tools

CTF Tools

Just some tools we use

web

• Nikito:
• https://github.com/sullo/nikto
• SQLmap
• https://github.com/sqlmapproject/sqlmap

Reversing

• Radare2
• https://github.com/radare/radare2
• cutter:
  • GUI mode of radare2
  • https://github.com/radareorg/cutter
• pwndbg
• https://github.com/pwndbg/pwndbg
• with
  • pedas: https://github.com/longld/peda
  • voltron: https://github.com/snare/voltron
• checksec
• https://github.com/slimm609/checksec.sh
  • Check if canary etc are enabled or not

Crypto

• https://quipqiup.com/
• caesar: https://cryptii.com/pipes/caesar-cipher
• vignere: https://www.guballa.de/vigenere-solver
• rot: https://www.dcode.fr/rot-cipher
• Substituion: https://www.guballa.de/substitution-solver
• I.C calculator
• Use this if you have no clue which type of cipher it is.
• General
• https://quipqiup.com/
• RSA:
• https://github.com/Ganapati/RsaCtfTool
• https://github.com/ius/rsatool
• https://www.alpertron.com.ar/ECM.HTM
  • Best for factorizing etc
• Also some scripts written in python.
• libnum
  • https://github.com/hellman/libnum
  • Python library
• md5 hash
• https://www.md5online.org

Misc

• For mathematics
• Use sympy or sage
  • sympy: https://github.com/sympy/sympy
  • sage:
• John the ripper
• https://www.openwall.com/john/
• https://github.com/magnumripper/JohnTheRipper
• Metasploit framwork
• https://github.com/rapid7/metasploit-framework
• Git related task:
• gittools: https://github.com/internetwache/GitTools/
• vsftp
• First thing to check is that if the given vsftp version isn't vulnerable to any kind of know vulnerability
  • Could be simple as: https://ctftime.org/writeup/12060
• https://en.wikipedia.org/wiki/Vsftpd
• dirb
• Look for all the accesible directories on a server
• Not always useful but sometime a life saver
• hydra along with our lovely rockyou.txt

Shell

• Ripgrep
• https://github.com/BurntSushi/ripgrep
• strings
• cat
• |(pipe)

Leaks

• https://gitlab.com/glicOne/shadowbroker
• Hack scripts
• https://gitlab.com/glicOne/hack_scripts
• books
• https://gitlab.com/glicOne/knowledge-base
• https://github.com/RomaniukVadim/knowledge-base
• CTF wiki
• https://gitlab.com/glicOne/ctf-wiki
• Terminator ?
• https://gitlab.com/glicOne/Terminator

Other lists

There are already many great lists that would help you during CTF. Some good list to check out are:

• trailofbit's CTF Guide

  • A very good guide to get an idea about CTFs and different type of challenges

• John Hammond's CTF Katana

  • Really good and short notes.
  • He keeps track of all the not so common challenges from CTFs

• CTF Candy

  • Good notes on web challenges

• Security tips

  • Very good notes on WEB and RE/PWN category

• CTF Wiki

  • Good notes on WEB and CRYPTO

• Knowledge base