├── .dockerignore ├── .gitignore ├── .travis.yml ├── Dockerfile ├── README.md ├── TODO ├── Vagrantfile ├── afl ├── install └── install-root ├── angr ├── install └── install-root ├── apktool ├── install └── install-root ├── barf ├── install ├── install-root └── uninstall ├── bin └── manage-tools ├── bindead ├── install └── install-root ├── binwalk └── install ├── burpsuite ├── install └── install-root ├── checksec └── install ├── codereason ├── install └── install-root ├── commix └── install ├── cribdrag └── install ├── cross2 └── install ├── crosstool ├── build-sample.sh ├── config ├── install ├── install-root └── uninstall ├── df ├── install └── install-root ├── dirs3arch └── install ├── dislocker ├── install └── install-root ├── elfkickers └── install ├── elfparser ├── install └── install-root ├── evilize └── install ├── exetractor └── install ├── firmware-mod-kit ├── install └── install-root ├── foresight └── install ├── gdb ├── install └── install-root ├── hash-identifier ├── install └── install-root ├── hashpump-partialhash ├── install └── install-root ├── hashpump ├── install └── install-root ├── littleblackbox ├── install └── install-root ├── msieve ├── install └── install-root ├── panda ├── install └── install-root ├── pathgrind ├── install ├── install-root └── pathgrind.patch ├── pdf-parser └── install ├── peda └── install ├── pemcrack └── install ├── pkcrack └── install ├── preeny └── install ├── pwntools ├── install └── install-root ├── python-paddingoracle └── install ├── python-pin └── install ├── qemu └── install ├── qira ├── install └── install-root ├── radare2 └── install ├── reveng └── install ├── rp++ └── install ├── scrdec18 └── install ├── shellnoob └── install ├── shellsploit └── install ├── snowman ├── install └── install-root ├── sonic-visualizer ├── install └── install-root ├── sqlmap ├── install └── install-root ├── ssh_decoder └── install ├── sslsplit ├── install └── install-root ├── steganabara └── install ├── stegdetect ├── install └── install-root ├── stegsolve └── install ├── subbrute └── install ├── taintgrind └── install ├── testdisk └── install ├── villoc └── install ├── virtualsocket └── install ├── xortool ├── install └── uninstall ├── xrop └── install └── yafu ├── install └── test /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !.git 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | */* 2 | bin/* 3 | !*/install 4 | !*/install-root 5 | !*/upgrade 6 | !*/test 7 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | python: 2.7 3 | sudo: required 4 | dist: trusty 5 | install: (sudo apt-get update || true) && bin/manage-tools -s setup 6 | script: bin/manage-tools -s test all 7 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | from ubuntu:trusty 2 | maintainer yans@yancomm.net 3 | 4 | RUN adduser ctf 5 | COPY .git /home/ctf/tools/.git 6 | RUN chown -R ctf.ctf /home/ctf/tools 7 | 8 | RUN echo "ctf ALL=NOPASSWD: ALL" > /etc/sudoers.d/ctf 9 | RUN apt-get update 10 | RUN apt-get -y install git virtualenvwrapper 11 | 12 | USER ctf 13 | 14 | WORKDIR /home/ctf/tools 15 | RUN git checkout . 16 | RUN bin/manage-tools -s setup 17 | 18 | WORKDIR /home/ctf 19 | RUN bash -c "source /etc/bash_completion.d/virtualenvwrapper && mkvirtualenv ctf" 20 | RUN echo "workon ctf" >> /home/ctf/.bashrc 21 | 22 | ENTRYPOINT bash -i 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ctf-tools 2 | [![Build Status](https://travis-ci.org/zardus/ctf-tools.svg?branch=master)](https://travis-ci.org/zardus/ctf-tools) 3 | [![IRC](https://img.shields.io/badge/freenode-%23ctf--tools-green.svg)](http://webchat.freenode.net/?channels=#ctf-tools) 4 | 5 | This is a collection of setup scripts to create an install of various security research tools. 6 | Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. 7 | 8 | Installers for the following tools are included: 9 | 10 | | Category | Tool | Description | 11 | |----------|------|-------------| 12 | | binary | [afl](http://lcamtuf.coredump.cx/afl/) | State-of-the-art fuzzer. | 13 | | binary | [angr](http://angr.io) | Next-generation binary analysis engine from Shellphish. | 14 | | binary | [barf](https://github.com/programa-stic/barf-project) | Binary Analysis and Reverse-engineering Framework. | 15 | | binary | [bindead](https://bitbucket.org/mihaila/bindead/wiki/Home) | A static analysis tool for binaries. | 16 | | binary | [checksec](https://github.com/slimm609/checksec.sh) | Check binary hardening settings. | 17 | | binary | [codereason](https://github.com/trailofbits/codereason) | Semantic Binary Code Analysis Framework. | 18 | | binary | [crosstool-ng](http://crosstool-ng.org/) | Cross-compilers and cross-architecture tools. | 19 | | binary | [cross2](http://kozos.jp/books/asm/asm.html) | A set of cross-compilation tools from a Japanese book on C. | 20 | | binary | [elfkickers](http://www.muppetlabs.com/~breadbox/software/elfkickers.html) | A set of utilities for working with ELF files. | 21 | | binary | [elfparser](http://www.elfparser.com/) | Quickly determine the capabilities of an ELF binary through static analysis. | 22 | | binary | [evilize](http://www.mathstat.dal.ca/~selinger/md5collision/) | Tool to create MD5 colliding binaries | 23 | | binary | [gdb](http://www.gnu.org/software/gdb/) | Up-to-date gdb with python2 bindings. | 24 | | binary | [panda](https://github.com/moyix/panda) | Platform for Architecture-Neutral Dynamic Analysis. | 25 | | binary | [pathgrind](https://github.com/codelion/pathgrind) | Path-based, symbolically-assisted fuzzer. | 26 | | binary | [peda](https://github.com/longld/peda) | Enhanced environment for gdb. | 27 | | binary | [preeny](https://github.com/zardus/preeny) | A collection of helpful preloads (compiled for many architectures!). | 28 | | binary | [pwntools](https://github.com/Gallopsled/pwntools) | Useful CTF utilities. | 29 | | binary | [python-pin](https://github.com/blankwall/Python_Pin) | Python bindings for pin. | 30 | | binary | [qemu](http://qemu.org) | Latest version of qemu! | 31 | | binary | [qira](http://qira.me) | Parallel, timeless debugger. | 32 | | binary | [radare2](http://www.radare.org/) | Some crazy thing crowell likes. | 33 | | binary | [rp++](https://github.com/0vercl0k/rp) | Another gadget finder. | 34 | | binary | [shellnoob](https://github.com/reyammer/shellnoob) | Shellcode writing helper. | 35 | | binary | [shellsploit](https://github.com/b3mb4m/shellsploit-framework) | Shellcode development kit. | 36 | | binary | [snowman](https://github.com/yegord/snowman) | Cross-architecture decompiler. | 37 | | binary | [taintgrind](https://github.com/wmkhoo/taintgrind) | A valgrind taint analysis tool. | 38 | | binary | [villoc](https://github.com/wapiflapi/villoc) | Visualization of heap operations. | 39 | | binary | [virtualsocket](https://github.com/antoniobianchi333/virtualsocket) | A nice library to interact with binaries. | 40 | | binary | [xrop](https://github.com/acama/xrop) | Gadget finder. | 41 | | forensics | [binwalk](https://github.com/devttys0/binwalk.git) | Firmware (and arbitrary file) analysis tool. | 42 | | forensics | [dislocker](http://www.hsc.fr/ressources/outils/dislocker/) | Tool for reading Bitlocker encrypted partitions. | 43 | | forensics | [exetractor](https://github.com/kholia/exetractor-clone) | Unpacker for packed Python executables. Supports PyInstaller and py2exe. | 44 | | forensics | [firmware-mod-kit](https://code.google.com/p/firmware-mod-kit/) | Tools for firmware packing/unpacking. | 45 | | forensics | [pdf-parser](http://blog.didierstevens.com/programs/pdf-tools/) | Tool for digging in PDF files | 46 | | forensics | [scrdec](https://gist.github.com/bcse/1834878) | A decoder for encoded Windows Scripts. | 47 | | forensics | [testdisk](http://www.cgsecurity.org/wiki/TestDisk) | Testdisk and photorec for file recovery. | 48 | | crypto | [cribdrag](https://github.com/SpiderLabs/cribdrag) | Interactive crib dragging tool (for crypto). | 49 | | crypto | [foresight](https://github.com/ALSchwalm/foresight) | A tool for predicting the output of random number generators. To run, launch "foresee". | 50 | | crypto | [hashpump](https://github.com/bwall/HashPump) | A tool for performing hash length extension attaacks. | 51 | | crypto | [hashpump-partialhash](https://github.com/mheistermann/HashPump-partialhash) | Hashpump, supporting partially-unknown hashes. | 52 | | crypto | [hash-identifier](https://code.google.com/p/hash-identifier/source/checkout) | Simple hash algorithm identifier. | 53 | | crypto | [littleblackbox](https://github.com/devttys0/littleblackbox) | Database of private SSL/SSH keys for embedded devices. | 54 | | crypto | [msieve](http://sourceforge.net/projects/msieve/) | Msieve is a C library implementing a suite of algorithms to factor large integers. | 55 | | crypto | [pemcrack](https://github.com/robertdavidgraham/pemcrack) | SSL PEM file cracker. | 56 | | crypto | [pkcrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) | PkZip encryption cracker. | 57 | | crypto | [python-paddingoracle](https://github.com/mwielgoszewski/python-paddingoracle) | Padding oracle attack automation. | 58 | | crypto | [reveng](http://reveng.sourceforge.net/) | CRC finder. | 59 | | crypto | [ssh_decoder](https://github.com/jjyg/ssh_decoder) | A tool for decoding ssh traffic. You will need `ruby1.8` from `https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng` to run this. Run with `ssh_decoder --help` for help, as running it with no arguments causes it to crash. | 60 | | crypto | [sslsplit](https://github.com/droe/sslsplit) | SSL/TLS MITM. | 61 | | crypto | [xortool](https://github.com/hellman/xortool) | XOR analysis tool. | 62 | | crypto | [yafu](http://sourceforge.net/projects/yafu/) | Automated integer factorization. | 63 | | web | [burpsuite](http://portswigger.net/burp) | Web proxy to do naughty web stuff. | 64 | | web | [commix](https://github.com/stasinopoulos/commix) | Command injection and exploitation tool. | 65 | | web | [dirs3arch](https://github.com/maurosoria/dirs3arch) | Web path scanner. | 66 | | web | [sqlmap](http://sqlmap.org/) | SQL injection automation engine. | 67 | | web | [subbrute](https://github.com/TheRook/subbrute) | A DNS meta-query spider that enumerates DNS records, and subdomains. | 68 | | stego | [sound-visualizer](http://www.sonicvisualiser.org/) | Audio file visualization. | 69 | | stego | [steganabara](http://www.caesum.com/handbook/stego.htm) | Another image steganography solver. | 70 | | stego | [stegdetect](http://www.outguess.org/) | Steganography detection/breaking tool. | 71 | | stego | [stegsolve](http://www.caesum.com/handbook/stego.htm) | Image steganography solver. | 72 | | android | [apktool](https://ibotpeaches.github.io/Apktool/) | Dissect, dis-assemble, and re-pack Android APKs | 73 | 74 | There are also some installers for non-CTF stuff to break the monotony! 75 | 76 | | Category | Tool | Description | 77 | |----------|------|-------------| 78 | | game | [Dwarf Fortress](http://www.bay12games.com/dwarves/) | Something to help you relax after a CTF! | 79 | 80 | ## Usage 81 | 82 | To use, do: 83 | 84 | ```bash 85 | # set up the path 86 | /path/to/ctf-tools/bin/manage-tools setup 87 | source ~/.bashrc 88 | 89 | # list the available tools 90 | manage-tools list 91 | 92 | # install gdb, allowing it to try to sudo install dependencies 93 | manage-tools -s install gdb 94 | 95 | # install pwntools, but don't let it sudo install dependencies 96 | manage-tools install pwntools 97 | 98 | # uninstall gdb 99 | manage-tools uninstall gdb 100 | 101 | # uninstall all tools 102 | manage-tools uninstall all 103 | 104 | # search for a tool 105 | manage-tools search preload 106 | ``` 107 | 108 | Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to `git clean` (**NOTE**, this is **NOT** careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). 109 | To support python dependencies, however, make sure to create a virtualenv before installing and using tools (i.e., `mkvirtualenv --system-site-packages ctf`. The `--system-site-packages` is there for easier reuse of apt-gotten python packages where necessary). 110 | 111 | ## Help! 112 | 113 | Something not working? 114 | I didn't write (almost) any of these tools, but hit up [#ctf-tools on freenode](http://webchat.freenode.net/?channels=#ctf-tools) if you're desperate. 115 | Maybe some kind soul will help! 116 | 117 | ## Docker 118 | 119 | By popular demand, a Dockerfile has been included. 120 | You can build a docker image with: 121 | 122 | ```bash 123 | git clone https://github.com/zardus/ctf-tools 124 | docker build -t ctf-tools . 125 | ``` 126 | 127 | And run it with: 128 | 129 | ```bash 130 | docker run -it ctf-tools 131 | ``` 132 | 133 | The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above). 134 | 135 | ## Vagrant 136 | 137 | You can build a Vagrant VM with: 138 | 139 | ```bash 140 | wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile 141 | vagrant up 142 | ``` 143 | 144 | And connect to it via: 145 | 146 | ```bash 147 | vagrant ssh 148 | ``` 149 | 150 | ## Adding Tools 151 | 152 | To add a tool (say, named *toolname*), do the following: 153 | 154 | 1. Create a `toolname` directory. 155 | 2. Create an `install` script. 156 | 3. (optional) if special uninstall steps are required, create an `uninstall` script. 157 | 158 | ### Install Scripts 159 | 160 | The install script will be run with `$PWD` being `toolname`. It should install the tool into this directory, in as contained a manner as possible. 161 | Ideally, full uninstallation should be possible with a `git clean`. 162 | 163 | The install script should create a `bin` directory and put its executables there. 164 | These executables will be automatically linked into the main `bin` directory for the repo. 165 | They could be launched from any directory, so don't make assumptions about the location of `$0`! 166 | 167 | ## License 168 | 169 | The individual tools are all licensed under their own licenses. 170 | As for ctf-tools itself, it is "starware". 171 | If you find it useful, star it on github (https://github.com/zardus/ctf-tools). 172 | 173 | Good luck! 174 | 175 | # See Also 176 | 177 | There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/awesome-ctf. 178 | 179 | There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure. 180 | 181 | ## Tools in the official Debian/Ubuntu repos 182 | 183 | These tools are present in the Debian or Ubuntu repos (in an adequately new version). 184 | They're not included in ctf-tools, but are included here as notes for the author. 185 | 186 | | Category | Package | Description | Package | 187 | |----------|---------|-------------|---------| 188 | | forensics | [foremost](http://foremost.sourceforge.net/) | File carver. | `foremost` | 189 | | dsniff | [dsniff](http://www.monkey.org/~dugsong/dsniff/) | Grabs passwords and other data from pcaps/network streams. | dsniff | 190 | 191 | ## Tools with unofficial Debian/Ubuntu repos or debs 192 | 193 | | Category | Package | Description | Repo/deb | 194 | |----------|---------|-------------|----------| 195 | | stego | [sound-visualizer](http://www.sonicvisualiser.org/) | Audio file visualization. | [deb](http://www.sonicvisualiser.org/download.html) | 196 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | xrop -- doesn't build 2 | msieve 3 | sonic visualiser -- doesn't build 4 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | $bootstrap = <