├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 devploit
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome CTF resources [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwyl/esta/issues)
  2 | 
  3 | A list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩 
  4 | 
  5 | Any contribution is welcome, send me a PR! ❤️
  6 | 
  7 | *-The software and resources collected do not belong to me and have been compiled for educational purposes only-*
  8 | 
  9 | <p align="center">
 10 | <img src="https://i.imgur.com/d4aShjQ.jpg" width="600" height="300" >
 11 | </p>
 12 | 
 13 | ## Contents
 14 | 
 15 |  - [Create](#0x00-create)
 16 |     - [Platforms](#platforms)
 17 |     - [Forensics](#forensics)
 18 |     - [Steganography](#steganography)
 19 |     - [Web](#web)
 20 | 
 21 |  - [Solve](#0x01-solve)
 22 |     - [Cryptography](#cryptography)
 23 |     - [Exploiting / Pwn](#exploiting--pwn)
 24 |     - [Forensics](#forensics-1)
 25 |     - [Misc](#misc)
 26 |     - [Reversing](#reversing)
 27 |     - [Steganography](#steganography-1)
 28 |     - [Web](#web-1)
 29 | 
 30 |  - [Resources](#0x02-resources)
 31 |     - [Online Platforms](#online-platforms)
 32 |     - [Collaborative Tools](#collaborative-tools)
 33 |     - [Writeups Repositories](#writeups-repositories)
 34 |     - [Courses](#courses)
 35 | 
 36 |  - [Bibliography](#0x03-bibliography)
 37 | 
 38 | 
 39 | # 0x00. Create
 40 | 
 41 | *Tools used for creating CTF challenges*
 42 | 
 43 | ## Platforms
 44 | 
 45 | *Frameworks that can be used to host a CTF*
 46 | 
 47 |  - [CTFd](https://github.com/CTFd/CTFd) - Platform to host jeopardy style CTFs.
 48 |  - [FBCTF](https://github.com/facebookarchive/fbctf) - Facebook CTF platform to host Jeopardy and "King of the Hill" CTF competitions.
 49 |  - [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - Scoring server for CTF competitions.
 50 |  - [kCTF](https://github.com/google/kctf) - Kubernetes-based infrastructure for CTF competitions.
 51 |  - [LibreCTF](https://github.com/easyctf/librectf) - CTF platform from EasyCTF.
 52 |  - [Mellivora](https://github.com/Nakiami/mellivora) - CTF engine written in PHP.
 53 |  - [NightShade](https://github.com/UnrealAkama/NightShade) - Simple CTF framework.
 54 |  - [picoCTF](https://github.com/picoCTF/picoCTF) - Infrastructure used to run picoCTF.
 55 |  - [rCTF](https://github.com/redpwn/rctf) - CTF platform maintained by the [redpwn](https://github.com/redpwn/rctf) CTF team.
 56 |  - [RootTheBox](https://github.com/moloch--/RootTheBox) - CTF scoring engine for wargames.
 57 |  - [ImaginaryCTF](https://github.com/Et3rnos/ImaginaryCTF) - Platform to host CTFs.
 58 | 
 59 | ## Forensics
 60 | 
 61 | *Tools used to create Forensics challenges*
 62 | 
 63 |  - [Belkasoft RAM Capturer](https://belkasoft.com/ram-capturer) - Volatile Memory Acquisition Tool.
 64 |  - [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS.
 65 |  - [Magnet AXIOM 2.0](https://www.magnetforensics.com/resources/magnet-axiom-2-0-memory-analysis/) - Artifact-centric DFIR tool.
 66 |  - [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Tool to dump Windows Registry.
 67 | 
 68 | ## Steganography
 69 | 
 70 | *Tools used to create Stego challenges*
 71 | 
 72 | Check [solve section for steganography](#steganography-1).
 73 | 
 74 | ## Web
 75 | 
 76 | *Tools used to create Web challenges*
 77 | 
 78 |  - [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit) - How to obfuscate JavaScript in Metasploit.
 79 | 
 80 | # 0x01. Solve
 81 | 
 82 | ## Cryptography
 83 | 
 84 | *Tools used for solving Crypto challenges*
 85 | 
 86 |  - [Base65536](https://github.com/qntm/base65536) - Unicode's answer to Base64.
 87 |  - [Braille Translator](https://www.branah.com/braille-translator) - Translate from braille to text.
 88 |  - [Ciphey](https://github.com/Ciphey/Ciphey) - Tool to automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes.
 89 |  - [CyberChef](https://gchq.github.io/CyberChef/) - A web app for encryption, encoding, compression and data analysis.
 90 |  - [Cryptii](https://cryptii.com/) - Modular conversion, encoding and encryption online.
 91 |  - [dCode.fr](https://www.dcode.fr/tools-list#cryptography) - Solvers for Crypto, Maths and Encodings online.
 92 |  - [Decodify](https://github.com/s0md3v/Decodify) - Detect and decode encoded strings, recursively.
 93 |  - [Enigma Machine](https://summersidemakerspace.ca/projects/enigma-machine/) - Universal Enigma Machine Simulator.
 94 |  - [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool.
 95 |  - [Galois](http://web.eecs.utk.edu/~jplank/plank/papers/CS-07-593/) - A fast galois field arithmetic library/toolkit.
 96 |  - [HashExtender](https://github.com/iagox86/hash_extender) - Tool for performing hash length extension attacks.
 97 |  - [Hash-identifier](https://code.google.com/p/hash-identifier/source/checkout) - Simple hash algorithm identifier.
 98 |  - [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - CLI tool and library to execute padding oracle attacks easily.
 99 |  - [PadBuster](https://github.com/AonCyberLabs/PadBuster) - Automated script for performing Padding Oracle attacks.
100 |  - [PEMCrack](https://github.com/robertdavidgraham/pemcrack) - Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks.
101 |  - [PKCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - PkZip encryption cracker.
102 |  - [Polybius Square Cipher](https://www.braingle.com/brainteasers/codes/polybius.php) - Table that allows someone to translate letters into numbers.
103 |  - [Quipqiup](https://quipqiup.com/) - Automated cryptogram solver.
104 |  - [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool) - RSA multi attacks tool.
105 |  - [RSATool](https://github.com/ius/rsatool) - Tool to to calculate RSA and RSA-CRT parameter.
106 |  - [Rumkin Cipher Tools](http://rumkin.com/tools/cipher/) - Collection of ciphhers/encoders tools.
107 |  - [Vigenere Solver](https://www.guballa.de/vigenere-solver) - Online tool that breaks Vigenère ciphers without knowing the key.
108 |  - [XOR Cracker](https://wiremask.eu/tools/xor-cracker/) - Online XOR decryption tool able to guess the key length and the cipher key to decrypt any file.
109 |  - [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher.
110 |  - [yagu](https://sourceforge.net/projects/yafu/) - Automated integer factorization.
111 |  - [Crackstation](https://crackstation.net/) - Hash cracker (database).
112 |  - [Online Encyclopedia of Integer Sequences](https://oeis.org/) - OEIS: The On-Line Encyclopedia of Integer Sequences
113 | 
114 | ## Exploiting / Pwn
115 | 
116 | *Tools used for solving Pwn challenges*
117 | 
118 |  - [afl](https://lcamtuf.coredump.cx/afl/) - Security-oriented fuzzer.
119 |  - [honggfuzz](https://github.com/google/honggfuzz) - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage.
120 |  - [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation.
121 |  - [One_gadget](https://github.com/david942j/one_gadget) - Tool for finding one gadget RCE.
122 |  - [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for writing exploits.
123 |  - [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation.
124 |  - [Ropper](https://github.com/sashs/Ropper) - Display information about files in different file formats and find gadgets to build rop chains for different architectures.
125 |  - [Shellcodes Database](http://shell-storm.org/shellcode/) - A massive shellcodes database.
126 | 
127 | ## Forensics
128 | 
129 | *Tools used for solving Forensics challenges*
130 | 
131 |  - [A-Packets](https://apackets.com/) - Effortless PCAP File Analysis in Your Browser.
132 |  - [Autopsy](https://www.autopsy.com/) - End-to-end open source digital forensics platform.
133 |  - [Binwalk](https://github.com/devttys0/binwalk) - Firmware Analysis Tool.
134 |  - [Bulk-extractor](https://github.com/simsong/bulk_extractor) - High-performance digital forensics exploitation tool.
135 |  - [Bkhive & samdump2](https://www.kali.org/tools/samdump2/) - Dump SYSTEM and SAM files.
136 |  - [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html) - Small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache.
137 |  - [Creddump](https://github.com/moyix/creddump) - Dump Windows credentials.
138 |  - [Exiftool](https://exiftool.org/) - Read, write and edit file metadata.
139 |  - [Extundelete](http://extundelete.sourceforge.net/) - Utility that can recover deleted files from an ext3 or ext4 partition.
140 |  - [firmware-mod-kit](https://code.google.com/archive/p/firmware-mod-kit/) - Modify firmware images without recompiling.
141 |  - [Foremost](http://foremost.sourceforge.net/) - Console program to recover files based on their headers, footers, and internal data structures.
142 |  - [Forensic Toolkit](https://www.exterro.com/forensic-toolkit) - It scans a hard drive looking for various information. It can, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.
143 |  - [Forensically](https://29a.ch/photo-forensics/#forensic-magnifier) - Free online tool to analysis image this tool has many features.
144 |  - [MZCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html) - Small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache.
145 |  - [NetworkMiner](https://www.netresec.com/index.ashx?page=NetworkMiner)  Network Forensic Analysis Tool (NFAT).
146 |  - [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive.
147 |  - [photorec](https://www.cgsecurity.org/wiki/PhotoRec) - File data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory.
148 |  - [Registry Viewer](https://accessdata.com/product-download/registry-viewer-2-0-0) - Tool to view Windows registers.
149 |  - [Scalpel](https://github.com/sleuthkit/scalpel) - Open source data carving tool.
150 |  - [The Sleuth Kit](https://www.sleuthkit.org/) - Collection of command line tools and a C library that allows you to analyze disk images and recover files from them.
151 |  - [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
152 |  - [Volatility](https://github.com/volatilityfoundation/volatility) - An advanced memory forensics framework.
153 |  - [Wireshark](https://www.wireshark.org/) - Tool to analyze pcap or pcapng files.
154 |  - [X-Ways](https://www.x-ways.net/forensics/index-m.html) - Advanced work environment for computer forensic examiners.
155 | 
156 | ## Misc
157 | 
158 | *Tools used for solving Misc challenges*
159 | 
160 |  - [boofuzz](https://github.com/jtpereyda/boofuzz) - Network Protocol Fuzzing for Humans.
161 |  - [Veles](https://codisec.com/veles/) - Binary data analysis and visualization tool.
162 | 
163 | **Bruteforcers:**
164 | 
165 |  - [changeme](https://github.com/ztgrace/changeme) - A default credential scanner.
166 |  - [Hashcat](https://hashcat.net/hashcat/) - Advanced Password Recovery.
167 |  - [Hydra](https://www.kali.org/tools/hydra/) - Parallelized login cracker which supports numerous protocols to attack.
168 |  - [John the Ripper](https://www.openwall.com/john/) - Open Source password security auditing and password recovery.
169 |  - [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens.
170 |  - [Ophcrack](https://ophcrack.sourceforge.io/) - Free Windows password cracker based on rainbow tables.
171 |  - [Patator](https://github.com/lanjelot/patator) - Multi-purpose brute-forcer, with a modular design and a flexible usage.
172 |  - [Turbo Intruder](https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988) - Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
173 | 
174 | **Esoteric Languages:**
175 | 
176 |  - [Brainfuck](https://copy.sh/brainfuck/) - Brainfuck esoteric programming language IDE.
177 |  - [COW](https://frank-buss.de/cow.html) - It is a Brainfuck variant designed humorously with Bovinae in mind.
178 |  - [Malbolge](http://www.malbolge.doleczek.pl/) - Malbolge esoteric programming language solver.
179 |  - [Ook!](https://www.dcode.fr/ook-language) - Tool for decoding / encoding in Ook!
180 |  - [Piet](https://www.bertnase.de/npiet/npiet-execute.php) - Piet programming language compiler.
181 |  - [Rockstar](https://codewithrockstar.com/online) - A language intended to look like song lyrics.
182 |  - [Try It Online](https://tio.run/) - An online tool that has a ton of Esoteric language interpreters.
183 | 
184 | 
185 | **Sandboxes:**
186 | 
187 |  - [Any.run](https://any.run/) - Interactive malware hunting service.
188 |  - [Intezer Analyze](https://analyze.intezer.com/) - Malware analysis platform.
189 |  - [Triage](https://tria.ge/) - State-of-the-art malware analysis sandbox designed for cross-platform support.
190 | 
191 | ## Reversing
192 | 
193 | *Tools used for solving Reversing challenges*
194 | 
195 |  - [Androguard](https://github.com/androguard/androguard) - Androguard is a full python tool to play with Android files.
196 |  - [Angr](https://github.com/angr/angr) - A powerful and user-friendly binary analysis platform.
197 |  - [Apk2gold](https://github.com/lxdvs/apk2gold) - CLI tool for decompiling Android apps to Java.
198 |  - [ApkTool](https://ibotpeaches.github.io/Apktool/) - A tool for reverse engineering 3rd party, closed, binary Android apps.
199 |  - [Binary Ninja](https://binary.ninja/) - Binary Analysis Framework.
200 |  - [BinUtils](https://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools.
201 |  - [CTF_import](https://github.com/sciencemanx/ctf_import) - Run basic functions from stripped binaries cross platform.
202 |  - [Compiler Explorer](https://godbolt.org/) - Online compiler tool.
203 |  - [CWE_checker](https://github.com/fkie-cad/cwe_checker) - Finds vulnerable patterns in binary executables.
204 |  - [Demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries.
205 |  - [Disassembler.io](https://onlinedisassembler.com/static/home/index.html) - Disassemble On Demand. 
206 | A lightweight, online service for when you don’t have the time, resources, or requirements to use a heavier-weight alternative.
207 |  - [dnSpy](https://github.com/dnSpy/dnSpy) - .NET debugger and assembly editor.
208 |  - [EasyPythonDecompiler](https://sourceforge.net/projects/easypythondecompiler/) - A small .exe GUI application that will "decompile" Python bytecode, often seen in .pyc extension.
209 |  - [Frida](https://github.com/frida/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
210 |  - [GDB](https://www.gnu.org/software/gdb/) - The GNU Project debugger.
211 |  - [GEF](https://github.com/hugsy/gef) - A modern experience for GDB with advanced debugging features for exploit developers & reverse engineers.
212 |  - [Ghidra](https://ghidra-sre.org/) - A software reverse engineering (SRE) suite of tools developed by NSA.
213 |  - [Hopper](https://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux.
214 |  - [IDA Pro](https://hex-rays.com/ida-pro/) - Most used Reversing software.
215 |  - [Jadx](https://github.com/skylot/jadx) - Command line and GUI tools for producing Java source code from Android Dex and Apk files.
216 |  - [Java Decompilers](http://www.javadecompilers.com/) - An online decompiler for Java and Android APKs.
217 |  - [JSDetox](https://github.com/svent/jsdetox) - A JavaScript malware analysis tool.
218 |  - [miasm](https://github.com/cea-sec/miasm) - Reverse engineering framework in Python.
219 |  - [Objection](https://github.com/sensepost/objection) - Runtime mobile exploration.
220 |  - [Online Assembler/Disassembler](http://shell-storm.org/online/Online-Assembler-and-Disassembler/) - Online wrappers around the Keystone and Capstone projects.
221 |  - [PEDA](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
222 |  - [PEfile](https://github.com/erocarrera/pefile) - Python module to read and work with PE (Portable Executable) files.
223 |  - [Pwndbg](https://github.com/pwndbg/pwndbg) - Exploit Development and Reverse Engineering with GDB Made Easy.
224 |  - [radare2](https://github.com/radareorg/radare2) - UNIX-like reverse engineering framework and command-line toolset.
225 |  - [Rizin](https://github.com/rizinorg/rizin) - Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.
226 |  - [Uncompyle](https://github.com/gstarnberger/uncompyle) -  A Python 2.7 byte-code decompiler (.pyc)
227 |  - [WinDBG](http://www.windbg.org/) - Windows debugger distributed by Microsoft.
228 |  - [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.
229 | 
230 | ## Steganography
231 | 
232 | *Tools used for solving Stego challenges*
233 | 
234 |  - [AperiSolve](https://aperisolve.fr/) - Platform which performs layer analysis on images.
235 |  - [BPStegano](https://github.com/TapanSoni/BPStegano) - Python3 based LSB steganography.
236 |  - [DeepSound](https://github.com/Jpinsoft/DeepSound) - Freeware steganography tool and audio converter that hides secret data into audio files.
237 |  - [DTMF Detection](https://unframework.github.io/dtmf-detect/) - Audio frequencies common to a phone button.
238 |  - [DTMF Tones](http://dialabc.com/sound/detect/index.html) - Audio frequencies common to a phone button.
239 |  - [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files.
240 |  - [Exiv2](https://www.exiv2.org/manpage.html) - Image metadata manipulation tool.
241 |  - [FotoForensics](https://fotoforensics.com/) - Provides budding researchers and professional investigators access to cutting-edge tools for digital photo forensics.
242 |  - [hipshot](https://bitbucket.org/eliteraspberries/hipshot/src/master/) - Tool to converts a video file or series of photographs into a single image simulating a long-exposure photograph.
243 |  - [Image Error Level Analyzer](https://29a.ch/sandbox/2012/imageerrorlevelanalysis/) - Tool to analyze digital images. It's also free and web based. It features error level analysis, clone detection and more.
244 |  - [Image Steganography](https://incoherency.co.uk/image-steganography/) - Client-side Javascript tool to steganographically hide/unhide images inside the lower "bits" of other images. 
245 |  - [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images.
246 |  - [jsteg](https://github.com/lukechampine/jsteg) - Command-line tool to use against JPEG images.
247 |  - [Magic Eye Solver](http://magiceye.ecksdee.co.uk/) - Get hidden information from images.
248 |  - [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html) - Universal steganographic tool.
249 |  - [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
250 |  - [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs.
251 |  - [sigBits](https://github.com/Pulho/sigBits) - Steganography significant bits image decoder.
252 |  - [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Restoration of defocused and blurred photos/images.
253 |  - [Snow](https://darkside.com.au/snow/) - Whitespace Steganography Tool
254 |  - [Sonic Visualizer](https://www.sonicvisualiser.org/) - Audio file visualization.
255 |  - [Steganography Online](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder.
256 |  - [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image.
257 |  - [StegCracker](https://github.com/Paradoxis/StegCracker) - Brute-force utility to uncover hidden data inside files.
258 |  - [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images.
259 |  - [Steghide](http://steghide.sourceforge.net/) - Hide data in various kinds of image- and audio-files.
260 |  - [StegOnline](https://stegonline.georgeom.net/) - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits.
261 |  - [Stegosaurus](https://github.com/AngelKitty/stegosaurus) - A steganography tool for embedding payloads within Python bytecode.
262 |  - [StegoVeritas](https://github.com/bannsec/stegoVeritas) - Yet another stego tool.
263 |  - [Stegpy](https://github.com/dhsdshdhk/stegpy) - Simple steganography program based on the LSB method.
264 |  - [stegseek](https://github.com/RickdeJager/stegseek) - Lightning fast steghide cracker that can be used to extract hidden data from files. 
265 |  - [stegsnow](https://manpages.ubuntu.com/manpages/trusty/man1/stegsnow.1.html) - Whitespace steganography program.
266 |  - [Stegsolve](https://github.com/zardus/ctf-tools/tree/master/stegsolve) - Apply various steganography techniques to images.
267 |  - [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis.
268 | 
269 | 
270 | ## Web 
271 | 
272 | *Tools used for solving Web challenges*
273 | 
274 |  - [Arachni](https://www.arachni-scanner.com/) - Web Application Security Scanner Framework.
275 |  - [Beautifier.io](https://beautifier.io/) - Online JavaScript Beautifier.
276 |  - [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security.
277 |  - [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection Exploitation Tool.
278 |  - [debugHunter](https://github.com/devploit/debugHunter) - Discover hidden debugging parameters and uncover web application secrets.
279 |  - [Dirhunt](https://github.com/Nekmo/dirhunt) - Find web directories without bruteforce.
280 |  - [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
281 |  - [nomore403](https://github.com/devploit/nomore403) - Tool to bypass 40x errors.
282 |  - [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go.
283 |  - [git-dumper](https://github.com/arthaud/git-dumper) - A tool to dump a git repository from a website.
284 |  - [Gopherus](https://github.com/tarunkant/Gopherus) - Tool that generates gopher link for exploiting SSRF and gaining RCE in various servers.
285 |  - [Hookbin](https://hookbin.com/) - Free service that enables you to collect, parse, and view HTTP requests.
286 |  - [JSFiddle](https://jsfiddle.net/) - Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.
287 |  - [ngrok](https://ngrok.com/) - Secure introspectable tunnels to localhost.
288 |  - [OWASP Zap](https://owasp.org/www-project-zap/) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses.
289 |  - [PHPGGC](https://github.com/ambionics/phpggc) - Library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
290 |  - [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Addon for chrome for debugging network requests.
291 |  - [REQBIN](https://reqbin.com/) - Online REST & SOAP API Testing Tool.
292 |  - [Request Bin](https://requestbin.com/) - A modern request bin to inspect any event by Pipedream.
293 |  - [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code.
294 |  - [Smuggler](https://github.com/defparam/smuggler) -  An HTTP Request Smuggling / Desync testing tool written in Python3.
295 |  - [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool.
296 |  - [W3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework.
297 |  - [XSSer](https://xsser.03c8.net/) - Automated XSS testor.
298 |  - [ysoserial](https://github.com/frohoff/ysoserial) - Tool for generating payloads that exploit unsafe Java object deserialization.
299 | 
300 | # 0x02. Resources
301 | 
302 | ## Online Platforms
303 | 
304 | *Always online CTFs*
305 | 
306 |  - [0x0539](https://0x0539.net/) - Online CTF challenges.
307 |  - [247CTF](https://247ctf.com/) - Free Capture The Flag Hacking Environment.
308 |  - [Archive.ooo](https://archive.ooo/) - Live, playable archive of DEF CON CTF challenges.
309 |  - [Atenea](https://atenea.ccn-cert.cni.es/) - Spanish CCN-CERT CTF platform.
310 |  - [CTFlearn](https://ctflearn.com/) - Online platform built to help ethical hackers learn, practice, and compete.
311 |  - [CTF365](https://ctf365.com/) - Security Training Platform.
312 |  - [Crackmes.One](https://crackmes.one/) - Reverse Engineering Challenges.
313 |  - [CryptoHack](https://cryptohack.org/) - Cryptography Challenges.
314 |  - [Cryptopals](https://cryptopals.com/) - Cryptography Challenges.
315 |  - [Defend the Web](https://defendtheweb.net/?hackthis) - An Interactive Cyber Security Platform.
316 |  - [Dreamhack.io](https://dreamhack.io/wargame) - Online wargame.
317 |  - [echoCTF.RED](https://echoctf.red/) - Online Hacking Laboratories.
318 |  - [Flagyard](https://flagyard.com/) - An Online Playground of Hands-on Cybersecurity Challenges.
319 |  - [HackBBS](https://hackbbs.org/index.php) - Online wargame.
320 |  - [Hacker101](https://www.hacker101.com/) - CTF Platform by [HackerOne](https://www.hackerone.com/).
321 |  - [Hackropole](https://hackropole.fr/en/) - This platform allows you to replay the challenges of the France Cybersecurity Challenge.
322 |  - [HackTheBox](https://www.hackthebox.com/) - A Massive Hacking Playground.
323 |  - [HackThisSite](https://www.hackthissite.org/) - Free, safe and legal training ground for hackers.
324 |  - [HBH](https://hbh.sh/home) - Community designed to teach methods and tactics used by malicious hackers to access systems and sensitive information.
325 |  - [Komodo](http://ctf.komodosec.com/) - This is a game designed to challenge your application hacking skills.
326 |  - [MicroCorruption](https://microcorruption.com/) - Embedded Security CTF.
327 |  - [MNCTF](https://mnctf.info/) - Online cybersecurity challenges.
328 |  - [OverTheWire](https://overthewire.org/wargames/) - Wargame offered by the OverTheWire community.
329 |  - [picoCTF](https://picoctf.org/) - Beginner-friendly CTF platform.
330 |  - [Pwn.college](https://pwn.college/) - Education platform to learn about, and practice, core cybersecurity concepts.
331 |  - [PWN.TN](https://pwn.tn/) - Educational and non commercial wargame.
332 |  - [Pwnable.kr](http://pwnable.kr/) - Pwn/Exploiting platform.
333 |  - [Pwnable.tw](https://pwnable.tw/) - Pwn/Exploiting platform.
334 |  - [Pwnable.xyz](https://pwnable.xyz/) - Pwn/Exploiting platform.
335 |  - [PWNChallenge](http://pwn.eonew.cn/) - Pwn/Exploiting platform.
336 |  - [Reversing.kr](http://reversing.kr/) - Reverse Engineering platform.
337 |  - [Root-me](https://www.root-me.org/) - CTF training platform.
338 |  - [VibloCTF](https://ctf.viblo.asia/landing) - CTF training platform.
339 |  - [VulnHub](https://www.vulnhub.com/) - VM-based pentesting platform.
340 |  - [W3Challs](https://w3challs.com/) - Hacking/CTF platform.
341 |  - [WebHacking](https://webhacking.kr/) - Web challenges platform.
342 |  - [Websec.fr](http://websec.fr/) - Web challenges platform.
343 |  - [WeChall](https://www.wechall.net/active_sites) - Challenge sites directory & forum.
344 |  - [YEHD 2015](https://2015-yehd-ctf.meiji-ncc.tech/) - YEHD CTF 2015 online challenges.
345 | 
346 | *Self-hosted CTFs*
347 | 
348 |  - [AWSGoat](https://github.com/ine-labs/AWSGoat) - A Damn Vulnerable AWS Infrastructure.
349 |  - [CICD-goat](https://github.com/cider-security-research/cicd-goat) - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
350 |  - [Damn Vulnerable Web Application](https://dvwa.co.uk/) - PHP/MySQL web application that is damn vulnerable.
351 |  - [GCPGoat](https://github.com/ine-labs/GCPGoat) - A Damn Vulnerable GCP Infrastructure.
352 |  - [Juice Shop](https://github.com/juice-shop/juice-shop-ctf) - Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop. 
353 | 
354 | ## Collaborative Tools
355 | 
356 |  - [CTFNote](https://github.com/TFNS/CTFNote) - Collaborative tool aiming to help CTF teams to organise their work.
357 | 
358 | ## Writeups Repositories
359 | 
360 | *Repository of CTF Writeups*
361 | 
362 |  - [Courgettes.Club](https://ctf.courgettes.club/) - CTF Writeup Finder.
363 |  - [CTFtime](https://ctftime.org/writeups) - CTFtime Writeups Collection.
364 |  - [Github.com/CTFs](https://github.com/ctfs) - Collection of CTF Writeups.
365 | 
366 | ## Courses
367 | 
368 |  - [Roppers Bootcamp](https://www.roppers.org/courses/ctf) - CTF Bootcamp.
369 | 
370 | # 0x03. Bibliography
371 | 
372 | *The resources presented here have been gathered from numerous sources. However, the most important are:*
373 | 
374 |  - [apsdehal_awesome-ctf](https://github.com/apsdehal/awesome-ctf)
375 |  - [vavkamil_awesome-bugbounty-tools](https://github.com/vavkamil/awesome-bugbounty-tools)
376 |  - [zardus_ctf-tools](https://github.com/zardus/ctf-tools)
377 | 


--------------------------------------------------------------------------------