CTF Tools

Common CTF tools

Web

• Burp Suite (get) - An integrated platform for performing security testing of web applications. The Community Edition is free and widely used. Essential for proxying requests, inspecting traffic, and finding vulnerabilities.
• OWASP ZAP (Project) - Another popular free and open-source web application security scanner and proxy. A strong alternative to Burp Suite.
• SQLMap (get) - Automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
• Wfuzz (get) - A tool designed for brute-forcing web applications, useful for finding hidden directories, files, or parameters.
• Dirb (get) - A web content scanner that looks for existing (and hidden) web objects. Based on a dictionary attack.
• Nikto (get) - A web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions, and other problems.
• Gobuster (get) - A directory/file & DNS busting tool written in Go. Often faster than Dirb or Wfuzz in certain scenarios.

Cracking Tools

• John the Ripper (wiki) - A powerful password cracking tool supporting numerous hash and cipher types.
• Hashcat (wiki) - A fast, GPU-accelerated password recovery tool supporting a vast number of hash types and attack modes.
• fcrackzip (get) - A fast and efficient zipper password cracker. Often used in conjunction with wordlists.
• Aircrack-ng (get) - While primarily for WiFi, its cracking components are often listed under cracking tools as well.
• Hydra (get) - Password cracking tool

Cryptography

• CyberChef (Project) - The "Swiss Army Knife" of cryptography, encoding, and data analysis.
• Factordb (Project) - A database of factored numbers. Useful for RSA challenges.
• Online Decoders/Encoders (e.g., Project) - Various websites offer quick encoding/decoding for formats like Base64, Hex, URL encoding, etc.
• GnuPG (get) - The GNU Privacy Guard. Used for encrypting and signing data.
• OpenSSL (wiki) - A versatile command-line tool for various cryptographic operations.

Forensics

• Wireshark (get) - A widely-used network protocol analyzer. Essential for examining packet captures (.pcap files).
• foremost (get) - A console program to recover files based on their headers, footers, and internal data structures (file carving).
• scalpel (get) - Improved version of foremost, also used for file carving from images.
• Binwalk (get) - A tool for analyzing, reverse engineering, and extracting firmware images and embedded files.
• ExifTool (get) - A command-line program for reading, writing, and editing meta information in various files.
• Autopsy (get) - A GUI-based digital forensics platform for analyzing disk images.
• Steghide (get) - A steganography tool to hide/extract data in JPEG, BMP, WAV, and AU files.
• StegSolve (get) - A Java tool for analyzing images for hidden data, often used for pixel manipulation.
• Volatility (get) - An advanced memory forensics framework. Used to analyze memory dumps.

Reversing

• Ghidra (get) - A free and open-source software reverse engineering (SRE) suite with disassembler and decompiler.
• IDA Pro (get) - A commercial multi-processor disassembler and debugger.
• radare2 (get) - A complete framework for reverse-engineering and analyzing binaries.
• Cutter (get) - A free and open-source reverse engineering platform powered by radare2, with a GUI.
• x64dbg (get) - An open-source x64/x32 debugger for Windows.
• gdb (get) - The GNU Debugger. A powerful command-line debugger for Linux binaries.
• objdump (wiki) - Displays information from object files.
• readelf (wiki) - Displays information about ELF format files.
• strings (wiki) - Prints printable character strings from files.
• CodemerxDecompile ([1]) - Free .NET decompiler

Pwn (Binary Exploitation)

• pwntools (get) - A CTF framework (Python library) for writing exploits.
• gdb (get) - (See Reversing) Used for dynamic analysis and exploit development, often with plugins.
• PEDA (get) - Python Exploit Development Assistance for GDB.
• GEF (get) - GDB Enhanced Features. Another popular GDB plugin.
• pwndbg (get) - A third excellent GDB plugin.
• ROPgadget (get) - A tool and a library to find gadgets for Return-Oriented Programming (ROP).
• one_gadget (get) - A tool to find the "one gadget RCE" in libc.

Networking

• Nmap (get) - A free and open-source network scanner for host and service discovery.
• Netcat (get) - The "TCP/IP Swiss Army knife" for reading and writing data across network connections.
• Socat (get) - A relay for bidirectional data transfer.
• tcpdump (get) - A powerful command-line packet analyzer.

Miscellaneous

• Hex Editors (e.g., HxD get for Windows, Bless Hex Editor get for Linux, or just `hexedit` or `xxd` on command line) - Tools for viewing and editing binary data at the byte level.
• dd (wiki) - A command-line utility for copying and converting files, used for disk imaging.
• zsteg (get) - A steganography tool specifically for PNG and BMP images.
• Scripting Languages (Python, Ruby, PHP, Node.js, etc.) - Essential for automating tasks and writing custom scripts.
• Online Assemblers/Disassemblers (e.g., Project) - Web-based tools for small code snippets.
• Online Decompilers (e.g., Dogbolt) - Web services for decompiling binaries.

Social engineering

• setoolkit - Toolkit for Social negineering, such as website cloning