User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome CTF

A curated list of CTF frameworks, libraries, resources and softwares

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Aug. 7, 2022, 10:05 p.m.

Thank you apsdehal & contributors
View Topic on GitHub:
apsdehal/awesome-ctf

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Create

Forensics

Platforms

CTFs as you need them

3.69K
1.38K
9m
Apache-2.0

The online echoCTF.RED platform user interfaces and codebase

20
10
9m
BSD-2-Clause

Platform to host Capture the Flag competitions

6.4K
1.35K
2y 8m
n/a

A Highly Accessible and Automated Virtualization Platform for Security Education

126
29
9m
GPL-3.0

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

55
24
10m
MIT

Mellivora is a CTF engine written in PHP

382
173
10m
GPL-3.0

What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.

39
6
3y 72d
BSD-2-Clause

A simple capture the flag framework.

100
29
5y 73d
n/a

CTF in a box. Minimal setup required. (not production-ready yet)

78
14
10m
GPL-3.0

The platform used to run picoCTF 2019.

245
88
10m
MIT

A CTF framework to create, build, deploy and monitor challenges

75
14
1y 48d
GPL-3.0

A Game of Hackers (CTF Scoreboard & Game Manager)

597
234
9m
Apache-2.0
46
12
4y 10m
n/a

Create randomly insecure VMs

2.19K
272
9m
GPL-3.0

Web

Metasploit Framework

26.36K
11.96K
5m
n/a

JavaScript parser / mangler / compressor / beautifier toolkit

11.76K
1.21K
9m
n/a

Attacks

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

10.55K
1.08K
9m
GPL-3.0

A framework for layer 2 attacks

459
88
1y 5m
GPL-2.0

Crypto

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

925
134
11m
BSD-3-Clause
769
134
1y 7m
n/a

๐Ÿ”“ CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

148
32
12m
MIT

RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

3.02K
604
9m
n/a

rsatool can be used to calculate RSA and RSA-CRT parameters

645
157
1y 113d
BSD-2-Clause

A tool to analyze multi-byte xor cipher

1.07K
156
1y 76d
n/a

Bruteforcers

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

5.51K
1.46K
9m
n/a

Nozzlr is a bruteforce framework, trully modular and script-friendly

54
14
4y 8m
n/a

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

2.75K
703
1y 4d
GPL-2.0

Exploits

dll injection tool that implements various methods

426
115
9y 7m
n/a

Simplify format string exploitation.

327
43
9m
n/a

The best tool for finding one gadget RCE in libc.so.6

1.46K
119
10m
MIT

CTF framework and exploit development library

8.45K
1.46K
9m
n/a

QEMU Interactive Runtime Analyser

3.37K
435
1y 6m
MIT

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

2.86K
514
9m
n/a

Security CTF Toolkit (Not maintained anymore)

352
113
4y 6m
n/a

Forensics

Automatically exported from code.google.com/p/creddump

199
48
3y 93d
GPL-3.0

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

1.35K
287
1y 78d
GPL-2.0

A modern tool for the Windows kernel exploration and tracing

1.44K
150
9m
n/a

Cross-platform, open-source shellbag parser

127
34
5y 6m
Apache-2.0

Tracking history of USB events on GNU/Linux

972
99
1y 23d
GPL-3.0

An advanced memory forensics framework

4.96K
1.04K
11m
GPL-2.0

Networking

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

18.05K
2.6K
9m
n/a

An engine to make Tor network your default gateway

1.17K
255
1y 76d
n/a

Reversing

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.73K
911
9m
Apache-2.0

A powerful and user-friendly binary analysis platform!

5.46K
860
9m
BSD-2-Clause

CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

600
108
3y 9m
n/a

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

1.31K
174
2y 8m
BSD-2-Clause

Firmware Analysis Tool

7.84K
1.21K
9m
MIT

Boomerang Decompiler - Fighting the code-rot :)

289
52
1y 7m
n/a

Run basic functions from stripped binaries cross platform

99
4
5y 7m
n/a

cwe_checker finds vulnerable patterns in binary executables

604
77
6m
LGPL-3.0

A work-in-progress deobfuscator for movfuscated binaries

568
49
10m
BSD-2-Clause

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers โ˜ข

4.07K
560
9m
MIT

Dex to Java decompiler

27.58K
3.4K
9m
Apache-2.0

Java decompiler, assembler, and disassembler

1.45K
176
1y 94d
GPL-3.0

๐Ÿ“ฑ objection - runtime mobile exploration

4.27K
570
9m
GPL-3.0

PEDA - Python Exploit Development Assistance for GDB

4.8K
763
9m
n/a

A reverse engineering tool that'll supply the place of Cheat Engine for linux

1.14K
109
9m
n/a

Using Intel's PIN tool to solve CTF problems

425
51
2y 118d
n/a

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

2.95K
305
11m
GPL-3.0

Exploit Development and Reverse Engineering with GDB Made Easy

4.07K
587
9m
MIT

UNIX-like reverse engineering framework and command-line toolset

15.2K
2.56K
9m
LGPL-3.0

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.

1.91K
401
9m
Apache-2.0

Python decompiler

404
399
5y 68d
n/a

The Z3 Theorem Prover

6.83K
1.11K
9m
n/a

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

391
89
9m
GPL-3.0

Services

Steganography

Web

Automated All-in-One OS Command Injection Exploitation Tool.

2.96K
655
9m
n/a

A high performance offensive security tool for reconnaissance and vulnerability scanning

2.26K
342
10m
MIT

Automatic SQL injection and database takeover tool

22.39K
4.68K
5m
n/a

w3af: web application attack and audit framework, the open source web vulnerability scanner.

3.76K
1.11K
11m
n/a

Operating Systems

Starter Packs

Some setup scripts for security research tools.

6.12K
1.62K
2y 25d
BSD-3-Clause

A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.

38
12
5y 11m
GPL-3.0

Tutorials

Wargames

Websites

Wikis

A place to discuss potential projects for students of the ISIS Lab.

368
78
9y 43d
n/a

Useful tips by OTA CTF members

109
16
2y 10m
n/a

Writeups Collections

Writeups/solutions

75
35
2y 5m
MIT

Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!

25
10
5y 116d
n/a

Things we learned from Capture The Flag hacking competitions we participated in.

190
51
1y 79d
n/a

Writeups of Capture The Flag Competitions

106
26
2y 6m
n/a

A colleciton of CTF write-ups all using pwntools

429
115
5y 10m
MIT

Capture The Flag competition challenge write-ups

13
5
2y 6d
n/a

CTF Writeups

180
45
4y 10m
n/a