database takeover tool
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
Add on for chrome for debugging network requests.
(Security/Forensics) - An Arch Linux-based distribution designed for penetration testers and security researchers.
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).
Some setup scripts for security research tools.
A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.
A small course on CTF (wargames) for beginners [in Russian]
Short guideline for CTF beginners by Endgame
A free course that teaches beginners the basics of forensics, crypto, and web-ex.
Video tutorials and walkthroughs of popular CTF platforms.
ROP Wargame repository
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
A platform with lots of interactive cryptography challenges, similar to Cryptopals.
Variety of VMs to learn variety of computer security issues.
Variety of VMs to learn variety of computer security issues.
Ethical hacking, computer network and security challenge platform.
All year round ctf game. Questions from the yearly picoCTF competition.
A variety of wargames maintained by the SmashTheStack Community.
Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
VM-based for practical in digital security, computer application & network administration.
A penetration testing training platform, which offers various computer challenges, in various categories.
A place to discuss potential projects for students of the ISIS Lab.
Useful tips by OTA CTF members
Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!
Things we learned from Capture The Flag hacking competitions we participated in.
Writeups of Capture The Flag Competitions
A colleciton of CTF write-ups all using pwntools
Capture The Flag competition challenge write-ups