User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome CTF

A curated list of CTF frameworks, libraries, resources and softwares

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: None

Thank you apsdehal & contributors
View Topic on GitHub:
apsdehal/awesome-ctf

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Create

Online book on building, testing, and customizing your own Capture the Flag challenges.

Forensics

Platforms

CTFs as you need them

3.19K
1.21K
8m
Apache-2.0

The online echoCTF.RED platform user interfaces and codebase

11
3
8m
BSD-2-Clause

Platform to host Capture the Flag competitions

6.35K
1.32K
3y 36d
n/a

A Highly Accessible and Automated Virtualization Platform for Security Education

109
18
8m
GPL-3.0

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!

52
26
1y 7m
MIT

Mellivora is a CTF engine written in PHP

363
168
11m
GPL-3.0

What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.

35
5
2y 4m
BSD-2-Clause

A simple capture the flag framework.

95
28
4y 4m
n/a

CTF in a box. Minimal setup required. (not production-ready yet)

78
13
10m
GPL-3.0

The platform used to run picoCTF. A great framework to host any CTF.

199
75
8m
MIT

A CTF framework to create, build, deploy and monitor challenges

66
14
11m
GPL-3.0

A Game of Hackers (CTF Scoreboard & Game Manager)

523
212
8m
Apache-2.0
45
11
4y 27d
n/a

Create randomly insecure VMs

2.04K
248
8m
GPL-3.0

Web

Metasploit Framework

23.2K
10.98K
7m
n/a

JavaScript parser / mangler / compressor / beautifier toolkit

11.28K
1.17K
8m
n/a

Attacks

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

8.55K
884
8m
GPL-3.0

A framework for layer 2 attacks

401
82
2y 6m
GPL-2.0

Crypto

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

873
126
2y 6m
BSD-3-Clause
650
105
1y 6m
n/a

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

134
31
10m
MIT

RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

2.01K
447
8m
n/a

rsatool can be used to calculate RSA and RSA-CRT parameters

435
116
4y 5m
BSD-2-Clause

A tool to analyze multi-byte xor cipher

979
143
1y 17d
n/a

Web app for analysing and decoding data.

A tool for Breaking PkZip-encryption.

An online tool for breaking substitution ciphers or vigenere ciphers (without key).

Bruteforcers

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

4.6K
1.19K
8m
n/a

Nozzlr is a bruteforce framework, trully modular and script-friendly

52
15
3y 10m
n/a

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

2.43K
657
8m
GPL-2.0

A parallelized login cracker which supports numerous protocols to attack

Windows password cracker based on rainbow tables.

Burp Suite extension for sending large numbers of HTTP requests

Exploits

dll injection tool that implements various methods

408
110
8y 9m
n/a

Simplify format string exploitation.

323
39
4y 102d
n/a

The best tool for finding one gadget RCE in libc.so.6

1.29K
111
8m
MIT

CTF framework and exploit development library

7.55K
1.36K
8m
n/a

QEMU Interactive Runtime Analyser

3.15K
411
10m
MIT

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

2.59K
493
9m
n/a

Security CTF Toolkit (Not maintained anymore)

340
108
3y 9m
n/a

Penetration testing software.

Forensics

Automatically exported from code.google.com/p/creddump

181
44
4y 80d
GPL-3.0

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

1.22K
268
1y 63d
GPL-2.0

A modern tool for the Windows kernel exploration and tracing

1.1K
128
8m
n/a

Cross-platform, open-source shellbag parser

121
33
4y 9m
Apache-2.0

Tracking history of USB events on GNU/Linux

901
91
9m
GPL-3.0

An advanced memory forensics framework

4.3K
917
10m
GPL-2.0

Crack 802.11 WEP and WPA-PSK keys.

open source, cross-platform software for recording and editing sounds.

Read, write and edit file metadata.

Used for recovering lost data from mountable images.

Extract particular kind of files using headers.

Used to fix corrupt filesystems.

Find and extract zlib files compressed in PDF files.

Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.

A Whitespace Steganography Tool.

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.

Networking

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

14.97K
2.36K
8m
n/a

An engine to make Tor network your default gateway

1K
229
9m
n/a

A linux tool to check a host on the network (and other non-network activities).

An open source utility for network discovery and security auditing.

A network protocol analyzer. ![Open-Source Software][oss icon] ![Freeware][freeware icon]

An open-source network security monitor.

An open-source network scanner.

Reversing

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.41K
854
10m
Apache-2.0

A powerful and user-friendly binary analysis platform!

4.85K
793
8m
BSD-2-Clause

CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

583
102
6y 11m
n/a

BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

1.27K
169
1y 11m
BSD-2-Clause

Firmware Analysis Tool

7.09K
1.08K
8m
MIT

Boomerang Decompiler - Fighting the code-rot :)

264
46
9m
n/a

Run basic functions from stripped binaries cross platform

98
4
4y 10m
n/a

cwe_checker finds vulnerable patterns in binary executables

361
47
8m
LGPL-3.0

A work-in-progress deobfuscator for movfuscated binaries

539
47
2y 7m
BSD-2-Clause

GEF - GDB Enhanced Features for exploit devs & reversers

3.46K
489
8m
MIT

Dex to Java decompiler

25.16K
3.07K
8m
Apache-2.0

Java decompiler, assembler, and disassembler

1.29K
153
1y 4m
GPL-3.0

📱 objection - runtime mobile exploration

3.41K
477
8m
GPL-3.0

PEDA - Python Exploit Development Assistance for GDB

4.46K
729
9m
n/a

A reverse engineering tool that'll supply the place of Cheat Engine for linux

970
94
11m
n/a

Using Intel's PIN tool to solve CTF problems

389
49
1y 6m
n/a

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

2.91K
302
2y 7m
GPL-3.0

Exploit Development and Reverse Engineering with GDB Made Easy

3.44K
513
9m
MIT

UNIX-like reverse engineering framework and command-line toolset

13.97K
2.41K
8m
LGPL-3.0

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.

1.64K
355
1y 50d
Apache-2.0

Python decompiler

394
391
5y 19d
n/a

The Z3 Theorem Prover

6.16K
1.01K
8m
n/a

Robust ABC (ActionScript Bytecode) [Dis-]Assembler

384
86
8m
GPL-3.0

Binary analysis framework.

Open Source suite of reverse engineering tools. Similar to IDA Pro.

Reverse engineering tool (disassembler) for OSX and Linux.

Most used Reversing software.

An online decompiler for Java and Android APKs.

Pin

A dynamic binary instrumentaion tool by Intel.

Windows debugger distributed by Microsoft.

Program that can copy executables with execute, but no read permission.

A Javascript malware analysis tool.

Analyze obfuscated Javascript code.

Collection of utilities to work with SWF files.

A Python script for analyzing Flash files.

Services

Steganography

Restoration of defocused and blurred photos/images

2.02K
339
2y 11m
n/a

Steganography brute-force utility to uncover hidden data inside files

389
93
9m
MIT

Detect hidden files and text in images

77
25
3y 4m
MIT

detect stegano-hidden data in PNG & BMP

609
78
1y 72d
n/a

Aperi'Solve is a platform which performs layer analysis on image (open-source).

Convert images b/w formats and apply filters.

Shows EXIF information in JPEG files.

Read and write meta information in files.

Image metadata manipulation tool.

Embeds text and files in images with optional encryption. Easy-to-use UI.

This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images

For various analysis related to PNGs.

Tool for stegano analysis written in Java.

Online steganography encoder and decoder.

Launches brute-force dictionary attacks on JPG image.

Hide data in various kind of images.

Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).

Apply various steganography techniques to images.

Web

Automated All-in-One OS command injection and exploitation tool.

2.54K
591
8m
n/a

A high performance offensive security tool for reconnaissance and vulnerability scanning

2.01K
304
2y 11m
MIT

Automatic SQL injection and database takeover tool

19.42K
4.19K
8m
n/a

w3af: web application attack and audit framework, the open source web vulnerability scanner.

3.5K
1.05K
1y 4m
n/a

A graphical tool to testing website security.

Firefox addon for easy web exploitation.

Intercepting proxy to replay, debug, and fuzz HTTP requests and responses

Add on for chrome for debugging network requests.

Automated XSS testor.

Operating Systems

2.21K
378
1y 88d
Apache-2.0

Based on Ubuntu.

(Security/Forensics) - An Arch Linux-based distribution designed for penetration testers and security researchers.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).

Based on Gentoo.

Based on openSUSE.

Based on Slackware.

Based on Debian.

Starter Packs

Some setup scripts for security research tools.

5.44K
1.49K
1y 5m
BSD-3-Clause

A refresh of LazyKali which simplifies install of tools and configuration. Original author appears missing.

34
10
5y 46d
GPL-3.0

Tutorials

A small course on CTF (wargames) for beginners [in Russian]

219
60
1y 8m
n/a

Field Guide by Trails of Bits.

Start Guide maintained by community.

A free course that teaches beginners the basics of forensics, crypto, and web-ex.

Video tutorials and walkthroughs of popular CTF platforms.

Wargames

WebEngineering Project

4
0
9y 11m
n/a

ROP Wargame repository

13
28
4y 39d
n/a

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

231
61
9m
MIT

Security Platform by SDSLabs.

Reverse Engineering Challenges.

A platform with lots of interactive cryptography challenges, similar to Cryptopals.

Online CTF with a variety of targets to attack.

Variety of VMs to learn variety of computer security issues.

Variety of VMs to learn variety of computer security issues.

Weekly CTFs for all types of security enthusiasts.

Training ground for hackers.

Ethical hacking, computer network and security challenge platform.

Web challenges starting from basic ones.

IO

Wargame for binary challenges.

Wargame maintained by OvertheWire Community.

Variety of VM and online challenges (paid).

All year round ctf game. Questions from the yearly picoCTF competition.

Binary Exploitation Wargame.

Binary Exploitation Wargame.

Reversing challenge.

Ringzer0 Team Online CTF.

Hacking and Information Security learning platform.

A variety of wargames maintained by the SmashTheStack Community.

Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.

VM-based for practical in digital security, computer application & network administration.

A penetration testing training platform, which offers various computer challenges, in various categories.

Hacking challenges for web.

PHP/MySQL web application that is damn vulnerable.

Websites

CTF Cheatsheet

190
44
1y 45d
CC0-1.0

General information on CTF occuring around the worlds.

Wikis

A place to discuss potential projects for students of the ISIS Lab.

362
78
8y 115d
n/a

Useful tips by OTA CTF members

104
16
2y 15d
n/a

Chinese resources to learn CTF.

Writeups Collections

Writeups/solutions

73
33
1y 7m
MIT

Website to Scrapping all writeup from http://ctftime.org/ and you can organize which to read first!

22
9
4y 6m
n/a

Things we learned from Capture The Flag hacking competitions we participated in.

154
45
1y 4m
n/a

Writeups of Capture The Flag Competitions

97
27
1y 8m
n/a

A colleciton of CTF write-ups all using pwntools

410
109
5y 4m
MIT

Capture The Flag competition challenge write-ups

7
4
1y 78d
n/a

CTF Writeups

179
44
4y 12d
n/a

Dumped CTF challenges and materials by psifertex.

CTF challenge archive maintained by Jonathan Salwan.