Primarily for tools used to solve CTF challenges
As you learn how to use new tools that could be useful for CTF's please add them here
- Short details of the challenge it helped solve
- Command line arguments and how you used them
- Anything else you think could be helpful
- pwntools - Python library for interacting with challenges, has extensions for python 2.7 and 3+
- Has modules for ssh, nc, gdb, loading binaries for rop and disassembly
- Used in most writeups or the code for writeups relating to pwning
- GDB - The GNU project debugger
- GEF - GDB Enhanced Features GDB plugin that is like PEDA but all source is in one file and is better
- PEDA - GDB plugin (only python2.7)
- Binary Ninja - Binary analysis framework
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Java Decompilers - An online decompiler for Java and Android APKs
- Krakatau - Java decompiler and disassembler
- radare2 - A portable reversing framework
- BurpSuite - A graphical tool to testing website security.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- SQLMap - Automatic SQL injection and database takeover tooli
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor
- Nikto - Open Source (GPL) web server scanner which performs comprehensive tests against web servers
- Bettercap - Framework to perform MITM (Man in the Middle) attacks.
- Wireshark - Analyze the network dumps.
- Stego Checklist - Checklist for solving stego challenges
- StegOnline - Stego solver
- steghide - hides and extracts data from files.
- Binwalk - Can be used to search a given binary image for embedded files and executable code.
- foremost - Navy's version of Binwalk (may catch something binwalk misses)
- stegsolve - Can be used to find hidden information in files
- Used to solve a hackthebox stego challenge
- zsteg - Can be used to find steganography in png and bmp files
- Used during affinity CTF to find hidden information
- stegoveritas - Similar to zsteg
- Used during affinity CTF to find hidden information
- volatility - Common forensics tool for system memory dumps (can be finiky)
- Google dorking - Using google to find things you shouldn't.
- Shodan - Online webscanner service (note you do not have permission to view actual services; BE CAREFUL)
- Webhook Tester - Useful for getting web requests to a public site without creating one
- wiggle - Online wardriving site. Gives access to wifi network information across the contry
- used on NCL past 2 seasons