Convert Figma logo to code with AI

apsdehal logoawesome-ctf

A curated list of CTF frameworks, libraries, resources and softwares

9,582
1,466
9,582
40
View on GitHub

Top Related Projects

ctfs's avatar

resources

1,739

A general collection of information, tools, and tips regarding CTFs and similar security competitions

zardus's avatar

ctf-tools

8,370

Some setup scripts for security research tools.

w181496's avatar

Web-CTF-Cheatsheet

2,595

Web CTF CheatSheet 🐈

Naetw's avatar

CTF-pwn-tips

1,700

Here record some tips about pwn. Something is obsoleted and won't be updated. Sorry about that.

RsaCtfTool's avatar

RsaCtfTool

5,509

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

Quick Overview

Awesome-CTF is a curated list of Capture The Flag (CTF) frameworks, libraries, resources, software, and tutorials. It serves as a comprehensive collection of tools and information for CTF enthusiasts, ranging from beginners to advanced players. The repository aims to be a one-stop resource for anyone interested in participating in or organizing CTF competitions.

Pros

  • Extensive collection of CTF-related resources in one place
  • Well-organized and categorized for easy navigation
  • Regularly updated with new tools and resources
  • Community-driven with contributions from various CTF enthusiasts

Cons

  • May be overwhelming for beginners due to the vast amount of information
  • Some listed tools or resources might become outdated over time
  • Lacks detailed explanations or tutorials for each tool
  • Primarily focuses on listing resources rather than providing in-depth guides

Note: As this is not a code library but a curated list of resources, the code examples and getting started instructions sections are not applicable.

Competitor Comparisons

ctfs logo

resources

1,739

A general collection of information, tools, and tips regarding CTFs and similar security competitions

Pros of resources

  • More focused on specific CTF events and competitions
  • Includes write-ups and solutions for past CTFs
  • Regularly updated with new resources and challenges

Cons of resources

  • Less comprehensive in terms of general CTF tools and categories
  • Fewer links to external learning resources and tutorials
  • Navigation can be more challenging due to less structured organization

Code comparison

While both repositories primarily consist of curated lists and links, resources occasionally includes code snippets for specific challenges. For example:

# From resources
def decrypt(ciphertext, key):
    return ''.join(chr(ord(c) ^ key) for c in ciphertext)

awesome-ctf typically doesn't include direct code examples, focusing instead on tool links and descriptions.

Overall comparison

awesome-ctf provides a more comprehensive and well-organized list of CTF tools, categories, and resources. It's better suited for beginners and those looking for a broad overview of CTF topics.

resources is more tailored to active CTF participants, offering write-ups, solutions, and specific event information. It's ideal for those seeking practical examples and recent competition insights.

Both repositories serve valuable purposes in the CTF community, with awesome-ctf excelling in breadth and organization, while resources shines in its focus on practical, event-specific content.

zardus logo

ctf-tools

8,370

Some setup scripts for security research tools.

Pros of ctf-tools

  • Provides a collection of installable tools, making it easier to set up a CTF environment
  • Includes installation scripts for each tool, streamlining the setup process
  • Offers a more hands-on approach with actual tools rather than just links

Cons of ctf-tools

  • Limited to a specific set of tools, potentially missing some newer or less common ones
  • Requires more storage space and setup time compared to a curated list of links
  • May not be as frequently updated as a community-driven awesome list

Code Comparison

ctf-tools:

./bin/manage-tools -s install sqlmap
./bin/ctf-tools-pip install --user pwntools

awesome-ctf:

- [sqlmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
- [pwntools](https://github.com/Gallopsled/pwntools) - CTF framework and exploit development library

Summary

ctf-tools focuses on providing installable tools with scripts, offering a more practical approach for setting up a CTF environment. awesome-ctf, on the other hand, serves as a comprehensive resource list, covering a wider range of topics and tools without direct installation support. The choice between them depends on whether you prefer a ready-to-use toolset or a broader reference for CTF resources.

w181496 logo

Web-CTF-Cheatsheet

2,595

Web CTF CheatSheet 🐈

Pros of Web-CTF-Cheatsheet

  • Focused specifically on web-based CTF challenges, providing in-depth information for this domain
  • Includes practical examples and payloads for various web vulnerabilities
  • Regularly updated with new techniques and tools

Cons of Web-CTF-Cheatsheet

  • Limited scope compared to awesome-ctf, which covers a broader range of CTF categories
  • Less comprehensive in terms of general CTF resources and learning materials
  • Primarily in Chinese, which may be a barrier for non-Chinese speakers

Code Comparison

Web-CTF-Cheatsheet example (SQL injection):

' UNION SELECT 1,2,3--
' UNION SELECT 1,2,3,4--
' UNION SELECT NULL,NULL,NULL--

awesome-ctf example (not directly comparable due to different focus):

- [Hack This Site](https://www.hackthissite.org/) - Training ground for hackers.
- [CTFlearn](https://ctflearn.com/) - Online platform for learning and participating in CTFs

Both repositories serve as valuable resources for CTF enthusiasts, with Web-CTF-Cheatsheet offering more specialized content for web-based challenges, while awesome-ctf provides a broader overview of CTF resources across various categories.

Naetw logo

CTF-pwn-tips

1,700

Here record some tips about pwn. Something is obsoleted and won't be updated. Sorry about that.

Pros of CTF-pwn-tips

  • Focused specifically on binary exploitation and pwning techniques
  • Provides detailed explanations and examples for various pwning concepts
  • Regularly updated with new techniques and tools

Cons of CTF-pwn-tips

  • Limited scope compared to awesome-ctf, which covers multiple CTF categories
  • Less comprehensive in terms of overall CTF resources and tools
  • Fewer external links and references to other learning materials

Code Comparison

CTF-pwn-tips example (format string vulnerability):

from pwn import *

r = remote('127.0.0.1', 1337)
r.sendline('%x ' * 20)
r.interactive()

awesome-ctf example (general CTF tool usage):

# Using John the Ripper for password cracking
john --wordlist=wordlist.txt hashes.txt

# Using Wireshark for network analysis
tshark -r capture.pcap -Y "http.request.method == GET"

Both repositories provide valuable resources for CTF enthusiasts, but they serve different purposes. CTF-pwn-tips is more specialized and in-depth for binary exploitation, while awesome-ctf offers a broader overview of CTF categories and tools. The choice between them depends on the user's specific needs and focus within the CTF domain.

RsaCtfTool logo

RsaCtfTool

5,509

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

Pros of RsaCtfTool

  • Specialized tool focused specifically on RSA cryptography attacks
  • Provides a comprehensive set of RSA-related attack methods in one package
  • Actively maintained with regular updates and improvements

Cons of RsaCtfTool

  • Limited scope, only covers RSA-related challenges
  • Requires more technical knowledge to use effectively
  • May not be as beginner-friendly as a curated list of resources

Code Comparison

RsaCtfTool:

def attack(attack_rsa_obj, publickey, cipher=[]):
    if publickey is None:
        raise Exception("Public key is required")
    try:
        return attack_rsa_obj.attack(publickey, cipher)
    except NotImplementedError:
        return None

awesome-ctf:

## Cryptography

* [Crypto 101](https://www.crypto101.io/)
* [CryptoHack](https://cryptohack.org/)
* [Cryptopals](https://cryptopals.com/)

RsaCtfTool provides actual implementation code for RSA attacks, while awesome-ctf offers a curated list of resources for learning and practicing cryptography in general. The awesome-ctf repository covers a broader range of CTF topics and tools, making it more suitable for beginners and those looking for a comprehensive overview of CTF resources.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Awesome CTF Build Status Awesome

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.

Contributing

Please take a quick look at the contribution guidelines first.

If you know a tool that isn't present here, feel free to open a pull request.

Why?

It takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place.

Contents

Create

Tools used for creating CTF challenges

Forensics

Tools used for creating Forensics challenges

Platforms

Projects that can be used to host a CTF

  • CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
  • echoCTF.RED - Develop, deploy and maintain your own CTF infrastructure.
  • FBCTF - Platform to host Capture the Flag competitions from Facebook.
  • Haaukins- A Highly Accessible and Automated Virtualization Platform for Security Education.
  • HackTheArch - CTF scoring platform.
  • Mellivora - A CTF engine written in PHP.
  • MotherFucking-CTF - Badass lightweight plaform to host CTFs. No JS involved.
  • NightShade - A simple security CTF framework.
  • OpenCTF - CTF in a box. Minimal setup required.
  • PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
  • PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.
  • RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).
  • Scorebot - Platform for CTFs by Legitbs (Defcon).
  • SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.

Steganography

Tools used to create stego challenges

Check solve section for steganography.

Web

Tools used for creating Web challenges

JavaScript Obfustcators

Solve

Tools used for solving CTF challenges

Attacks

Tools used for performing various kinds of attacks

  • Bettercap - Framework to perform MITM (Man in the Middle) attacks.
  • Yersinia - Attack various protocols on layer 2.

Crypto

Tools used for solving Crypto challenges

  • CyberChef - Web app for analysing and decoding data.
  • FeatherDuster - An automated, modular cryptanalysis tool.
  • Hash Extender - A utility tool for performing hash length extension attacks.
  • padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
  • PkCrack - A tool for Breaking PkZip-encryption.
  • QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
  • RSACTFTool - A tool for recovering RSA private key with various attack.
  • RSATool - Generate private key with knowledge of p and q.
  • XORTool - A tool to analyze multi-byte xor cipher.

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

  • Hashcat - Password Cracker
  • Hydra - A parallelized login cracker which supports numerous protocols to attack
  • John The Jumbo - Community enhanced version of John the Ripper.
  • John The Ripper - Password Cracker.
  • Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack - Windows password cracker based on rainbow tables.
  • Patator - Patator is a multi-purpose brute-forcer, with a modular design.
  • Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests

Exploits

Tools used for solving Exploits challenges

  • DLLInjector - Inject dlls in processes.
  • libformatstr - Simplify format string exploitation.
  • Metasploit - Penetration testing software.
  • one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.
    • gem install one_gadget
  • Pwntools - CTF Framework for writing exploits.
  • Qira - QEMU Interactive Runtime Analyser.
  • ROP Gadget - Framework for ROP exploitation.
  • V0lt - Security CTF Toolkit.

Forensics

Tools used for solving Forensics challenges

  • Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
    • apt-get install aircrack-ng
  • Audacity - Analyze sound files (mp3, m4a, whatever).
    • apt-get install audacity
  • Bkhive and Samdump2 - Dump SYSTEM and SAM files.
    • apt-get install samdump2 bkhive
  • CFF Explorer - PE Editor.
  • Creddump - Dump windows credentials.
  • DVCS Ripper - Rips web accessible (distributed) version control systems.
  • Exif Tool - Read, write and edit file metadata.
  • Extundelete - Used for recovering lost data from mountable images.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • Foremost - Extract particular kind of files using headers.
    • apt-get install foremost
  • Fsck.ext4 - Used to fix corrupt filesystems.
  • Malzilla - Malware hunting tool.
  • NetworkMiner - Network Forensic Analysis Tool.
  • PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
  • Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
    • apt-get install pngcheck
  • ResourcesExtract - Extract various filetypes from exes.
  • Shellbags - Investigate NT_USER.dat files.
  • Snow - A Whitespace Steganography Tool.
  • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility - To investigate memory dumps.
  • Wireshark - Used to analyze pcap or pcapng files

Registry Viewers

  • OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
  • Registry Viewer® - Used to view Windows registries.

Networking

Tools used for solving Networking challenges

  • Masscan - Mass IP port scanner, TCP port scanner.
  • Monit - A linux tool to check a host on the network (and other non-network activities).
  • Nipe - Nipe is a script to make Tor Network your default gateway.
  • Nmap - An open source utility for network discovery and security auditing.
  • Wireshark - Analyze the network dumps.
    • apt-get install wireshark
  • Zeek - An open-source network security monitor.
  • Zmap - An open-source network scanner.

Reversing

Tools used for solving Reversing challenges

  • Androguard - Reverse engineer Android applications.
  • Angr - platform-agnostic binary analysis framework.
  • Apk2Gold - Yet another Android decompiler.
  • ApkTool - Android Decompiler.
  • Barf - Binary Analysis and Reverse engineering Framework.
  • Binary Ninja - Binary analysis framework.
  • BinUtils - Collection of binary tools.
  • BinWalk - Analyze, reverse engineer, and extract firmware images.
  • Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
  • ctf_import – run basic functions from stripped binaries cross platform.
  • cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
  • demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.
  • Frida - Dynamic Code Injection.
  • GDB - The GNU project debugger.
  • GEF - GDB plugin.
  • Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
  • Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
  • IDA Pro - Most used Reversing software.
  • Jadx - Decompile Android files.
  • Java Decompilers - An online decompiler for Java and Android APKs.
  • Krakatau - Java decompiler and disassembler.
  • Objection - Runtime Mobile Exploration.
  • PEDA - GDB plugin (only python2.7).
  • Pin - A dynamic binary instrumentaion tool by Intel.
  • PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
  • PinCTF - A tool which uses intel pin for Side Channel Analysis.
  • Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 - A portable reversing framework.
  • Triton - Dynamic Binary Analysis (DBA) framework.
  • Uncompyle - Decompile Python 2.7 binaries (.pyc).
  • WinDbg - Windows debugger distributed by Microsoft.
  • Xocopy - Program that can copy executables with execute, but no read permission.
  • Z3 - A theorem prover from Microsoft Research.

JavaScript Deobfuscators

  • Detox - A Javascript malware analysis tool.
  • Revelo - Analyze obfuscated Javascript code.

SWF Analyzers

  • RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools - Collection of utilities to work with SWF files.
  • Xxxswf - A Python script for analyzing Flash files.

Services

Various kind of useful services available around the internet

  • CSWSH - Cross-Site WebSocket Hijacking Tester.
  • Request Bin - Lets you inspect http requests to a particular url.

Steganography

Tools used for solving Steganography challenges

  • AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
  • Convert - Convert images b/w formats and apply filters.
  • Exif - Shows EXIF information in JPEG files.
  • Exiftool - Read and write meta information in files.
  • Exiv2 - Image metadata manipulation tool.
  • Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
  • Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
  • ImageMagick - Tool for manipulating images.
  • Outguess - Universal steganographic tool.
  • Pngtools - For various analysis related to PNGs.
    • apt-get install pngtools
  • SmartDeblur - Used to deblur and fix defocused images.
  • Steganabara - Tool for stegano analysis written in Java.
  • SteganographyOnline - Online steganography encoder and decoder.
  • Stegbreak - Launches brute-force dictionary attacks on JPG image.
  • StegCracker - Steganography brute-force utility to uncover hidden data inside files.
  • stegextract - Detect hidden files and text in images.
  • Steghide - Hide data in various kind of images.
  • StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
  • Stegsolve - Apply various steganography techniques to images.
  • Zsteg - PNG/BMP analysis.

Web

Tools used for solving Web challenges

  • BurpSuite - A graphical tool to testing website security.
  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar - Firefox addon for easy web exploitation.
  • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman - Add on for chrome for debugging network requests.
  • Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
  • SQLMap - Automatic SQL injection and database takeover tool. pip install sqlmap
  • W3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor.

Resources

Where to discover about CTF

Operating Systems

Penetration testing and security lab Operating Systems

Malware analysts and reverse-engineering

Starter Packs

Collections of installer scripts, useful tools

  • CTF Tools - Collection of setup scripts to install various security research tools.
  • LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials

Tutorials to learn how to play CTFs

Wargames

Always online CTFs

  • Backdoor - Security Platform by SDSLabs.
  • Crackmes - Reverse Engineering Challenges.
  • CryptoHack - Fun cryptography challenges.
  • echoCTF.RED - Online CTF with a variety of targets to attack.
  • Exploit Exercises - Variety of VMs to learn variety of computer security issues.
  • Exploit.Education - Variety of VMs to learn variety of computer security issues.
  • Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
  • Hack The Box - Weekly CTFs for all types of security enthusiasts.
  • Hack This Site - Training ground for hackers.
  • Hacker101 - CTF from HackerOne
  • Hacking-Lab - Ethical hacking, computer network and security challenge platform.
  • Hone Your Ninja Skills - Web challenges starting from basic ones.
  • IO - Wargame for binary challenges.
  • Microcorruption - Embedded security CTF.
  • Over The Wire - Wargame maintained by OvertheWire Community.
  • PentesterLab - Variety of VM and online challenges (paid).
  • PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
  • PWN Challenge - Binary Exploitation Wargame.
  • Pwnable.kr - Pwn Game.
  • Pwnable.tw - Binary wargame.
  • Pwnable.xyz - Binary Exploitation Wargame.
  • Reversin.kr - Reversing challenge.
  • Ringzer0Team - Ringzer0 Team Online CTF.
  • Root-Me - Hacking and Information Security learning platform.
  • ROP Wargames - ROP Wargames.
  • SANS HHC - Challenges with a holiday theme released annually and maintained by SANS.
  • SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
  • Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
  • VulnHub - VM-based for practical in digital security, computer application & network administration.
  • W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
  • WebHacking - Hacking challenges for web.

Self-hosted CTFs

Websites

Various general websites about and on CTF

Wikis

Various Wikis available for learning about CTFs

Writeups Collections

Collections of CTF write-ups

  • 0e85dc6eaf - Write-ups for CTF challenges by 0e85dc6eaf
  • Captf - Dumped CTF challenges and materials by psifertex.
  • CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community.
  • CTFTime Scrapper - Scraps all writeup from CTF Time and organize which to read first.
  • HackThisSite - CTF write-ups repo maintained by HackThisSite team.
  • Mzfr - CTF competition write-ups by mzfr
  • pwntools writeups - A collection of CTF write-ups all using pwntools.
  • SababaSec - A collection of CTF write-ups by the SababaSec team
  • Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
  • Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.

LICENSE

CC0 :)