[ { "path": ".gitignore", "content": "node_modules\n" }, { "path": ".travis.yml", "content": "language: node_js\nnode_js:\n - \"0.10\"" }, { "path": "CONTRIBUTING.md", "content": "# Contribution Guidelines\n\n- **To add to the list:** Submit a pull request\n- **To remove from the list:** Open an issue\n\n- List items should be sorted *alphabetically*.\n- Each item should be limited to one link\n- The link should be the name of the package or project\n- Direct installation commands should follow on the next line, indented by 2 spaces and enclosed in \\`\\`\n- Descriptions should be clear, concise, and non-promotional\n- Descriptions should follow the link, on the same line\n- Run `npm install` and then `npm test` to verify everything is correct according to guidelines\n\n## Quality standard\n\nTo stay on the list, package repositories should adhere to these quality standards:\n\n- Generally useful to the community\n- Functional\n- Stable\n\n\n## Reporting issues\n\nPlease open an issue if you find anything that could be improved or have suggestions for making the list a more valuable resource. Thanks!\n" }, { "path": "LICENSE", "content": "CC0 1.0 Universal\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer\nexclusive Copyright and Related Rights (defined below) upon the creator and\nsubsequent owner(s) (each and all, an \"owner\") of an original work of\nauthorship and/or a database (each, a \"Work\").\n\nCertain owners wish to permanently relinquish those rights to a Work for the\npurpose of contributing to a commons of creative, cultural and scientific\nworks (\"Commons\") that the public can reliably and without fear of later\nclaims of infringement build upon, modify, incorporate in other works, reuse\nand redistribute as freely as possible in any form whatsoever and for any\npurposes, including without limitation commercial purposes. These owners may\ncontribute to the Commons to promote the ideal of a free culture and the\nfurther production of creative, cultural and scientific works, or to gain\nreputation or greater distribution for their Work in part through the use and\nefforts of others.\n\nFor these and/or other purposes and motivations, and without any expectation\nof additional consideration or compensation, the person associating CC0 with a\nWork (the \"Affirmer\"), to the extent that he or she is an owner of Copyright\nand Related Rights in the Work, voluntarily elects to apply CC0 to the Work\nand publicly distribute the Work under its terms, with knowledge of his or her\nCopyright and Related Rights in the Work and the meaning and intended legal\neffect of CC0 on those rights.\n\n1. Copyright and Related Rights. A Work made available under CC0 may be\nprotected by copyright and related or neighboring rights (\"Copyright and\nRelated Rights\"). Copyright and Related Rights include, but are not limited\nto, the following:\n\n i. the right to reproduce, adapt, distribute, perform, display, communicate,\n and translate a Work;\n\n ii. moral rights retained by the original author(s) and/or performer(s);\n\n iii. publicity and privacy rights pertaining to a person's image or likeness\n depicted in a Work;\n\n iv. rights protecting against unfair competition in regards to a Work,\n subject to the limitations in paragraph 4(a), below;\n\n v. rights protecting the extraction, dissemination, use and reuse of data in\n a Work;\n\n vi. database rights (such as those arising under Directive 96/9/EC of the\n European Parliament and of the Council of 11 March 1996 on the legal\n protection of databases, and under any national implementation thereof,\n including any amended or successor version of such directive); and\n\n vii. other similar, equivalent or corresponding rights throughout the world\n based on applicable law or treaty, and any national implementations thereof.\n\n2. Waiver. To the greatest extent permitted by, but not in contravention of,\napplicable law, Affirmer hereby overtly, fully, permanently, irrevocably and\nunconditionally waives, abandons, and surrenders all of Affirmer's Copyright\nand Related Rights and associated claims and causes of action, whether now\nknown or unknown (including existing as well as future claims and causes of\naction), in the Work (i) in all territories worldwide, (ii) for the maximum\nduration provided by applicable law or treaty (including future time\nextensions), (iii) in any current or future medium and for any number of\ncopies, and (iv) for any purpose whatsoever, including without limitation\ncommercial, advertising or promotional purposes (the \"Waiver\"). Affirmer makes\nthe Waiver for the benefit of each member of the public at large and to the\ndetriment of Affirmer's heirs and successors, fully intending that such Waiver\nshall not be subject to revocation, rescission, cancellation, termination, or\nany other legal or equitable action to disrupt the quiet enjoyment of the Work\nby the public as contemplated by Affirmer's express Statement of Purpose.\n\n3. Public License Fallback. Should any part of the Waiver for any reason be\njudged legally invalid or ineffective under applicable law, then the Waiver\nshall be preserved to the maximum extent permitted taking into account\nAffirmer's express Statement of Purpose. In addition, to the extent the Waiver\nis so judged Affirmer hereby grants to each affected person a royalty-free,\nnon transferable, non sublicensable, non exclusive, irrevocable and\nunconditional license to exercise Affirmer's Copyright and Related Rights in\nthe Work (i) in all territories worldwide, (ii) for the maximum duration\nprovided by applicable law or treaty (including future time extensions), (iii)\nin any current or future medium and for any number of copies, and (iv) for any\npurpose whatsoever, including without limitation commercial, advertising or\npromotional purposes (the \"License\"). The License shall be deemed effective as\nof the date CC0 was applied by Affirmer to the Work. Should any part of the\nLicense for any reason be judged legally invalid or ineffective under\napplicable law, such partial invalidity or ineffectiveness shall not\ninvalidate the remainder of the License, and in such case Affirmer hereby\naffirms that he or she will not (i) exercise any of his or her remaining\nCopyright and Related Rights in the Work or (ii) assert any associated claims\nand causes of action with respect to the Work, in either case contrary to\nAffirmer's express Statement of Purpose.\n\n4. Limitations and Disclaimers.\n\n a. No trademark or patent rights held by Affirmer are waived, abandoned,\n surrendered, licensed or otherwise affected by this document.\n\n b. Affirmer offers the Work as-is and makes no representations or warranties\n of any kind concerning the Work, express, implied, statutory or otherwise,\n including without limitation warranties of title, merchantability, fitness\n for a particular purpose, non infringement, or the absence of latent or\n other defects, accuracy, or the present or absence of errors, whether or not\n discoverable, all to the greatest extent permissible under applicable law.\n\n c. Affirmer disclaims responsibility for clearing rights of other persons\n that may apply to the Work or any use thereof, including without limitation\n any person's Copyright and Related Rights in the Work. Further, Affirmer\n disclaims responsibility for obtaining any necessary consents, permissions\n or other rights required for any use of the Work.\n\n d. Affirmer understands and acknowledges that Creative Commons is not a\n party to this document and has no duty or obligation with respect to this\n CC0 or use of the Work.\n\nFor more information, please see\n\n" }, { "path": "README.md", "content": "# Awesome CTF [![Build Status](https://travis-ci.org/apsdehal/awesome-ctf.svg?branch=master)](https://travis-ci.org/apsdehal/awesome-ctf) [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\nA curated list of [Capture The Flag](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security) (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.\n\n### Contributing\n\nPlease take a quick look at the [contribution guidelines](https://github.com/apsdehal/ctf-tools/blob/master/CONTRIBUTING.md) first.\n\n#### _If you know a tool that isn't present here, feel free to open a pull request._\n\n### Why?\n\nIt takes time to build up collection of tools used in CTF and remember them all. This repo helps to keep all these scattered tools at one place.\n\n### Contents\n\n- [Awesome CTF](#awesome-ctf)\n - [Create](#create)\n - [Forensics](#forensics)\n - [Platforms](#platforms)\n - [Steganography](#steganography)\n - [Web](#web)\n - [Solve](#solve)\n - [Attacks](#attacks)\n - [Bruteforcers](#bruteforcers)\n - [Cryptography](#crypto)\n - [Exploits](#exploits)\n - [Forensics](#forensics-1)\n - [Networking](#networking)\n - [Reversing](#reversing)\n - [Services](#services)\n - [Steganography](#steganography-1)\n - [Web](#web-1)\n\n- [Resources](#resources)\n - [Operating Systems](#operating-systems)\n - [Starter Packs](#starter-packs)\n - [Tutorials](#tutorials)\n - [Wargames](#wargames)\n - [Websites](#websites)\n - [Wikis](#wikis)\n - [Writeups Collections](#writeups-collections)\n\n\n# Create\n\n*Tools used for creating CTF challenges*\n\n- [Kali Linux CTF Blueprints](https://www.packtpub.com/eu/networking-and-servers/kali-linux-ctf-blueprints) - Online book on building, testing, and customizing your own Capture the Flag challenges.\n\n\n## Forensics\n\n*Tools used for creating Forensics challenges*\n\n- [Dnscat2](https://github.com/iagox86/dnscat2) - Hosts communication through DNS.\n- [Kroll Artifact Parser and Extractor (KAPE)](https://learn.duffandphelps.com/kape) - Triage program.\n- [Magnet AXIOM](https://www.magnetforensics.com/downloadaxiom) - Artifact-centric DFIR tool.\n- [Registry Dumper](http://www.kahusecurity.com/posts/registry_dumper_find_and_dump_hidden_registry_keys.html) - Dump your registry.\n\n## Platforms\n\n*Projects that can be used to host a CTF*\n\n- [CTFd](https://github.com/isislab/CTFd) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.\n- [echoCTF.RED](https://github.com/echoCTF/echoCTF.RED) - Develop, deploy and maintain your own CTF infrastructure.\n- [FBCTF](https://github.com/facebook/fbctf) - Platform to host Capture the Flag competitions from Facebook.\n- [Haaukins](https://github.com/aau-network-security/haaukins)- A Highly Accessible and Automated Virtualization Platform for Security Education.\n- [HackTheArch](https://github.com/mcpa-stlouis/hack-the-arch) - CTF scoring platform.\n- [Mellivora](https://github.com/Nakiami/mellivora) - A CTF engine written in PHP.\n- [MotherFucking-CTF](https://github.com/andreafioraldi/motherfucking-ctf) - Badass lightweight plaform to host CTFs. No JS involved.\n- [NightShade](https://github.com/UnrealAkama/NightShade) - A simple security CTF framework.\n- [OpenCTF](https://github.com/easyctf/openctf) - CTF in a box. Minimal setup required.\n- [PicoCTF](https://github.com/picoCTF/picoCTF) - The platform used to run picoCTF. A great framework to host any CTF.\n- [PyChallFactory](https://github.com/pdautry/py_chall_factory) - Small framework to create/manage/package jeopardy CTF challenges.\n- [RootTheBox](https://github.com/moloch--/RootTheBox) - A Game of Hackers (CTF Scoreboard & Game Manager).\n- [Scorebot](https://github.com/legitbs/scorebot) - Platform for CTFs by Legitbs (Defcon).\n- [SecGen](https://github.com/cliffe/SecGen) - Security Scenario Generator. Creates randomly vulnerable virtual machines.\n\n## Steganography\n\n*Tools used to create stego challenges*\n\nCheck solve section for steganography.\n\n## Web\n\n*Tools used for creating Web challenges*\n\n*JavaScript Obfustcators*\n\n- [Metasploit JavaScript Obfuscator](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit)\n- [Uglify](https://github.com/mishoo/UglifyJS)\n\n\n# Solve\n\n*Tools used for solving CTF challenges*\n\n## Attacks\n\n*Tools used for performing various kinds of attacks*\n\n- [Bettercap](https://github.com/bettercap/bettercap) - Framework to perform MITM (Man in the Middle) attacks.\n- [Yersinia](https://github.com/tomac/yersinia) - Attack various protocols on layer 2.\n\n## Crypto\n\n*Tools used for solving Crypto challenges*\n\n- [CyberChef](https://gchq.github.io/CyberChef) - Web app for analysing and decoding data.\n- [FeatherDuster](https://github.com/nccgroup/featherduster) - An automated, modular cryptanalysis tool.\n- [Hash Extender](https://github.com/iagox86/hash_extender) - A utility tool for performing hash length extension attacks.\n- [padding-oracle-attacker](https://github.com/KishanBagaria/padding-oracle-attacker) - A CLI tool to execute padding oracle attacks.\n- [PkCrack](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html) - A tool for Breaking PkZip-encryption.\n- [QuipQuip](https://quipqiup.com) - An online tool for breaking substitution ciphers or vigenere ciphers (without key).\n- [RSACTFTool](https://github.com/Ganapati/RsaCtfTool) - A tool for recovering RSA private key with various attack.\n- [RSATool](https://github.com/ius/rsatool) - Generate private key with knowledge of p and q.\n- [XORTool](https://github.com/hellman/xortool) - A tool to analyze multi-byte xor cipher.\n\n## Bruteforcers\n\n*Tools used for various kind of bruteforcing (passwords etc.)*\n\n- [Hashcat](https://hashcat.net/hashcat/) - Password Cracker\n- [Hydra](https://tools.kali.org/password-attacks/hydra) - A parallelized login cracker which supports numerous protocols to attack\n- [John The Jumbo](https://github.com/magnumripper/JohnTheRipper) - Community enhanced version of John the Ripper.\n- [John The Ripper](http://www.openwall.com/john/) - Password Cracker.\n- [Nozzlr](https://github.com/intrd/nozzlr) - Nozzlr is a bruteforce framework, trully modular and script-friendly.\n- [Ophcrack](http://ophcrack.sourceforge.net/) - Windows password cracker based on rainbow tables.\n- [Patator](https://github.com/lanjelot/patator) - Patator is a multi-purpose brute-forcer, with a modular design.\n- [Turbo Intruder](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack) - Burp Suite extension for sending large numbers of HTTP requests \n\n## Exploits\n\n*Tools used for solving Exploits challenges*\n\n- [DLLInjector](https://github.com/OpenSecurityResearch/dllinjector) - Inject dlls in processes.\n- [libformatstr](https://github.com/hellman/libformatstr) - Simplify format string exploitation.\n- [Metasploit](http://www.metasploit.com/) - Penetration testing software.\n - [Cheatsheet](https://www.comparitech.com/net-admin/metasploit-cheat-sheet/)\n- [one_gadget](https://github.com/david942j/one_gadget) - A tool to find the one gadget `execve('/bin/sh', NULL, NULL)` call.\n - `gem install one_gadget`\n- [Pwntools](https://github.com/Gallopsled/pwntools) - CTF Framework for writing exploits.\n- [Qira](https://github.com/BinaryAnalysisPlatform/qira) - QEMU Interactive Runtime Analyser.\n- [ROP Gadget](https://github.com/JonathanSalwan/ROPgadget) - Framework for ROP exploitation.\n- [V0lt](https://github.com/P1kachu/v0lt) - Security CTF Toolkit.\n\n## Forensics\n\n*Tools used for solving Forensics challenges*\n\n- [Aircrack-Ng](http://www.aircrack-ng.org/) - Crack 802.11 WEP and WPA-PSK keys.\n - `apt-get install aircrack-ng`\n- [Audacity](http://sourceforge.net/projects/audacity/) - Analyze sound files (mp3, m4a, whatever).\n - `apt-get install audacity`\n- [Bkhive and Samdump2](http://sourceforge.net/projects/ophcrack/files/samdump2/) - Dump SYSTEM and SAM files.\n - `apt-get install samdump2 bkhive`\n- [CFF Explorer](http://www.ntcore.com/exsuite.php) - PE Editor.\n- [Creddump](https://github.com/moyix/creddump) - Dump windows credentials.\n- [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rips web accessible (distributed) version control systems.\n- [Exif Tool](http://www.sno.phy.queensu.ca/~phil/exiftool/) - Read, write and edit file metadata.\n- [Extundelete](http://extundelete.sourceforge.net/) - Used for recovering lost data from mountable images.\n- [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.\n- [Foremost](http://foremost.sourceforge.net/) - Extract particular kind of files using headers.\n - `apt-get install foremost`\n- [Fsck.ext4](http://linux.die.net/man/8/fsck.ext3) - Used to fix corrupt filesystems.\n- [Malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool.\n- [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - Network Forensic Analysis Tool.\n- [PDF Streams Inflater](http://malzilla.sourceforge.net/downloads.html) - Find and extract zlib files compressed in PDF files.\n- [Pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html) - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.\n - `apt-get install pngcheck`\n- [ResourcesExtract](http://www.nirsoft.net/utils/resources_extract.html) - Extract various filetypes from exes.\n- [Shellbags](https://github.com/williballenthin/shellbags) - Investigate NT\\_USER.dat files.\n- [Snow](https://sbmlabs.com/notes/snow_whitespace_steganography_tool) - A Whitespace Steganography Tool.\n- [USBRip](https://github.com/snovvcrash/usbrip) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.\n- [Volatility](https://github.com/volatilityfoundation/volatility) - To investigate memory dumps.\n- [Wireshark](https://www.wireshark.org) - Used to analyze pcap or pcapng files\n\n*Registry Viewers*\n- [OfflineRegistryView](https://www.nirsoft.net/utils/offline_registry_view.html) - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.\n- [Registry Viewer®](https://accessdata.com/product-download/registry-viewer-2-0-0) - Used to view Windows registries.\n\n## Networking\n\n*Tools used for solving Networking challenges*\n\n- [Masscan](https://github.com/robertdavidgraham/masscan) - Mass IP port scanner, TCP port scanner.\n- [Monit](https://linoxide.com/monitoring-2/monit-linux/) - A linux tool to check a host on the network (and other non-network activities).\n- [Nipe](https://github.com/GouveaHeitor/nipe) - Nipe is a script to make Tor Network your default gateway.\n- [Nmap](https://nmap.org/) - An open source utility for network discovery and security auditing.\n- [Wireshark](https://www.wireshark.org/) - Analyze the network dumps.\n - `apt-get install wireshark`\n- [Zeek](https://www.zeek.org) - An open-source network security monitor.\n- [Zmap](https://zmap.io/) - An open-source network scanner.\n\n## Reversing\n\n*Tools used for solving Reversing challenges*\n\n- [Androguard](https://github.com/androguard/androguard) - Reverse engineer Android applications.\n- [Angr](https://github.com/angr/angr) - platform-agnostic binary analysis framework.\n- [Apk2Gold](https://github.com/lxdvs/apk2gold) - Yet another Android decompiler.\n- [ApkTool](http://ibotpeaches.github.io/Apktool/) - Android Decompiler.\n- [Barf](https://github.com/programa-stic/barf-project) - Binary Analysis and Reverse engineering Framework.\n- [Binary Ninja](https://binary.ninja/) - Binary analysis framework.\n- [BinUtils](http://www.gnu.org/software/binutils/binutils.html) - Collection of binary tools.\n- [BinWalk](https://github.com/devttys0/binwalk) - Analyze, reverse engineer, and extract firmware images.\n- [Boomerang](https://github.com/BoomerangDecompiler/boomerang) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.\n- [ctf_import](https://github.com/docileninja/ctf_import) – run basic functions from stripped binaries cross platform.\n- [cwe_checker](https://github.com/fkie-cad/cwe_checker) - cwe_checker finds vulnerable patterns in binary executables.\n- [demovfuscator](https://github.com/kirschju/demovfuscator) - A work-in-progress deobfuscator for movfuscated binaries.\n- [Frida](https://github.com/frida/) - Dynamic Code Injection.\n- [GDB](https://www.gnu.org/software/gdb/) - The GNU project debugger.\n- [GEF](https://github.com/hugsy/gef) - GDB plugin.\n- [Ghidra](https://ghidra-sre.org/) - Open Source suite of reverse engineering tools. Similar to IDA Pro.\n- [Hopper](http://www.hopperapp.com/) - Reverse engineering tool (disassembler) for OSX and Linux.\n- [IDA Pro](https://www.hex-rays.com/products/ida/) - Most used Reversing software.\n- [Jadx](https://github.com/skylot/jadx) - Decompile Android files.\n- [Java Decompilers](http://www.javadecompilers.com) - An online decompiler for Java and Android APKs.\n- [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler and disassembler.\n- [Objection](https://github.com/sensepost/objection) - Runtime Mobile Exploration.\n- [PEDA](https://github.com/longld/peda) - GDB plugin (only python2.7).\n- [Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) - A dynamic binary instrumentaion tool by Intel.\n- [PINCE](https://github.com/korcankaraokcu/PINCE) - GDB front-end/reverse engineering tool, focused on game-hacking and automation.\n- [PinCTF](https://github.com/ChrisTheCoolHut/PinCTF) - A tool which uses intel pin for Side Channel Analysis.\n- [Plasma](https://github.com/joelpx/plasma) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.\n- [Pwndbg](https://github.com/pwndbg/pwndbg) - A GDB plugin that provides a suite of utilities to hack around GDB easily.\n- [radare2](https://github.com/radare/radare2) - A portable reversing framework.\n- [Triton](https://github.com/JonathanSalwan/Triton/) - Dynamic Binary Analysis (DBA) framework.\n- [Uncompyle](https://github.com/gstarnberger/uncompyle) - Decompile Python 2.7 binaries (.pyc).\n- [WinDbg](http://www.windbg.org/) - Windows debugger distributed by Microsoft.\n- [Xocopy](http://reverse.lostrealm.com/tools/xocopy.html) - Program that can copy executables with execute, but no read permission.\n- [Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.\n\n*JavaScript Deobfuscators*\n\n- [Detox](http://relentless-coding.org/projects/jsdetox/install) - A Javascript malware analysis tool.\n- [Revelo](http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html) - Analyze obfuscated Javascript code.\n\n*SWF Analyzers*\n- [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - Collection of utilities including an ActionScript 3 assembler/disassembler.\n- [Swftools](http://www.swftools.org/) - Collection of utilities to work with SWF files.\n- [Xxxswf](https://bitbucket.org/Alexander_Hanel/xxxswf) - A Python script for analyzing Flash files.\n\n## Services\n\n*Various kind of useful services available around the internet*\n\n- [CSWSH](http://cow.cat/cswsh.html) - Cross-Site WebSocket Hijacking Tester.\n- [Request Bin](https://requestbin.com/) - Lets you inspect http requests to a particular url.\n\n## Steganography\n\n*Tools used for solving Steganography challenges*\n\n- [AperiSolve](https://aperisolve.fr/) - Aperi'Solve is a platform which performs layer analysis on image (open-source).\n- [Convert](http://www.imagemagick.org/script/convert.php) - Convert images b/w formats and apply filters.\n- [Exif](http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html) - Shows EXIF information in JPEG files.\n- [Exiftool](https://linux.die.net/man/1/exiftool) - Read and write meta information in files.\n- [Exiv2](http://www.exiv2.org/manpage.html) - Image metadata manipulation tool.\n- [Image Steganography](https://sourceforge.net/projects/image-steg/) - Embeds text and files in images with optional encryption. Easy-to-use UI.\n- [Image Steganography Online](https://incoherency.co.uk/image-steganography) - This is a client-side Javascript tool to steganographically hide images inside the lower \"bits\" of other images\n- [ImageMagick](http://www.imagemagick.org/script/index.php) - Tool for manipulating images.\n- [Outguess](https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html) - Universal steganographic tool.\n- [Pngtools](https://packages.debian.org/sid/pngtools) - For various analysis related to PNGs.\n - `apt-get install pngtools`\n- [SmartDeblur](https://github.com/Y-Vladimir/SmartDeblur) - Used to deblur and fix defocused images.\n- [Steganabara](https://www.openhub.net/p/steganabara) - Tool for stegano analysis written in Java.\n- [SteganographyOnline](https://stylesuxx.github.io/steganography/) - Online steganography encoder and decoder.\n- [Stegbreak](https://linux.die.net/man/1/stegbreak) - Launches brute-force dictionary attacks on JPG image.\n- [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.\n- [stegextract](https://github.com/evyatarmeged/stegextract) - Detect hidden files and text in images.\n- [Steghide](http://steghide.sourceforge.net/) - Hide data in various kind of images.\n- [StegOnline](https://georgeom.net/StegOnline/upload) - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).\n- [Stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) - Apply various steganography techniques to images.\n- [Zsteg](https://github.com/zed-0xff/zsteg/) - PNG/BMP analysis.\n\n## Web\n\n*Tools used for solving Web challenges*\n\n- [BurpSuite](https://portswigger.net/burp) - A graphical tool to testing website security.\n- [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS Command Injection and Exploitation Tool.\n- [Hackbar](https://addons.mozilla.org/en-US/firefox/addon/hackbartool/) - Firefox addon for easy web exploitation.\n- [OWASP ZAP](https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project) - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses\n- [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en) - Add on for chrome for debugging network requests.\n- [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning.\n- [SQLMap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool.\n ```pip install sqlmap```\n- [W3af](https://github.com/andresriancho/w3af) - Web Application Attack and Audit Framework.\n- [XSSer](http://xsser.sourceforge.net/) - Automated XSS testor.\n\n\n# Resources\n\n*Where to discover about CTF*\n\n## Operating Systems\n\n*Penetration testing and security lab Operating Systems*\n\n- [Android Tamer](https://androidtamer.com/) - Based on Debian.\n- [BackBox](https://backbox.org/) - Based on Ubuntu.\n- [BlackArch Linux](https://blackarch.org/) - Based on Arch Linux.\n- [Fedora Security Lab](https://labs.fedoraproject.org/security/) - Based on Fedora.\n- [Kali Linux](https://www.kali.org/) - Based on Debian.\n- [Parrot Security OS](https://www.parrotsec.org/) - Based on Debian.\n- [Pentoo](http://www.pentoo.ch/) - Based on Gentoo.\n- [URIX OS](http://urix.us/) - Based on openSUSE.\n- [Wifislax](http://www.wifislax.com/) - Based on Slackware.\n\n*Malware analysts and reverse-engineering*\n\n- [Flare VM](https://github.com/fireeye/flare-vm/) - Based on Windows.\n- [REMnux](https://remnux.org/) - Based on Debian.\n\n## Starter Packs\n\n*Collections of installer scripts, useful tools*\n\n- [CTF Tools](https://github.com/zardus/ctf-tools) - Collection of setup scripts to install various security research tools.\n- [LazyKali](https://github.com/jlevitsk/lazykali) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.\n\n## Tutorials\n\n*Tutorials to learn how to play CTFs*\n\n- [CTF Field Guide](https://trailofbits.github.io/ctf/) - Field Guide by Trails of Bits.\n- [CTF Resources](http://ctfs.github.io/resources/) - Start Guide maintained by community.\n- [How to Get Started in CTF](https://www.endgame.com/blog/how-get-started-ctf) - Short guideline for CTF beginners by Endgame\n- [Intro. to CTF Course](https://www.hoppersroppers.org/courseCTF.html) - A free course that teaches beginners the basics of forensics, crypto, and web-ex.\n- [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) - Video tutorials and walkthroughs of popular CTF platforms.\n- [LiveOverFlow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Video tutorials on Exploitation.\n- [MIPT CTF](https://github.com/xairy/mipt-ctf) - A small course for beginners in CTFs (in Russian).\n\n\n## Wargames\n\n*Always online CTFs*\n\n- [Backdoor](https://backdoor.sdslabs.co/) - Security Platform by SDSLabs.\n- [Crackmes](https://crackmes.one/) - Reverse Engineering Challenges.\n- [CryptoHack](https://cryptohack.org/) - Fun cryptography challenges.\n- [echoCTF.RED](https://echoctf.red/) - Online CTF with a variety of targets to attack.\n- [Exploit Exercises](https://exploit-exercises.lains.space/) - Variety of VMs to learn variety of computer security issues.\n- [Exploit.Education](http://exploit.education) - Variety of VMs to learn variety of computer security issues.\n- [Gracker](https://github.com/Samuirai/gracker) - Binary challenges having a slow learning curve, and write-ups for each level.\n- [Hack The Box](https://www.hackthebox.eu) - Weekly CTFs for all types of security enthusiasts.\n- [Hack This Site](https://www.hackthissite.org/) - Training ground for hackers.\n- [Hacker101](https://www.hacker101.com/) - CTF from HackerOne\n- [Hacking-Lab](https://hacking-lab.com/) - Ethical hacking, computer network and security challenge platform.\n- [Hone Your Ninja Skills](https://honeyourskills.ninja/) - Web challenges starting from basic ones.\n- [IO](http://io.netgarage.org/) - Wargame for binary challenges.\n- [Microcorruption](https://microcorruption.com) - Embedded security CTF.\n- [Over The Wire](http://overthewire.org/wargames/) - Wargame maintained by OvertheWire Community.\n- [PentesterLab](https://pentesterlab.com/) - Variety of VM and online challenges (paid).\n- [PicoCTF](https://2019game.picoctf.com) - All year round ctf game. Questions from the yearly picoCTF competition.\n- [PWN Challenge](http://pwn.eonew.cn/) - Binary Exploitation Wargame.\n- [Pwnable.kr](http://pwnable.kr/) - Pwn Game.\n- [Pwnable.tw](https://pwnable.tw/) - Binary wargame.\n- [Pwnable.xyz](https://pwnable.xyz/) - Binary Exploitation Wargame.\n- [Reversin.kr](http://reversing.kr/) - Reversing challenge.\n- [Ringzer0Team](https://ringzer0team.com/) - Ringzer0 Team Online CTF.\n- [Root-Me](https://www.root-me.org/) - Hacking and Information Security learning platform.\n- [ROP Wargames](https://github.com/xelenonz/game) - ROP Wargames.\n- [SANS HHC](https://holidayhackchallenge.com/past-challenges/) - Challenges with a holiday theme\n released annually and maintained by SANS.\n- [SmashTheStack](http://smashthestack.org/) - A variety of wargames maintained by the SmashTheStack Community.\n- [Viblo CTF](https://ctf.viblo.asia) - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.\n- [VulnHub](https://www.vulnhub.com/) - VM-based for practical in digital security, computer application & network administration.\n- [W3Challs](https://w3challs.com) - A penetration testing training platform, which offers various computer challenges, in various categories.\n- [WebHacking](http://webhacking.kr) - Hacking challenges for web.\n\n\n*Self-hosted CTFs*\n- [Damn Vulnerable Web Application](http://www.dvwa.co.uk/) - PHP/MySQL web application that is damn vulnerable.\n- [Juice Shop CTF](https://github.com/bkimminich/juice-shop-ctf) - Scripts and tools for hosting a CTF on [OWASP Juice Shop](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) easily.\n\n## Websites\n\n*Various general websites about and on CTF*\n\n- [Awesome CTF Cheatsheet](https://github.com/uppusaikiran/awesome-ctf-cheatsheet#awesome-ctf-cheatsheet-) - CTF Cheatsheet.\n- [CTF Time](https://ctftime.org/) - General information on CTF occuring around the worlds.\n- [Reddit Security CTF](http://www.reddit.com/r/securityctf) - Reddit CTF category.\n\n## Wikis\n\n*Various Wikis available for learning about CTFs*\n\n- [Bamboofox](https://bamboofox.github.io/) - Chinese resources to learn CTF.\n- [bi0s Wiki](https://teambi0s.gitlab.io/bi0s-wiki/) - Wiki from team bi0s.\n- [CTF Cheatsheet](https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/) - CTF tips and tricks.\n- [ISIS Lab](https://github.com/isislab/Project-Ideas/wiki) - CTF Wiki by Isis lab.\n- [OpenToAll](https://github.com/OpenToAllCTF/Tips) - CTF tips by OTA CTF team members.\n\n## Writeups Collections\n\n*Collections of CTF write-ups*\n\n- [0e85dc6eaf](https://github.com/0e85dc6eaf/CTF-Writeups) - Write-ups for CTF challenges by 0e85dc6eaf\n- [Captf](http://captf.com/) - Dumped CTF challenges and materials by psifertex.\n- [CTF write-ups (community)](https://github.com/ctfs/) - CTF challenges + write-ups archive maintained by the community.\n- [CTFTime Scrapper](https://github.com/abdilahrf/CTFWriteupScrapper) - Scraps all writeup from CTF Time and organize which to read first.\n- [HackThisSite](https://github.com/HackThisSite/CTF-Writeups) - CTF write-ups repo maintained by HackThisSite team.\n- [Mzfr](https://github.com/mzfr/ctf-writeups/) - CTF competition write-ups by mzfr\n- [pwntools writeups](https://github.com/Gallopsled/pwntools-write-ups) - A collection of CTF write-ups all using pwntools.\n- [SababaSec](https://github.com/SababaSec/ctf-writeups) - A collection of CTF write-ups by the SababaSec team\n- [Shell Storm](http://shell-storm.org/repo/CTF/) - CTF challenge archive maintained by Jonathan Salwan.\n- [Smoke Leet Everyday](https://github.com/smokeleeteveryday/CTF_WRITEUPS) - CTF write-ups repo maintained by SmokeLeetEveryday team.\n\n### LICENSE\n\nCC0 :)\n" }, { "path": "_config.yml", "content": "theme: jekyll-theme-slate" }, { "path": "package.json", "content": "{\n \"name\": \"awesome-ctf\",\n \"title\": \"awesome-ctf\",\n \"description\": \"A curated list of CTF frameworks, libraries, resources and softwares.\",\n \"version\": \"1.0.0\",\n \"homepage\": \"http://github.com/apsdehal/awesome-ctf\",\n \"author\": {\n \"name\": \"Amanpreet Singh and contributors\",\n \"url\": \"https://github.com/apsdehal/awesome-ctf/graphs/contributors\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/apsdehal/awesome-ctf.git\"\n },\n \"bugs\": \"https://github.com/apsdehal/awesome-ctf/issues\",\n \"devDependencies\": {\n \"chai\": \"^2.2.0\",\n \"cheerio\": \"^0.19.0\",\n \"marked\": \"^0.3.3\",\n \"mocha\": \"~2.2.1\"\n },\n \"licenses\": [\n {\n \"type\": \"MIT\",\n \"url\": \"https://github.com/apsdehal/awesome-ctf/LICENSE.txt\"\n }\n ],\n \"engines\": {\n \"node\": \">= 0.8.0\"\n },\n \"scripts\": {\n \"test\": \"./node_modules/mocha/bin/mocha -u bdd tests/test.js\"\n },\n \"keywords\": []\n}\n" }, { "path": "tests/test.js", "content": "var assert = require('chai').assert,\n\tutils = require('./utils');\n\nvar $ = utils.getSelectorObject();\n\ndescribe('Main module', function () {\n\tit('should contain a non-duplicate link for all title', function () {\n\t\tvar links = [];\n\n\t\t$('a').each(function (k) {\n\t\t\tvar href = $(this).attr('href');\n\n\t\t\tassert.isDefined(href, 'Expected href for ' + $(this).html());\n\n\t\t\tif (links[href]) {\n\t\t\t\tconsole.log(href);\n\t\t\t\tassert.ok(false, 'Duplicate link for ' + $(this).html());\n\t\t\t}\n\n\t\t\tlinks[href] = true;\n\t\t});\n\t});\n\n\tit('should be sorted alphabetically', function () {\n\t\t$('ul').each(function () {\n\t\t\tutils.testList(assert, $, $(this));\n\t\t})\n\t});\n})" }, { "path": "tests/utils.js", "content": "var fs = require('fs'),\n\tmarked = require('marked'),\n\tcheerio = require('cheerio');\n\nmodule.exports = (function () {\n\tvar utils = {\n\t\tgetSelectorObject: function () {\n\t\t\tvar html = marked(fs.readFileSync('./README.md', 'utf-8'));\n\t\t\treturn cheerio.load(html);\n\t\t},\n\n\t\ttestList: function (assert, $, list) {\n\t\t\tvar self = this;\n\n\t\t\tlist.find('ul').each(function () {\n\t\t\t\tutils.testList(assert, $, $(this));\n\t\t\t\t$(this).remove('ul');\n\t\t\t});\n\t\t\tself.testAlphabetical(assert, $, list);\n\t\t},\n\n\t\ttestAlphabetical: function (assert, $, list) {\n\t\t\tvar items = [];\n\t\t\tlist.find(\"li > a:first-child\").map(function (i) {\n\t\t\t\titems.push($(this).text().toLowerCase());\n\t\t\t});\n\n\t\t\tsorted = items.slice().sort();\n\n\t\t\tassert.deepEqual(items, sorted, 'Links should be in alphabetical order');\n\t\t}\n\t};\n\n\treturn utils;\n})();" } ]