Your first time on this page? Allow me to give some explanations.
A curated list of CTF frameworks, libraries, resources and softwares
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you apsdehal & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
CTFs as you need them
The online echoCTF.RED platform user interfaces and codebase
Platform to host Capture the Flag competitions
A Highly Accessible and Automated Virtualization Platform for Security Education
Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!
Mellivora is a CTF engine written in PHP
A simple capture the flag framework.
CTF in a box. Minimal setup required. (not production-ready yet)
The platform used to run picoCTF 2019.
A CTF framework to create, build, deploy and monitor challenges
A Game of Hackers (CTF Scoreboard & Game Manager)
Create randomly insecure VMs
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
A framework for layer 2 attacks
An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
rsatool can be used to calculate RSA and RSA-CRT parameters
A tool to analyze multi-byte xor cipher
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Nozzlr is a bruteforce framework, trully modular and script-friendly
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
dll injection tool that implements various methods
Simplify format string exploitation.
The best tool for finding one gadget RCE in libc.so.6
CTF framework and exploit development library
QEMU Interactive Runtime Analyser
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
Security CTF Toolkit (Not maintained anymore)
Automatically exported from code.google.com/p/creddump
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
A modern tool for the Windows kernel exploration and tracing
Cross-platform, open-source shellbag parser
Tracking history of USB events on GNU/Linux
An advanced memory forensics framework
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
An engine to make Tor network your default gateway
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
A powerful and user-friendly binary analysis platform!
CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!
BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
Firmware Analysis Tool
Boomerang Decompiler - Fighting the code-rot :)
Run basic functions from stripped binaries cross platform
cwe_checker finds vulnerable patterns in binary executables
A work-in-progress deobfuscator for movfuscated binaries
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Dex to Java decompiler
Java decompiler, assembler, and disassembler
📱 objection - runtime mobile exploration
PEDA - Python Exploit Development Assistance for GDB
A reverse engineering tool that'll supply the place of Cheat Engine for linux
Using Intel's PIN tool to solve CTF problems
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Exploit Development and Reverse Engineering with GDB Made Easy
UNIX-like reverse engineering framework and command-line toolset
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
The Z3 Theorem Prover
Robust ABC (ActionScript Bytecode) [Dis-]Assembler
Restoration of defocused and blurred photos/images
Steganography brute-force utility to uncover hidden data inside files
Detect hidden files and text in images
detect stegano-hidden data in PNG & BMP
Automated All-in-One OS Command Injection Exploitation Tool.
A high performance offensive security tool for reconnaissance and vulnerability scanning
Automatic SQL injection and database takeover tool
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Some setup scripts for security research tools.
A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.
A small course on CTF (wargames) for beginners [in Russian]
ROP Wargame repository
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
A place to discuss potential projects for students of the ISIS Lab.
Useful tips by OTA CTF members
Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!
Things we learned from Capture The Flag hacking competitions we participated in.
Writeups of Capture The Flag Competitions
A colleciton of CTF write-ups all using pwntools
Capture The Flag competition challenge write-ups