├── .gitignore
├── .travis.yml
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── _config.yml
├── package.json
└── tests
    ├── test.js
    └── utils.js


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: node_js
2 | node_js:
3 |   - "0.10"


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contribution Guidelines
 2 | 
 3 | - **To add to the list:** Submit a pull request
 4 | - **To remove from the list:** Open an issue
 5 | 
 6 | - List items should be sorted *alphabetically*.
 7 | - Each item should be limited to one link
 8 | - The link should be the name of the package or project
 9 | - Direct installation commands should follow on the next line, indented by 2 spaces and enclosed in \`\`
10 | - Descriptions should be clear, concise, and non-promotional
11 | - Descriptions should follow the link, on the same line
12 | - Run `npm install` and then `npm test` to verify everything is correct according to guidelines
13 | 
14 | ## Quality standard
15 | 
16 | To stay on the list, package repositories should adhere to these quality standards:
17 | 
18 | - Generally useful to the community
19 | - Functional
20 | - Stable
21 | 
22 | 
23 | ## Reporting issues
24 | 
25 | Please open an issue if you find anything that could be improved or have suggestions for making the list a more valuable resource. Thanks!
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | CC0 1.0 Universal
  2 | 
  3 | Statement of Purpose
  4 | 
  5 | The laws of most jurisdictions throughout the world automatically confer
  6 | exclusive Copyright and Related Rights (defined below) upon the creator and
  7 | subsequent owner(s) (each and all, an "owner") of an original work of
  8 | authorship and/or a database (each, a "Work").
  9 | 
 10 | Certain owners wish to permanently relinquish those rights to a Work for the
 11 | purpose of contributing to a commons of creative, cultural and scientific
 12 | works ("Commons") that the public can reliably and without fear of later
 13 | claims of infringement build upon, modify, incorporate in other works, reuse
 14 | and redistribute as freely as possible in any form whatsoever and for any
 15 | purposes, including without limitation commercial purposes. These owners may
 16 | contribute to the Commons to promote the ideal of a free culture and the
 17 | further production of creative, cultural and scientific works, or to gain
 18 | reputation or greater distribution for their Work in part through the use and
 19 | efforts of others.
 20 | 
 21 | For these and/or other purposes and motivations, and without any expectation
 22 | of additional consideration or compensation, the person associating CC0 with a
 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 25 | and publicly distribute the Work under its terms, with knowledge of his or her
 26 | Copyright and Related Rights in the Work and the meaning and intended legal
 27 | effect of CC0 on those rights.
 28 | 
 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 30 | protected by copyright and related or neighboring rights ("Copyright and
 31 | Related Rights"). Copyright and Related Rights include, but are not limited
 32 | to, the following:
 33 | 
 34 |   i. the right to reproduce, adapt, distribute, perform, display, communicate,
 35 |   and translate a Work;
 36 | 
 37 |   ii. moral rights retained by the original author(s) and/or performer(s);
 38 | 
 39 |   iii. publicity and privacy rights pertaining to a person's image or likeness
 40 |   depicted in a Work;
 41 | 
 42 |   iv. rights protecting against unfair competition in regards to a Work,
 43 |   subject to the limitations in paragraph 4(a), below;
 44 | 
 45 |   v. rights protecting the extraction, dissemination, use and reuse of data in
 46 |   a Work;
 47 | 
 48 |   vi. database rights (such as those arising under Directive 96/9/EC of the
 49 |   European Parliament and of the Council of 11 March 1996 on the legal
 50 |   protection of databases, and under any national implementation thereof,
 51 |   including any amended or successor version of such directive); and
 52 | 
 53 |   vii. other similar, equivalent or corresponding rights throughout the world
 54 |   based on applicable law or treaty, and any national implementations thereof.
 55 | 
 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 59 | and Related Rights and associated claims and causes of action, whether now
 60 | known or unknown (including existing as well as future claims and causes of
 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
 62 | duration provided by applicable law or treaty (including future time
 63 | extensions), (iii) in any current or future medium and for any number of
 64 | copies, and (iv) for any purpose whatsoever, including without limitation
 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 66 | the Waiver for the benefit of each member of the public at large and to the
 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
 68 | shall not be subject to revocation, rescission, cancellation, termination, or
 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
 70 | by the public as contemplated by Affirmer's express Statement of Purpose.
 71 | 
 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
 73 | judged legally invalid or ineffective under applicable law, then the Waiver
 74 | shall be preserved to the maximum extent permitted taking into account
 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
 77 | non transferable, non sublicensable, non exclusive, irrevocable and
 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
 80 | provided by applicable law or treaty (including future time extensions), (iii)
 81 | in any current or future medium and for any number of copies, and (iv) for any
 82 | purpose whatsoever, including without limitation commercial, advertising or
 83 | promotional purposes (the "License"). The License shall be deemed effective as
 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
 85 | License for any reason be judged legally invalid or ineffective under
 86 | applicable law, such partial invalidity or ineffectiveness shall not
 87 | invalidate the remainder of the License, and in such case Affirmer hereby
 88 | affirms that he or she will not (i) exercise any of his or her remaining
 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
 90 | and causes of action with respect to the Work, in either case contrary to
 91 | Affirmer's express Statement of Purpose.
 92 | 
 93 | 4. Limitations and Disclaimers.
 94 | 
 95 |   a. No trademark or patent rights held by Affirmer are waived, abandoned,
 96 |   surrendered, licensed or otherwise affected by this document.
 97 | 
 98 |   b. Affirmer offers the Work as-is and makes no representations or warranties
 99 |   of any kind concerning the Work, express, implied, statutory or otherwise,
100 |   including without limitation warranties of title, merchantability, fitness
101 |   for a particular purpose, non infringement, or the absence of latent or
102 |   other defects, accuracy, or the present or absence of errors, whether or not
103 |   discoverable, all to the greatest extent permissible under applicable law.
104 | 
105 |   c. Affirmer disclaims responsibility for clearing rights of other persons
106 |   that may apply to the Work or any use thereof, including without limitation
107 |   any person's Copyright and Related Rights in the Work. Further, Affirmer
108 |   disclaims responsibility for obtaining any necessary consents, permissions
109 |   or other rights required for any use of the Work.
110 | 
111 |   d. Affirmer understands and acknowledges that Creative Commons is not a
112 |   party to this document and has no duty or obligation with respect to this
113 |   CC0 or use of the Work.
114 | 
115 | For more information, please see
116 | <http://creativecommons.org/publicdomain/zero/1.0/>
117 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome CTF [![Build Status](https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master)](https://travis-ci.org/apsdehal/awesome-ctf) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
  2 | 
  3 | A curated list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.
  4 | 
  5 | ### Contributing
  6 | 
  7 | Please take a quick look at the [contribution guidelines](https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md) first.
  8 | 
  9 | #### _If you know a tool that isn't present here, feel free to open a pull request._
 10 | 
 11 | ### Why?
 12 | 
 13 | It takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place.
 14 | 
 15 | ### Contents
 16 | 
 17 | - [Awesome CTF](#awesome-ctf)
 18 |   - [Create](#create)
 19 |     - [Forensics](#forensics)
 20 |     - [Platforms](#platforms)
 21 |     - [Steganography](#steganography)
 22 |     - [Web](#web)
 23 |   - [Solve](#solve)
 24 |     - [Attacks](#attacks)
 25 |     - [Bruteforcers](#bruteforcers)
 26 |     - [Cryptography](#crypto)
 27 |     - [Exploits](#exploits)
 28 |     - [Forensics](#forensics-1)
 29 |     - [Networking](#networking)
 30 |     - [Reversing](#reversing)
 31 |     - [Services](#services)
 32 |     - [Steganography](#steganography-1)
 33 |     - [Web](#web-1)
 34 | 
 35 | - [Resources](#resources)
 36 |   - [Operating Systems](#operating-systems)
 37 |   - [Starter Packs](#starter-packs)
 38 |   - [Tutorials](#tutorials)
 39 |   - [Wargames](#wargames)
 40 |   - [Websites](#websites)
 41 |   - [Wikis](#wikis)
 42 |   - [Writeups Collections](#writeups-collections)
 43 | 
 44 | 
 45 | # Create
 46 | 
 47 | *Tools used for creating CTF challenges*
 48 | 
 49 | - [Kali Linux CTF Blueprints](https://www.packtpub.com/eu/networking-and-servers/kali-linux-ctf-blueprints) - Online book on building, testing, and customizing your own Capture the Flag challenges.
 50 | 
 51 | 
 52 | ## Forensics
 53 | 
 54 | *Tools used for creating Forensics challenges*
 55 | 
 56 | - [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS.
 57 | - [Kroll Artifact Parser and Extractor (KAPE)](https://learn.duffandphelps.com/kape) - Triage program.
 58 | - [Magnet AXIOM](https://www.magnetforensics.com/downloadaxiom) - Artifact-centric DFIR tool.
 59 | - [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Dump your registry.
 60 | 
 61 | ## Platforms
 62 | 
 63 | *Projects that can be used to host a CTF*
 64 | 
 65 | - [CTFd](https://github.com/isislab/CTFd) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
 66 | - [echoCTF.RED](https://github.com/echoCTF/echoCTF.RED) - Develop, deploy and maintain your own CTF infrastructure.
 67 | - [FBCTF](https://github.com/facebook/fbctf) - Platform to host Capture the Flag competitions from Facebook.
 68 | - [Haaukins](https://github.com/aau-network-security/haaukins)- A Highly Accessible and Automated Virtualization Platform for Security Education.
 69 | - [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - CTF scoring platform.
 70 | - [Mellivora](https://github.com/Nakiami/mellivora) - A CTF engine written in PHP.
 71 | - [MotherFucking-CTF](https://github.com/andreafioraldi/motherfucking-ctf) - Badass lightweight plaform to host CTFs. No JS involved.
 72 | - [NightShade](https://github.com/UnrealAkama/NightShade) - A simple security CTF framework.
 73 | - [OpenCTF](https://github.com/easyctf/openctf) - CTF in a box. Minimal setup required.
 74 | - [PicoCTF](https://github.com/picoCTF/picoCTF) - The platform used to run picoCTF. A great framework to host any CTF.
 75 | - [PyChallFactory](https://github.com/pdautry/py_chall_factory) - Small framework to create/manage/package jeopardy CTF challenges.
 76 | - [RootTheBox](https://github.com/moloch--/RootTheBox) - A Game of Hackers (CTF Scoreboard & Game Manager).
 77 | - [Scorebot](https://github.com/legitbs/scorebot) - Platform for CTFs by Legitbs (Defcon).
 78 | - [SecGen](https://github.com/cliffe/SecGen) - Security Scenario Generator. Creates randomly vulnerable virtual machines.
 79 | 
 80 | ## Steganography
 81 | 
 82 | *Tools used to create stego challenges*
 83 | 
 84 | Check solve section for steganography.
 85 | 
 86 | ## Web
 87 | 
 88 | *Tools used for creating Web challenges*
 89 | 
 90 | *JavaScript Obfustcators*
 91 | 
 92 | - [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit)
 93 | - [Uglify](https://github.com/mishoo/UglifyJS)
 94 | 
 95 | 
 96 | # Solve
 97 | 
 98 | *Tools used for solving CTF challenges*
 99 | 
100 | ## Attacks
101 | 
102 | *Tools used for performing various kinds of attacks*
103 | 
104 | - [Bettercap](https://github.com/bettercap/bettercap) - Framework to perform MITM (Man in the Middle) attacks.
105 | - [Yersinia](https://github.com/tomac/yersinia) - Attack various protocols on layer 2.
106 | 
107 | ## Crypto
108 | 
109 | *Tools used for solving Crypto challenges*
110 | 
111 | - [CyberChef](https://gchq.github.io/CyberChef) - Web app for analysing and decoding data.
112 | - [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool.
113 | - [Hash Extender](https://github.com/iagox86/hash_extender) - A utility tool for performing hash length extension attacks.
114 | - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - A CLI tool to execute padding oracle attacks.
115 | - [PkCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - A tool for Breaking PkZip-encryption.
116 | - [QuipQuip](https://quipqiup.com) - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
117 | - [RSACTFTool](https://github.com/Ganapati/RsaCtfTool) - A tool for recovering RSA private key with various attack.
118 | - [RSATool](https://github.com/ius/rsatool) - Generate private key with knowledge of p and q.
119 | - [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher.
120 | 
121 | ## Bruteforcers
122 | 
123 | *Tools used for various kind of bruteforcing (passwords etc.)*
124 | 
125 | - [Hashcat](https://hashcat.net/hashcat/) - Password Cracker
126 | - [Hydra](https://tools.kali.org/password-attacks/hydra) - A parallelized login cracker which supports numerous protocols to attack
127 | - [John The Jumbo](https://github.com/magnumripper/JohnTheRipper) - Community enhanced version of John the Ripper.
128 | - [John The Ripper](http://www.openwall.com/john/) - Password Cracker.
129 | - [Nozzlr](https://github.com/intrd/nozzlr) - Nozzlr is a bruteforce framework, trully modular and script-friendly.
130 | - [Ophcrack](http://ophcrack.sourceforge.net/) - Windows password cracker based on rainbow tables.
131 | - [Patator](https://github.com/lanjelot/patator) - Patator is a multi-purpose brute-forcer, with a modular design.
132 | - [Turbo Intruder](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack) - Burp Suite extension for sending large numbers of HTTP requests 
133 | 
134 | ## Exploits
135 | 
136 | *Tools used for solving Exploits challenges*
137 | 
138 | - [DLLInjector](https://github.com/OpenSecurityResearch/dllinjector) - Inject dlls in processes.
139 | - [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation.
140 | - [Metasploit](http://www.metasploit.com/) - Penetration testing software.
141 |   - [Cheatsheet](https://www.comparitech.com/net-admin/metasploit-cheat-sheet/)
142 | - [one_gadget](https://github.com/david942j/one_gadget) -  A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.
143 |   - `gem install one_gadget`
144 | - [Pwntools](https://github.com/Gallopsled/pwntools) - CTF Framework for writing exploits.
145 | - [Qira](https://github.com/BinaryAnalysisPlatform/qira) - QEMU Interactive Runtime Analyser.
146 | - [ROP Gadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation.
147 | - [V0lt](https://github.com/P1kachu/v0lt) - Security CTF Toolkit.
148 | 
149 | ## Forensics
150 | 
151 | *Tools used for solving Forensics challenges*
152 | 
153 | - [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys.
154 |   - `apt-get install aircrack-ng`
155 | - [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever).
156 |   - `apt-get install audacity`
157 | - [Bkhive and Samdump2](http://sourceforge.net/projects/ophcrack/files/samdump2/) - Dump SYSTEM and SAM files.
158 |   - `apt-get install samdump2 bkhive`
159 | - [CFF Explorer](http://www.ntcore.com/exsuite.php) - PE Editor.
160 | - [Creddump](https://github.com/moyix/creddump) - Dump windows credentials.
161 | - [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rips web accessible (distributed) version control systems.
162 | - [Exif Tool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and edit file metadata.
163 | - [Extundelete](http://extundelete.sourceforge.net/) - Used for recovering lost data from mountable images.
164 | - [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
165 | - [Foremost](http://foremost.sourceforge.net/) - Extract particular kind of files using headers.
166 |   - `apt-get install foremost`
167 | - [Fsck.ext4](http://linux.die.net/man/8/fsck.ext3) - Used to fix corrupt filesystems.
168 | - [Malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool.
169 | - [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - Network Forensic Analysis Tool.
170 | - [PDF Streams Inflater](http://malzilla.sourceforge.net/downloads.html) - Find and extract zlib files compressed in PDF files.
171 | - [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
172 |   - `apt-get install pngcheck`
173 | - [ResourcesExtract](http://www.nirsoft.net/utils/resources_extract.html) - Extract various filetypes from exes.
174 | - [Shellbags](https://github.com/williballenthin/shellbags) - Investigate NT\_USER.dat files.
175 | - [Snow](https://sbmlabs.com/notes/snow_whitespace_steganography_tool) - A Whitespace Steganography Tool.
176 | - [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
177 | - [Volatility](https://github.com/volatilityfoundation/volatility) - To investigate memory dumps.
178 | - [Wireshark](https://www.wireshark.org) - Used to analyze pcap or pcapng files
179 | 
180 | *Registry Viewers*
181 | - [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
182 | - [Registry Viewer®](https://accessdata.com/product-download/registry-viewer-2-0-0) - Used to view Windows registries.
183 | 
184 | ## Networking
185 | 
186 | *Tools used for solving Networking challenges*
187 | 
188 | - [Masscan](https://github.com/robertdavidgraham/masscan) - Mass IP port scanner, TCP port scanner.
189 | - [Monit](https://linoxide.com/monitoring-2/monit-linux/) - A linux tool to check a host on the network (and other non-network activities).
190 | - [Nipe](https://github.com/GouveaHeitor/nipe) - Nipe is a script to make Tor Network your default gateway.
191 | - [Nmap](https://nmap.org/) - An open source utility for network discovery and security auditing.
192 | - [Wireshark](https://www.wireshark.org/) - Analyze the network dumps.
193 |   - `apt-get install wireshark`
194 | - [Zeek](https://www.zeek.org) - An open-source network security monitor.
195 | - [Zmap](https://zmap.io/) - An open-source network scanner.
196 | 
197 | ## Reversing
198 | 
199 | *Tools used for solving Reversing challenges*
200 | 
201 | - [Androguard](https://github.com/androguard/androguard) - Reverse engineer Android applications.
202 | - [Angr](https://github.com/angr/angr) - platform-agnostic binary analysis framework.
203 | - [Apk2Gold](https://github.com/lxdvs/apk2gold) - Yet another Android decompiler.
204 | - [ApkTool](http://ibotpeaches.github.io/Apktool/) - Android Decompiler.
205 | - [Barf](https://github.com/programa-stic/barf-project) - Binary Analysis and Reverse engineering Framework.
206 | - [Binary Ninja](https://binary.ninja/) - Binary analysis framework.
207 | - [BinUtils](http://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools.
208 | - [BinWalk](https://github.com/devttys0/binwalk) - Analyze, reverse engineer, and extract firmware images.
209 | - [Boomerang](https://github.com/BoomerangDecompiler/boomerang) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
210 | - [ctf_import](https://github.com/docileninja/ctf_import) – run basic functions from stripped binaries cross platform.
211 | - [cwe_checker](https://github.com/fkie-cad/cwe_checker) - cwe_checker finds vulnerable patterns in binary executables.
212 | - [demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries.
213 | - [Frida](https://github.com/frida/) - Dynamic Code Injection.
214 | - [GDB](https://www.gnu.org/software/gdb/) - The GNU project debugger.
215 | - [GEF](https://github.com/hugsy/gef) - GDB plugin.
216 | - [Ghidra](https://ghidra-sre.org/) - Open Source suite of reverse engineering tools.  Similar to IDA Pro.
217 | - [Hopper](http://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux.
218 | - [IDA Pro](https://www.hex-rays.com/products/ida/) - Most used Reversing software.
219 | - [Jadx](https://github.com/skylot/jadx) - Decompile Android files.
220 | - [Java Decompilers](http://www.javadecompilers.com) - An online decompiler for Java and Android APKs.
221 | - [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler and disassembler.
222 | - [Objection](https://github.com/sensepost/objection) - Runtime Mobile Exploration.
223 | - [PEDA](https://github.com/longld/peda) - GDB plugin (only python2.7).
224 | - [Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) - A dynamic binary instrumentaion tool by Intel.
225 | - [PINCE](https://github.com/korcankaraokcu/PINCE) - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
226 | - [PinCTF](https://github.com/ChrisTheCoolHut/PinCTF) - A tool which uses intel pin for Side Channel Analysis.
227 | - [Plasma](https://github.com/joelpx/plasma) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
228 | - [Pwndbg](https://github.com/pwndbg/pwndbg) - A GDB plugin that provides a suite of utilities to hack around GDB easily.
229 | - [radare2](https://github.com/radare/radare2) - A portable reversing framework.
230 | - [Triton](https://github.com/JonathanSalwan/Triton/) - Dynamic Binary Analysis (DBA) framework.
231 | - [Uncompyle](https://github.com/gstarnberger/uncompyle) - Decompile Python 2.7 binaries (.pyc).
232 | - [WinDbg](http://www.windbg.org/) - Windows debugger distributed by Microsoft.
233 | - [Xocopy](http://reverse.lostrealm.com/tools/xocopy.html) - Program that can copy executables with execute, but no read permission.
234 | - [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.
235 | 
236 | *JavaScript Deobfuscators*
237 | 
238 | - [Detox](http://relentless-coding.org/projects/jsdetox/install) - A Javascript malware analysis tool.
239 | - [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code.
240 | 
241 | *SWF Analyzers*
242 | - [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - Collection of utilities including an ActionScript 3 assembler/disassembler.
243 | - [Swftools](http://www.swftools.org/) - Collection of utilities to work with SWF files.
244 | - [Xxxswf](https://bitbucket.org/Alexander_Hanel/xxxswf) -  A Python script for analyzing Flash files.
245 | 
246 | ## Services
247 | 
248 | *Various kind of useful services available around the internet*
249 | 
250 | - [CSWSH](http://cow.cat/cswsh.html) - Cross-Site WebSocket Hijacking Tester.
251 | - [Request Bin](https://requestbin.com/) - Lets you inspect http requests to a particular url.
252 | 
253 | ## Steganography
254 | 
255 | *Tools used for solving Steganography challenges*
256 | 
257 | - [AperiSolve](https://aperisolve.fr/) - Aperi'Solve is a platform which performs layer analysis on image (open-source).
258 | - [Convert](http://www.imagemagick.org/script/convert.php) - Convert images b/w formats and apply filters.
259 | - [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files.
260 | - [Exiftool](https://linux.die.net/man/1/exiftool) - Read and write meta information in files.
261 | - [Exiv2](http://www.exiv2.org/manpage.html) - Image metadata manipulation tool.
262 | - [Image Steganography](https://sourceforge.net/projects/image-steg/) - Embeds text and files in images with optional encryption. Easy-to-use UI.
263 | - [Image Steganography Online](https://incoherency.co.uk/image-steganography) - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
264 | - [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images.
265 | - [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html) - Universal steganographic tool.
266 | - [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs.
267 |   - `apt-get install pngtools`
268 | - [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Used to deblur and fix defocused images.
269 | - [Steganabara](https://www.openhub.net/p/steganabara) -  Tool for stegano analysis written in Java.
270 | - [SteganographyOnline](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder.
271 | - [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image.
272 | - [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
273 | - [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images.
274 | - [Steghide](http://steghide.sourceforge.net/) - Hide data in various kind of images.
275 | - [StegOnline](https://georgeom.net/StegOnline/upload) - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
276 | - [Stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) - Apply various steganography techniques to images.
277 | - [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis.
278 | 
279 | ## Web
280 | 
281 | *Tools used for solving Web challenges*
282 | 
283 | - [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security.
284 | - [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection and Exploitation Tool.
285 | - [Hackbar](https://addons.mozilla.org/en-US/firefox/addon/hackbartool/) - Firefox addon for easy web exploitation.
286 | - [OWASP ZAP](https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
287 | - [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Add on for chrome for debugging network requests.
288 | - [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning.
289 | - [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool.
290 |   ```pip install sqlmap```
291 | - [W3af](https://github.com/andresriancho/w3af) -  Web Application Attack and Audit Framework.
292 | - [XSSer](http://xsser.sourceforge.net/) - Automated XSS testor.
293 | 
294 | 
295 | # Resources
296 | 
297 | *Where to discover about CTF*
298 | 
299 | ## Operating Systems
300 | 
301 | *Penetration testing and security lab Operating Systems*
302 | 
303 | - [Android Tamer](https://androidtamer.com/) - Based on Debian.
304 | - [BackBox](https://backbox.org/) - Based on Ubuntu.
305 | - [BlackArch Linux](https://blackarch.org/) - Based on Arch Linux.
306 | - [Fedora Security Lab](https://labs.fedoraproject.org/security/) - Based on Fedora.
307 | - [Kali Linux](https://www.kali.org/) - Based on Debian.
308 | - [Parrot Security OS](https://www.parrotsec.org/) - Based on Debian.
309 | - [Pentoo](http://www.pentoo.ch/) - Based on Gentoo.
310 | - [URIX OS](http://urix.us/) - Based on openSUSE.
311 | - [Wifislax](http://www.wifislax.com/) - Based on Slackware.
312 | 
313 | *Malware analysts and reverse-engineering*
314 | 
315 | - [Flare VM](https://github.com/fireeye/flare-vm/) - Based on Windows.
316 | - [REMnux](https://remnux.org/) - Based on Debian.
317 | 
318 | ## Starter Packs
319 | 
320 | *Collections of installer scripts, useful tools*
321 | 
322 | - [CTF Tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools.
323 | - [LazyKali](https://github.com/jlevitsk/lazykali) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
324 | 
325 | ## Tutorials
326 | 
327 | *Tutorials to learn how to play CTFs*
328 | 
329 | - [CTF Field Guide](https://trailofbits.github.io/ctf/) - Field Guide by Trails of Bits.
330 | - [CTF Resources](http://ctfs.github.io/resources/) -  Start Guide maintained by community.
331 | - [How to Get Started in CTF](https://www.endgame.com/blog/how-get-started-ctf) - Short guideline for CTF beginners by Endgame
332 | - [Intro. to CTF Course](https://www.hoppersroppers.org/courseCTF.html) - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
333 | - [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) - Video tutorials and walkthroughs of popular CTF platforms.
334 | - [LiveOverFlow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Video tutorials on Exploitation.
335 | - [MIPT CTF](https://github.com/xairy/mipt-ctf) - A small course for beginners in CTFs (in Russian).
336 | 
337 | 
338 | ## Wargames
339 | 
340 | *Always online CTFs*
341 | 
342 | - [Backdoor](https://backdoor.sdslabs.co/) - Security Platform by SDSLabs.
343 | - [Crackmes](https://crackmes.one/) - Reverse Engineering Challenges.
344 | - [CryptoHack](https://cryptohack.org/) - Fun cryptography challenges.
345 | - [echoCTF.RED](https://echoctf.red/) - Online CTF with a variety of targets to attack.
346 | - [Exploit Exercises](https://exploit-exercises.lains.space/) - Variety of VMs to learn variety of computer security issues.
347 | - [Exploit.Education](http://exploit.education) - Variety of VMs to learn variety of computer security issues.
348 | - [Gracker](https://github.com/Samuirai/gracker) - Binary challenges having a slow learning curve, and write-ups for each level.
349 | - [Hack The Box](https://www.hackthebox.eu) - Weekly CTFs for all types of security enthusiasts.
350 | - [Hack This Site](https://www.hackthissite.org/) - Training ground for hackers.
351 | - [Hacker101](https://www.hacker101.com/) - CTF from HackerOne
352 | - [Hacking-Lab](https://hacking-lab.com/) - Ethical hacking, computer network and security challenge platform.
353 | - [Hone Your Ninja Skills](https://honeyourskills.ninja/) - Web challenges starting from basic ones.
354 | - [IO](http://io.netgarage.org/) - Wargame for binary challenges.
355 | - [Microcorruption](https://microcorruption.com) - Embedded security CTF.
356 | - [Over The Wire](http://overthewire.org/wargames/) - Wargame maintained by OvertheWire Community.
357 | - [PentesterLab](https://pentesterlab.com/) - Variety of VM and online challenges (paid).
358 | - [PicoCTF](https://2019game.picoctf.com) - All year round ctf game. Questions from the yearly picoCTF competition.
359 | - [PWN Challenge](http://pwn.eonew.cn/) - Binary Exploitation Wargame.
360 | - [Pwnable.kr](http://pwnable.kr/) - Pwn Game.
361 | - [Pwnable.tw](https://pwnable.tw/) - Binary wargame.
362 | - [Pwnable.xyz](https://pwnable.xyz/) - Binary Exploitation Wargame.
363 | - [Reversin.kr](http://reversing.kr/) - Reversing challenge.
364 | - [Ringzer0Team](https://ringzer0team.com/) - Ringzer0 Team Online CTF.
365 | - [Root-Me](https://www.root-me.org/) - Hacking and Information Security learning platform.
366 | - [ROP Wargames](https://github.com/xelenonz/game) - ROP Wargames.
367 | - [SANS HHC](https://holidayhackchallenge.com/past-challenges/) - Challenges with a holiday theme
368 |   released annually and maintained by SANS.
369 | - [SmashTheStack](http://smashthestack.org/) - A variety of wargames maintained by the SmashTheStack Community.
370 | - [Viblo CTF](https://ctf.viblo.asia) - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
371 | - [VulnHub](https://www.vulnhub.com/) - VM-based for practical in digital security, computer application & network administration.
372 | - [W3Challs](https://w3challs.com) - A penetration testing training platform, which offers various computer challenges, in various categories.
373 | - [WebHacking](http://webhacking.kr) - Hacking challenges for web.
374 | 
375 | 
376 | *Self-hosted CTFs*
377 | - [Damn Vulnerable Web Application](http://www.dvwa.co.uk/) - PHP/MySQL web application that is damn vulnerable.
378 | - [Juice Shop CTF](https://github.com/bkimminich/juice-shop-ctf) - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily.
379 | 
380 | ## Websites
381 | 
382 | *Various general websites about and on CTF*
383 | 
384 | - [Awesome CTF Cheatsheet](https://github.com/uppusaikiran/awesome-ctf-cheatsheet#awesome-ctf-cheatsheet-) - CTF Cheatsheet.
385 | - [CTF Time](https://ctftime.org/) - General information on CTF occuring around the worlds.
386 | - [Reddit Security CTF](http://www.reddit.com/r/securityctf) - Reddit CTF category.
387 | 
388 | ## Wikis
389 | 
390 | *Various Wikis available for learning about CTFs*
391 | 
392 | - [Bamboofox](https://bamboofox.github.io/) - Chinese resources to learn CTF.
393 | - [bi0s Wiki](https://teambi0s.gitlab.io/bi0s-wiki/) - Wiki from team bi0s.
394 | - [CTF Cheatsheet](https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/) - CTF tips and tricks.
395 | - [ISIS Lab](https://github.com/isislab/Project-Ideas/wiki) - CTF Wiki by Isis lab.
396 | - [OpenToAll](https://github.com/OpenToAllCTF/Tips) - CTF tips by OTA CTF team members.
397 | 
398 | ## Writeups Collections
399 | 
400 | *Collections of CTF write-ups*
401 | 
402 | - [0e85dc6eaf](https://github.com/0e85dc6eaf/CTF-Writeups) - Write-ups for CTF challenges by 0e85dc6eaf
403 | - [Captf](http://captf.com/) - Dumped CTF challenges and materials by psifertex.
404 | - [CTF write-ups (community)](https://github.com/ctfs/) - CTF challenges + write-ups archive maintained by the community.
405 | - [CTFTime Scrapper](https://github.com/abdilahrf/CTFWriteupScrapper) - Scraps all writeup from CTF Time and organize which to read first.
406 | - [HackThisSite](https://github.com/HackThisSite/CTF-Writeups) - CTF write-ups repo maintained by HackThisSite team.
407 | - [Mzfr](https://github.com/mzfr/ctf-writeups/) - CTF competition write-ups by mzfr
408 | - [pwntools writeups](https://github.com/Gallopsled/pwntools-write-ups) - A collection of CTF write-ups all using pwntools.
409 | - [SababaSec](https://github.com/SababaSec/ctf-writeups) - A collection of CTF write-ups by the SababaSec team
410 | - [Shell Storm](http://shell-storm.org/repo/CTF/) - CTF challenge archive maintained by Jonathan Salwan.
411 | - [Smoke Leet Everyday](https://github.com/smokeleeteveryday/CTF_WRITEUPS) - CTF write-ups repo maintained by SmokeLeetEveryday team.
412 | 
413 | ### LICENSE
414 | 
415 | CC0 :)
416 | 


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-slate


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "awesome-ctf",
 3 |   "title": "awesome-ctf",
 4 |   "description": "A curated list of CTF frameworks, libraries, resources and softwares.",
 5 |   "version": "1.0.0",
 6 |   "homepage": "http://github.com/apsdehal/awesome-ctf",
 7 |   "author": {
 8 |     "name": "Amanpreet Singh and contributors",
 9 |     "url": "https://github.com/apsdehal/awesome-ctf/graphs/contributors"
10 |   },
11 |   "repository": {
12 |     "type": "git",
13 |     "url": "https://github.com/apsdehal/awesome-ctf.git"
14 |   },
15 |   "bugs": "https://github.com/apsdehal/awesome-ctf/issues",
16 |   "devDependencies": {
17 |     "chai": "^2.2.0",
18 |     "cheerio": "^0.19.0",
19 |     "marked": "^0.3.3",
20 |     "mocha": "~2.2.1"
21 |   },
22 |   "licenses": [
23 |     {
24 |       "type": "MIT",
25 |       "url": "https://github.com/apsdehal/awesome-ctf/LICENSE.txt"
26 |     }
27 |   ],
28 |   "engines": {
29 |     "node": ">= 0.8.0"
30 |   },
31 |   "scripts": {
32 |     "test": "./node_modules/mocha/bin/mocha -u bdd tests/test.js"
33 |   },
34 |   "keywords": []
35 | }
36 | 


--------------------------------------------------------------------------------
/tests/test.js:
--------------------------------------------------------------------------------
 1 | var assert = require('chai').assert,
 2 | 	utils = require('./utils');
 3 | 
 4 | var $ = utils.getSelectorObject();
 5 | 
 6 | describe('Main module', function () {
 7 | 	it('should contain a non-duplicate link for all title', function () {
 8 | 		var links = [];
 9 | 
10 | 		$('a').each(function (k) {
11 | 			var href = $(this).attr('href');
12 | 
13 | 			assert.isDefined(href, 'Expected href for ' + $(this).html());
14 | 
15 | 			if (links[href]) {
16 | 				console.log(href);
17 | 				assert.ok(false, 'Duplicate link for ' + $(this).html());
18 | 			}
19 | 
20 | 			links[href] = true;
21 | 		});
22 | 	});
23 | 
24 | 	it('should be sorted alphabetically', function () {
25 | 		$('ul').each(function () {
26 | 			utils.testList(assert, $, $(this));
27 | 		})
28 | 	});
29 | })


--------------------------------------------------------------------------------
/tests/utils.js:
--------------------------------------------------------------------------------
 1 | var fs = require('fs'),
 2 | 	marked = require('marked'),
 3 | 	cheerio = require('cheerio');
 4 | 
 5 | module.exports = (function () {
 6 | 	var utils = {
 7 | 		getSelectorObject: function () {
 8 | 			var html = marked(fs.readFileSync('./README.md', 'utf-8'));
 9 | 			return cheerio.load(html);
10 | 		},
11 | 
12 | 		testList: function (assert, $, list) {
13 | 			var self = this;
14 | 
15 | 			list.find('ul').each(function () {
16 | 				utils.testList(assert, $, $(this));
17 | 				$(this).remove('ul');
18 | 			});
19 | 			self.testAlphabetical(assert, $, list);
20 | 		},
21 | 
22 | 		testAlphabetical: function (assert, $, list) {
23 | 			var items = [];
24 | 			list.find("li > a:first-child").map(function (i) {
25 | 				items.push($(this).text().toLowerCase());
26 | 			});
27 | 
28 | 			sorted = items.slice().sort();
29 | 
30 | 			assert.deepEqual(items, sorted, 'Links should be in alphabetical order');
31 | 		}
32 | 	};
33 | 
34 | 	return utils;
35 | })();


--------------------------------------------------------------------------------