Convert Figma logo to code with AI

zardus logoctf-tools

Some setup scripts for security research tools.

8,642
1,902
8,642
26
View on GitHub

Top Related Projects

CTFd's avatar

CTFd

5,816

CTFs as you need them

apsdehal's avatar

awesome-ctf

10,011

A curated list of CTF frameworks, libraries, resources and softwares

Gallopsled's avatar

pwntools

12,294

CTF framework and exploit development library

Quick Overview

CTF-tools is a collection of security-related utilities for Capture The Flag (CTF) competitions. It provides a curated set of tools commonly used in CTFs, along with installation scripts and management features. This repository aims to simplify the process of setting up and maintaining a CTF toolset.

Pros

  • Comprehensive collection of popular CTF tools
  • Easy installation and management of tools
  • Supports multiple operating systems (Linux, macOS)
  • Regular updates and community contributions

Cons

  • Some tools may be outdated or no longer maintained
  • Installation process can be time-consuming for all tools
  • Potential conflicts with existing system packages
  • Limited documentation for individual tools

Getting Started

To get started with ctf-tools, follow these steps:

# Clone the repository
git clone https://github.com/zardus/ctf-tools.git
cd ctf-tools

# Install a tool (e.g., pwntools)
./ctf-tools-pip install pwntools

# List all available tools
./ctf-tools-pip list

# Update all installed tools
./ctf-tools-pip update

# Remove a tool
./ctf-tools-pip uninstall <tool-name>

Note: Make sure you have the necessary dependencies installed on your system before using ctf-tools. Refer to the repository's README for more detailed instructions and system-specific requirements.

Competitor Comparisons

CTFd logo

CTFd

5,816

CTFs as you need them

Pros of CTFd

  • Complete CTF platform with web interface for hosting competitions
  • Actively maintained with regular updates and a large community
  • Scalable and customizable with plugin support

Cons of CTFd

  • Focused on hosting CTFs rather than providing individual tools
  • Steeper learning curve for setup and configuration
  • Requires more resources to run compared to standalone tools

Code Comparison

CTFd (Python):

@challenges.route('/challenges', methods=['GET'])
@during_ctf_time_only
@require_verified_emails
def challenges_view():
    infos = get_infos()
    errors = get_errors()
    return render_template('challenges.html', infos=infos, errors=errors)

ctf-tools (Bash):

#!/bin/bash
set -eu -o pipefail

if [[ $# -lt 1 ]]; then
    echo "Usage: $0 <tool>"
    exit 1
fi

CTFd is a full-featured CTF platform written in Python, while ctf-tools is a collection of scripts to install and manage individual CTF tools. CTFd provides a web interface and comprehensive competition management, whereas ctf-tools focuses on tool installation and management for CTF participants.

apsdehal logo

awesome-ctf

10,011

A curated list of CTF frameworks, libraries, resources and softwares

Pros of awesome-ctf

  • More comprehensive list of CTF resources, including tools, websites, and learning materials
  • Better organized into categories, making it easier to find specific types of tools
  • Regularly updated with new resources and community contributions

Cons of awesome-ctf

  • Lacks installation scripts or automated setup for tools
  • Doesn't provide version information or compatibility details for listed tools
  • Less focus on practical tool usage and more on resource aggregation

Code comparison

awesome-ctf:

## Forensics

*Tools used for solving Forensics challenges*

- [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys
- [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever)

ctf-tools:

#!/bin/bash -e

git clone https://github.com/devttys0/binwalk.git
cd binwalk
sudo python setup.py install
sudo apt-get install squashfs-tools

The code snippets highlight the difference in approach: awesome-ctf provides a curated list of tools with brief descriptions, while ctf-tools focuses on installation scripts for specific tools.

Gallopsled logo

pwntools

12,294

CTF framework and exploit development library

Pros of pwntools

  • Comprehensive Python library specifically designed for exploit development and CTF challenges
  • Extensive documentation and active community support
  • Seamless integration with other Python libraries and tools

Cons of pwntools

  • Steeper learning curve for beginners compared to ctf-tools
  • Focused primarily on binary exploitation, may not cover all CTF categories

Code Comparison

pwntools:

from pwn import *

r = remote('example.com', 1337)
r.sendline(b'Hello, World!')
response = r.recvline()
log.info(f'Received: {response.decode()}')

ctf-tools:

# No direct code comparison available
# ctf-tools is a collection of installation scripts
./ctf-tools/bin/manage-tools install pwntools

Summary

pwntools is a powerful Python library for exploit development and CTF challenges, offering comprehensive features and extensive documentation. However, it has a steeper learning curve and focuses primarily on binary exploitation. ctf-tools, on the other hand, is a collection of installation scripts for various CTF tools, including pwntools, providing a broader range of utilities but lacking the direct coding capabilities of pwntools.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

ctf-tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked every once in a while, so things should hopefully have a decent chance of working!

Installers for the following tools are included:

CategoryToolDescription
binaryangrLast Build Next-generation binary analysis engine from Shellphish.
binaryangr-managementLast Build A GUI reverse engineering and decompilation tool.
binarybeefLast Build Browser exploitation framework.
binarycrosstoolLast Build Cross-compilers and cross-architecture tools.
binarycross2Last Build A set of cross-compilation tools from a Japanese book on C.
binarydecomp2dbgLast Build A plugin to introduce interactive symbols into your debugger from your decompiler.
binaryelfkickersLast Build A set of utilities for working with ELF files.
binaryelfparserLast Build Multiplatform CLI and GUI tool to show information about ELF files.
binaryevilizeLast Build Tool to create MD5 colliding binaries
binarygdbLast Build Up-to-date gdb with python2 bindings.
binarygefLast Build Enhanced environment for gdb.
binaryghidraLast Build Open-source reverse engineering and decompilation tool.
binaryhonggfuzzLast Build A general-purpose, easy-to-use fuzzer with interesting analysis options.
binaryidaDecompilation and reversing tool (requires you to download it to ~/Downloads on your own!).
binarymanticoreLast Build Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
binaryone_gadgetLast Build Magic gadget search for libc.
binarypreenyLast Build A collection of helpful preloads (compiled for many architectures!).
binarypwninitLast Build Script to automate starting pwning challenges.
binarypwndbgLast Build Enhanced environment for gdb. Especially for pwning.
binarypwnshLast Build Useful shell scripts for assembly, exploitation, etc.
binarypwntoolsLast Build Useful CTF utilities.
binaryqemuLast Build Latest version of qemu!
binaryqilingLast Build A dynamic binary instrumentation framework.
binaryqiraLast Build Parallel, timeless debugger.
binaryrappelLast Build A linux-based assembly REPL.
binaryropperLast Build Another gadget finder.
binaryrp++Last Build Another gadget finder.
binaryseccomp-toolsLast Build Provides powerful tools for seccomp analysis
binaryshellnoobLast Build Shellcode writing helper.
binarytaintgrindLast Build A valgrind taint analysis tool.
binaryvalgrindLast Build A Dynamic Binary Instrumentation framework with some built-in tools.
binaryvillocLast Build Visualization of heap operations.
binaryxropLast Build Gadget finder.
forensicsfirmware-mod-kitLast Build Tools for firmware packing/unpacking.
forensicspdf-parserLast Build Tool for digging in PDF files
forensicspeepdfLast Build Powerful Python tool to analyze PDF documents.
forensicsscrdec18Last Build A decoder for encoded Windows Scripts.
forensicsvolatilityLast Build Analyzer for system memory dumps (classic python2 version; requires python2 tool).
forensicsvolatility3Last Build Analyzer for system memory dumps (latest version).
cryptocodextLast Build Python codecs extension featuring CLI tools for encoding/decoding anything including AI-based guessing mode.
cryptocribdragLast Build Interactive crib dragging tool (for crypto).
cryptofastcollLast Build An md5sum collision generator.
cryptoforesightLast Build A tool for predicting the output of random number generators. To run, launch "foresee".
cryptofeatherdusterLast Build An automated, modular cryptanalysis tool. WARNING: needs python2 (which can be installed with ctf-tools).
cryptogaloisLast Build A fast galois field arithmetic library/toolkit.
cryptohashpump-partialhashLast Build Hashpump, supporting partially-unknown hashes.
cryptohash-identifierLast Build Simple hash algorithm identifier.
cryptolibc-databaseLast Build Build a database of libc offsets to simplify exploitation.
cryptomsieveLast Build Msieve is a C library implementing a suite of algorithms to factor large integers.
cryptononce-disrespectLast Build Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.
cryptopemcrackLast Build SSL PEM file cracker.
cryptopkcrackLast Build PkZip encryption cracker.
cryptorevengLast Build CRC finder.
cryptorsactftoolLast Build RSA attack tool.
cryptossh_decoderLast Build A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash.
cryptosslsplitLast Build SSL/TLS MITM.
cryptoxortoolLast Build XOR analysis tool.
cryptoyafuLast Build Automated integer factorization.
webburpsuiteLast Build Web proxy to do naughty web stuff.
webcommixLast Build Command injection and exploitation tool.
webmitmproxyLast Build CLI Web proxy and python library.
websubbruteLast Build A DNS meta-query spider that enumerates DNS records, and subdomains.
webwebgrepLast Build grep for Web pages, with JS deobfuscation, CSS unminifying and OCR on images.
stegosteganabaraLast Build Another image stenography solver.
stegostegano-toolsLast Build A collection of text and image steganography tools (incl LSB, PVD, PIT).
stegostegdetectLast Build Stenography detection/breaking tool.
stegostegsolveLast Build Image stenography solver.
stegostegosaurusLast Build A steganography tool for embedding arbitrary payloads in Python bytecode (pyc or pyo) files.
stegozstegLast Build detect stegano-hidden data in PNG & BMP.
miscjdguiLast Build Java decompiler.
miscpython2Last Build For when you really need it...
miscsocial-analyzerLast Build Social media reconnaisance tool...
miscvelesLast Build Binary data analysis and visualization tool.
miscxspyLast Build Tiny tool to spy on X sessions.

There are also some installers for non-CTF stuff to break the monotony!

CategoryToolDescription
gamedfLast Build Dwarf Fortress! Something to help you relax after a CTF!
webtor-browserLast Build Useful when you need to hit a web challenge from different IPs.

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

# list the available tools
manage-tools list

# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb

# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools

# install qemu, but use "nice" to avoid degrading performance during compilation
manage-tools -n install qemu

# uninstall gdb
manage-tools uninstall gdb

# uninstall all tools
manage-tools uninstall all

# search for a tool
manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall).

Python and Ruby tools are installed in a tool-specific virtual environment. If you want to add other packages to this environment, look under the ctf-tools/TOOL/pipx or ctf-tools/TOOL/gems directories.

Help!

Something not working? I didn't write (almost) any of these tools, but hit up the discord if you're desperate. Maybe some kind soul will help!

Dockerized Tools

Prebuilt Tool Containers

You can get most of these tools in prebuilt containers from https://hub.docker.com/r/ctftools. For example:

$ echo hi | docker run -i ctftools/taintgrind taintgrind --taint-stdin=yes /bin/cat
/home/ctf/tools/taintgrind/valgrind-3.21.0/build/bin/valgrind --tool=taintgrind --taint-stdin=yes /bin/cat
==8== Taintgrind, the taint analysis tool
==8== Copyright (C) 2010-2018, and GNU GPL'd, by Wei Ming Khoo.
==8== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info
==8== Command: /bin/cat
==8==
0xFFFFFFFF: _syscall_read | Read:3 | 0x0 | 4a5a000_unknownobj
hi
==8==

Building Your Own

You can build a docker image with:

git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools --build-arg PREINSTALLED=some-tool .

And run it with:

docker run -it ctf-tools

The built image will have ctf-tools cloned and ready to go and your tool installed.

Kali Linux

Kali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali's tools being broken, use docker, or running another distribution separately such as Ubuntu.

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Create a toolname directory.
  2. Create an install script.
  3. Add it to the readme.
  4. (optional) if special uninstall steps are required, create an uninstall script.

Install Scripts

The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible. Ideally, full uninstallation should be possible with a git clean.

The install script should create a bin directory and put its executables there. These executables will be automatically linked into the main bin directory for the repo. They could be launched from any directory, so don't make assumptions about the location of $0!

License

The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).

Good luck!

See Also

There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/aWEsoMe-cTf.

There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.

Useful CTF tools in apt repos

As tools get officially packaged, we switch to just suggesting that you apt install them!

CategorySourceToolDescription
binaryaptaflplusplusState-of-the-art fuzzer.
binaryaptchecksecCheck binary hardening settings.
binaryaptradare2Some crazy thing crowell likes.
binaryaptrrRecord and Replay Debugging Framework
binaryaptwccThe Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
forensicsaptbinwalkFirmware (and arbitrary file) analysis tool.
forensicsaptforemostFile carver.
forensicsaptdislockerTool for reading Bitlocker encrypted partitions.
forensicsaptorigami-pdfPDF manipulator.
forensicsapttestdiskTestdisk and photorec for file recovery.
webaptdirbWeb path scanner.
webaptdirsearchWeb path scanner.
webaptsqlmapSQL injection automation engine.
stegoaptpngtoolsPNG's analysis tool.
stegoaptsonic-visualizerAudio file visualization.
networkingaptdsniffGrabs passwords and other data from pcaps/network streams.
networkingaptbettercapNetwork shenanigans swiss army knife.
miscaptz3Theorem prover from Microsoft Research.

Useful CTF tools in docker images

Previously, this repository included some scripts that were wrappers around docker pull. We trust that you can do that yourself :-)

CategorySourceToolDescription
binarydockerpandaPlatform for Architecture-Neutral Dynamic Analysis.
stegoDockerstego-toolkitA docker image with dozens of steg tools.

Useful CTF Libraries

Previously, this repository included library installers. Because of how bespoke library install preferences are (e.g., unlike a tool, it's not clear if per-library venvs are a desired thing), we've stopped shipping them, and link them here for posterity.

CategorySourceToolDescription
binaryLibrarycapstoneMulti-architecture disassembly framework.
binaryLibrarykeystoneLightweight multi-architecture assembler framework.
binaryLibraryliefLibrary to Instrument Executable Formats.
binaryLibrarymiasmReverse engineering framework in Python.
binaryLibraryunicornMulti-architecture CPU emulator framework.
binaryLibraryvirtualsocketA nice library to interact with binaries.
cryptoLibrarycryptanalib3The surviving core of featherduster cryptanalysis tool, updated for python3.
cryptoLibrarypython-paddingoraclePadding oracle attack automation.