Convert Figma logo to code with AI

zardus logoctf-tools

Some setup scripts for security research tools.

8,446
1,885
8,446
25
View on GitHub

Top Related Projects

CTFd's avatar

CTFd

5,616

CTFs as you need them

apsdehal's avatar

awesome-ctf

9,728

A curated list of CTF frameworks, libraries, resources and softwares

Gallopsled's avatar

pwntools

12,016

CTF framework and exploit development library

Quick Overview

CTF-tools is a collection of security-related utilities for Capture The Flag (CTF) competitions. It provides a curated set of tools commonly used in CTFs, along with installation scripts and management features. This repository aims to simplify the process of setting up and maintaining a CTF toolset.

Pros

  • Comprehensive collection of popular CTF tools
  • Easy installation and management of tools
  • Supports multiple operating systems (Linux, macOS)
  • Regular updates and community contributions

Cons

  • Some tools may be outdated or no longer maintained
  • Installation process can be time-consuming for all tools
  • Potential conflicts with existing system packages
  • Limited documentation for individual tools

Getting Started

To get started with ctf-tools, follow these steps:

# Clone the repository
git clone https://github.com/zardus/ctf-tools.git
cd ctf-tools

# Install a tool (e.g., pwntools)
./ctf-tools-pip install pwntools

# List all available tools
./ctf-tools-pip list

# Update all installed tools
./ctf-tools-pip update

# Remove a tool
./ctf-tools-pip uninstall <tool-name>

Note: Make sure you have the necessary dependencies installed on your system before using ctf-tools. Refer to the repository's README for more detailed instructions and system-specific requirements.

Competitor Comparisons

CTFd logo

CTFd

5,616

CTFs as you need them

Pros of CTFd

  • Complete CTF platform with web interface for hosting competitions
  • Actively maintained with regular updates and a large community
  • Scalable and customizable with plugin support

Cons of CTFd

  • Focused on hosting CTFs rather than providing individual tools
  • Steeper learning curve for setup and configuration
  • Requires more resources to run compared to standalone tools

Code Comparison

CTFd (Python):

@challenges.route('/challenges', methods=['GET'])
@during_ctf_time_only
@require_verified_emails
def challenges_view():
    infos = get_infos()
    errors = get_errors()
    return render_template('challenges.html', infos=infos, errors=errors)

ctf-tools (Bash):

#!/bin/bash
set -eu -o pipefail

if [[ $# -lt 1 ]]; then
    echo "Usage: $0 <tool>"
    exit 1
fi

CTFd is a full-featured CTF platform written in Python, while ctf-tools is a collection of scripts to install and manage individual CTF tools. CTFd provides a web interface and comprehensive competition management, whereas ctf-tools focuses on tool installation and management for CTF participants.

apsdehal logo

awesome-ctf

9,728

A curated list of CTF frameworks, libraries, resources and softwares

Pros of awesome-ctf

  • More comprehensive list of CTF resources, including tools, websites, and learning materials
  • Better organized into categories, making it easier to find specific types of tools
  • Regularly updated with new resources and community contributions

Cons of awesome-ctf

  • Lacks installation scripts or automated setup for tools
  • Doesn't provide version information or compatibility details for listed tools
  • Less focus on practical tool usage and more on resource aggregation

Code comparison

awesome-ctf:

## Forensics

*Tools used for solving Forensics challenges*

- [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys
- [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever)

ctf-tools:

#!/bin/bash -e

git clone https://github.com/devttys0/binwalk.git
cd binwalk
sudo python setup.py install
sudo apt-get install squashfs-tools

The code snippets highlight the difference in approach: awesome-ctf provides a curated list of tools with brief descriptions, while ctf-tools focuses on installation scripts for specific tools.

Gallopsled logo

pwntools

12,016

CTF framework and exploit development library

Pros of pwntools

  • Comprehensive Python library specifically designed for exploit development and CTF challenges
  • Extensive documentation and active community support
  • Seamless integration with other Python libraries and tools

Cons of pwntools

  • Steeper learning curve for beginners compared to ctf-tools
  • Focused primarily on binary exploitation, may not cover all CTF categories

Code Comparison

pwntools:

from pwn import *

r = remote('example.com', 1337)
r.sendline(b'Hello, World!')
response = r.recvline()
log.info(f'Received: {response.decode()}')

ctf-tools:

# No direct code comparison available
# ctf-tools is a collection of installation scripts
./ctf-tools/bin/manage-tools install pwntools

Summary

pwntools is a powerful Python library for exploit development and CTF challenges, offering comprehensive features and extensive documentation. However, it has a steeper learning curve and focuses primarily on binary exploitation. ctf-tools, on the other hand, is a collection of installation scripts for various CTF tools, including pwntools, providing a broader range of utilities but lacking the direct coding capabilities of pwntools.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

ctf-tools

Build Status IRC

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.

Installers for the following tools are included:

CategorySourceToolDescription
binaryDirectoryaflState-of-the-art fuzzer.
binaryDirectoryangrNext-generation binary analysis engine from Shellphish.
binaryDirectorybarfBinary Analysis and Reverse-engineering Framework.
binaryDirectorybindeadA static analysis tool for binaries.
binaryLibrarycapstoneMulti-architecture disassembly framework.
binaryDirectorychecksecCheck binary hardening settings.
binaryDirectorycodereasonSemantic Binary Code Analysis Framework.
binaryDirectorycrosstool-ngCross-compilers and cross-architecture tools.
binaryDirectorycross2A set of cross-compilation tools from a Japanese book on C.
binaryDirectoryelfkickersA set of utilities for working with ELF files.
binaryDirectoryelfparserQuickly determine the capabilities of an ELF binary through static analysis.
binaryDirectoryevilizeTool to create MD5 colliding binaries
binaryDirectorygdbUp-to-date gdb with python2 bindings.
binaryDirectorygdb-heapgdb extension for debugging heap issues.
binaryDirectorygefEnhanced environment for gdb.
binaryDirectoryhongfuzzA general-purpose, easy-to-use fuzzer with interesting analysis options.
binaryLibrarykeystoneLightweight multi-architecture assembler framework.
binaryDirectorylibheapgdb python library for examining the glibc heap (ptmalloc)
binaryLibraryliefLibrary to Instrument Executable Formats.
binaryDirectorymiasmReverse engineering framework in Python.
binaryDirectoryone_gadgetMagic gadget search for libc.
binaryDirectorypandaPlatform for Architecture-Neutral Dynamic Analysis.
binaryDirectorypathgrindPath-based, symbolically-assisted fuzzer.
binaryDirectorypedaEnhanced environment for gdb.
binaryDirectorypreenyA collection of helpful preloads (compiled for many architectures!).
binaryDirectorypwndbgEnhanced environment for gdb. Especially for pwning.
binaryDirectorypwntoolsUseful CTF utilities.
binaryDirectorypython-pinPython bindings for pin.
binaryDirectoryqemuLatest version of qemu!
binaryDirectoryqiraParallel, timeless debugger.
binaryDirectoryradare2Some crazy thing crowell likes.
binaryDirectoryrappelA linux-based assembly REPL.
binaryDirectoryropperAnother gadget finder.
binaryDirectoryrp++Another gadget finder.
binaryDirectoryrrRecord and Replay Debugging Framework
binaryDirectoryscratchabitEasily retargetable and hackable interactive disassembler
binaryDirectoryscratchablockYet another crippled decompiler project
binaryDirectoryseccomp-toolsProvides powerful tools for seccomp analysis
binaryDirectoryshellnoobShellcode writing helper.
binaryDirectoryshellsploitShellcode development kit.
binaryDirectorysnowmanCross-architecture decompiler.
binaryDirectorytaintgrindA valgrind taint analysis tool.
binaryLibraryunicornMulti-architecture CPU emulator framework.
binaryDirectoryvalgrindA Dynamic Binary Instrumentation framework with some built-in tools.
binaryDirectoryvillocVisualization of heap operations.
binaryDirectoryvirtualsocketA nice library to interact with binaries.
binaryDirectorywccThe Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
binaryDirectoryxropGadget finder.
binaryDirectorymanticoreManticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
forensicsDirectorybinwalkFirmware (and arbitrary file) analysis tool.
forensicsDirectorydislockerTool for reading Bitlocker encrypted partitions.
forensicsDirectoryexetractorUnpacker for packed Python executables. Supports PyInstaller and py2exe.
forensicsDirectoryfirmware-mod-kitTools for firmware packing/unpacking.
forensicsaptforemostFile carver.
forensicsDirectorypdf-parserTool for digging in PDF files
forensicsDirectorypeepdfPowerful Python tool to analyze PDF documents.
forensicsDirectoryscrdecA decoder for encoded Windows Scripts.
forensicsDirectorytestdiskTestdisk and photorec for file recovery.
cryptoLibrarycodextPython codecs extension featuring CLI tools for encoding/decoding anything including AI-based guessing mode.
cryptoDirectorycribdragInteractive crib dragging tool (for crypto).
cryptoDirectoryfastcollAn md5sum collision generator.
cryptoDirectoryforesightA tool for predicting the output of random number generators. To run, launch "foresee".
cryptoDirectoryfeatherdusterAn automated, modular cryptanalysis tool.
cryptoDirectorygaloisA fast galois field arithmetic library/toolkit.
cryptoDirectoryhashkillHash cracker.
cryptoDirectoryhashpumpA tool for performing hash length extension attaacks.
cryptoDirectoryhashpump-partialhashHashpump, supporting partially-unknown hashes.
cryptoDirectoryhash-identifierSimple hash algorithm identifier.
cryptoDirectorylibc-databaseBuild a database of libc offsets to simplify exploitation.
cryptoDirectorylittleblackboxDatabase of private SSL/SSH keys for embedded devices.
cryptoDirectorymsieveMsieve is a C library implementing a suite of algorithms to factor large integers.
cryptoDirectorynonce-disrespectNonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.
cryptoDirectorypemcrackSSL PEM file cracker.
cryptoDirectorypkcrackPkZip encryption cracker.
cryptoDirectorypython-paddingoraclePadding oracle attack automation.
cryptoDirectoryrevengCRC finder.
cryptoDirectoryssh_decoderA tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash.
cryptoDirectorysslsplitSSL/TLS MITM.
cryptoDirectoryxortoolXOR analysis tool.
cryptoDirectoryyafuAutomated integer factorization.
webDirectoryburpsuiteWeb proxy to do naughty web stuff.
webDirectorycommixCommand injection and exploitation tool.
webDirectorydirbWeb path scanner.
webDirectorydirsearchWeb path scanner.
webDirectorymitmproxyCLI Web proxy and python library.
webDirectorysqlmapSQL injection automation engine.
webDirectorysubbruteA DNS meta-query spider that enumerates DNS records, and subdomains.
webLibrarywebgrepgrep for Web pages, with JS deobfuscation, CSS unminifying and OCR on images.
stegoaptpngtoolsPNG's analysis tool.
stegoDirectorysound-visualizerAudio file visualization.
stegoDirectorysteganabaraAnother image stenography solver.
stegoDirectorystegano-toolsA collection of text and image steganography tools (incl LSB, PVD, PIT).
stegoDirectorystegdetectStenography detection/breaking tool.
stegoDockerstego-toolkitA docker image with dozens of steg tools.
stegoDirectorystegsolveImage stenography solver.
stegoDirectorystegosaurusA steganography tool for embedding arbitrary payloads in Python bytecode (pyc or pyo) files.
stegoDirectoryzstegdetect stegano-hidden data in PNG & BMP.
dsniffaptdsniffGrabs passwords and other data from pcaps/network streams.
androidDirectoryapktoolDissect, dis-assemble, and re-pack Android APKs
androidDirectoryandroid-sdkThe android SDK (adb, emulator, etc).
miscDirectoryxspyTiny tool to spy on X sessions.
miscDirectoryz3Theorem prover from Microsoft Research.
miscDirectoryjdguiJava decompiler.
miscDirectoryvelesBinary data analysis and visualization tool.
miscDirectoryyoutube-dlLatest version of the popular youtube downloader.

There are also some installers for non-CTF stuff to break the monotony!

CategoryToolDescription
C magicC-bindA library used to enable function binding in C!
gameDwarf FortressSomething to help you relax after a CTF!
pyvmmonitorpyvmmonitorPyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program.
library collectionsingle_file_libsA large collection of useful single file include libraries written for C/C++
dolphinsudolphinIf your friend ever leaves their laptop unlocked, curl -sSL sh.sudolph.in | sh then wait and see!
tor-browsertor-browserUseful when you need to hit a web challenge from different IPs.

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

# list the available tools
manage-tools list

# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb

# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools

# install qemu, but use "nice" to avoid degrading performance during compilation
manage-tools -n install qemu

# uninstall gdb
manage-tools uninstall gdb

# uninstall all tools
manage-tools uninstall all

# search for a tool
manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the pip package manager if possible. A ctftools virtualenv is created during the manage-tools setup command and can be accessed using the command workon ctftools.

Help!

Something not working? I didn't write (almost) any of these tools, but hit up #ctf-tools on freenode if you're desperate. Maybe some kind soul will help!

Docker (version 1.7+)

By popular demand, a Dockerfile has been included. You can build a docker image with:

git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools .

And run it with:

docker run -it ctf-tools

The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).

Alternatively, you can also pull ctf-tools (with some tools preinstalled) from dockerhub:

docker run -it zardus/ctf-tools

Vagrant

You can build a Vagrant VM with:

wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant plugin install vagrant-vbguest
vagrant up

And connect to it via:

vagrant ssh

Kali Linux

Kali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. AFL and Panda comes to mind, in fact any tool that uses QEMU 2.30 will probably fail during compilation under Kali. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali's tools being broken, or running another distribution separately such as Ubuntu.

Most tools aren't affected though.

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Create a toolname directory.
  2. Create an install script.
  3. (optional) if special uninstall steps are required, create an uninstall script.

Install Scripts

The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible. Ideally, full uninstallation should be possible with a git clean.

The install script should create a bin directory and put its executables there. These executables will be automatically linked into the main bin directory for the repo. They could be launched from any directory, so don't make assumptions about the location of $0!

License

The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).

Good luck!

See Also

There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/aWEsoMe-cTf.

There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.