/ctf-tools

Some setup scripts for security research tools.

Primary LanguageShellBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

ctf-tools

Build Status IRC

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.

Installers for the following tools are included:

Category Source Tool Description
binary Directory afl State-of-the-art fuzzer.
binary Directory angr Next-generation binary analysis engine from Shellphish.
binary Directory barf Binary Analysis and Reverse-engineering Framework.
binary Directory bindead A static analysis tool for binaries.
binary Library capstone Multi-architecture disassembly framework.
binary Directory checksec Check binary hardening settings.
binary Directory codereason Semantic Binary Code Analysis Framework.
binary Directory crosstool-ng Cross-compilers and cross-architecture tools.
binary Directory cross2 A set of cross-compilation tools from a Japanese book on C.
binary Directory elfkickers A set of utilities for working with ELF files.
binary Directory elfparser Quickly determine the capabilities of an ELF binary through static analysis.
binary Directory evilize Tool to create MD5 colliding binaries
binary Directory gdb Up-to-date gdb with python2 bindings.
binary Directory gdb-heap gdb extension for debugging heap issues.
binary Directory gef Enhanced environment for gdb.
binary Directory hongfuzz A general-purpose, easy-to-use fuzzer with interesting analysis options.
binary Library keystone Lightweight multi-architecture assembler framework.
binary Directory libheap gdb python library for examining the glibc heap (ptmalloc)
binary Library lief Library to Instrument Executable Formats.
binary Directory miasm Reverse engineering framework in Python.
binary Directory one_gadget Magic gadget search for libc.
binary Directory panda Platform for Architecture-Neutral Dynamic Analysis.
binary Directory pathgrind Path-based, symbolically-assisted fuzzer.
binary Directory peda Enhanced environment for gdb.
binary Directory preeny A collection of helpful preloads (compiled for many architectures!).
binary Directory pwndbg Enhanced environment for gdb. Especially for pwning.
binary Directory pwntools Useful CTF utilities.
binary Directory python-pin Python bindings for pin.
binary Directory qemu Latest version of qemu!
binary Directory qira Parallel, timeless debugger.
binary Directory radare2 Some crazy thing crowell likes.
binary Directory rappel A linux-based assembly REPL.
binary Directory ropper Another gadget finder.
binary Directory rp++ Another gadget finder.
binary Directory rr Record and Replay Debugging Framework
binary Directory scratchabit Easily retargetable and hackable interactive disassembler
binary Directory scratchablock Yet another crippled decompiler project
binary Directory seccomp-tools Provides powerful tools for seccomp analysis
binary Directory shellnoob Shellcode writing helper.
binary Directory shellsploit Shellcode development kit.
binary Directory snowman Cross-architecture decompiler.
binary Directory taintgrind A valgrind taint analysis tool.
binary Library unicorn Multi-architecture CPU emulator framework.
binary Directory valgrind A Dynamic Binary Instrumentation framework with some built-in tools.
binary Directory villoc Visualization of heap operations.
binary Directory virtualsocket A nice library to interact with binaries.
binary Directory wcc The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
binary Directory xrop Gadget finder.
binary Directory manticore Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
forensics Directory binwalk Firmware (and arbitrary file) analysis tool.
forensics Directory dislocker Tool for reading Bitlocker encrypted partitions.
forensics Directory exetractor Unpacker for packed Python executables. Supports PyInstaller and py2exe.
forensics Directory firmware-mod-kit Tools for firmware packing/unpacking.
forensics apt foremost File carver.
forensics Directory pdf-parser Tool for digging in PDF files
forensics Directory peepdf Powerful Python tool to analyze PDF documents.
forensics Directory scrdec A decoder for encoded Windows Scripts.
forensics Directory testdisk Testdisk and photorec for file recovery.
crypto Directory cribdrag Interactive crib dragging tool (for crypto).
crypto Directory fastcoll An md5sum collision generator.
crypto Directory foresight A tool for predicting the output of random number generators. To run, launch "foresee".
crypto Directory featherduster An automated, modular cryptanalysis tool.
crypto Directory galois A fast galois field arithmetic library/toolkit.
crypto Directory hashkill Hash cracker.
crypto Directory hashpump A tool for performing hash length extension attaacks.
crypto Directory hashpump-partialhash Hashpump, supporting partially-unknown hashes.
crypto Directory hash-identifier Simple hash algorithm identifier.
crypto Directory libc-database Build a database of libc offsets to simplify exploitation.
crypto Directory littleblackbox Database of private SSL/SSH keys for embedded devices.
crypto Directory msieve Msieve is a C library implementing a suite of algorithms to factor large integers.
crypto Directory nonce-disrespect Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.
crypto Directory pemcrack SSL PEM file cracker.
crypto Directory pkcrack PkZip encryption cracker.
crypto Directory python-paddingoracle Padding oracle attack automation.
crypto Directory reveng CRC finder.
crypto Directory ssh_decoder A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash.
crypto Directory sslsplit SSL/TLS MITM.
crypto Directory xortool XOR analysis tool.
crypto Directory yafu Automated integer factorization.
web Directory burpsuite Web proxy to do naughty web stuff.
web Directory commix Command injection and exploitation tool.
web Directory dirb Web path scanner.
web Directory dirsearch Web path scanner.
web Directory mitmproxy CLI Web proxy and python library.
web Directory sqlmap SQL injection automation engine.
web Directory subbrute A DNS meta-query spider that enumerates DNS records, and subdomains.
stego apt pngtools PNG's analysis tool.
stego Directory sound-visualizer Audio file visualization.
stego Directory steganabara Another image stenography solver.
stego Directory stegdetect Stenography detection/breaking tool.
stego Docker stego-toolkit A docker image with dozens of steg tools.
stego Directory stegsolve Image stenography solver.
stego Directory zsteg detect stegano-hidden data in PNG & BMP.
dsniff apt dsniff Grabs passwords and other data from pcaps/network streams.
android Directory apktool Dissect, dis-assemble, and re-pack Android APKs
android Directory android-sdk The android SDK (adb, emulator, etc).
misc Directory xspy Tiny tool to spy on X sessions.
misc Directory z3 Theorem prover from Microsoft Research.
misc Directory jdgui Java decompiler.
misc Directory veles Binary data analysis and visualization tool.
misc Directory youtube-dl Latest version of the popular youtube downloader.

There are also some installers for non-CTF stuff to break the monotony!

Category Tool Description
C magic C-bind A library used to enable function binding in C!
game Dwarf Fortress Something to help you relax after a CTF!
pyvmmonitor pyvmmonitor PyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program.
library collection single_file_libs A large collection of useful single file include libraries written for C/C++
dolphin sudolphin If your friend ever leaves their laptop unlocked, curl -sSL sh.sudolph.in | sh then wait and see!
tor-browser tor-browser Useful when you need to hit a web challenge from different IPs.

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

# list the available tools
manage-tools list

# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb

# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools

# install qemu, but use "nice" to avoid degrading performance during compilation
manage-tools -n install qemu

# uninstall gdb
manage-tools uninstall gdb

# uninstall all tools
manage-tools uninstall all

# search for a tool
manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the pip package manager if possible. A ctftools virtualenv is created during the manage-tools setup command and can be accessed using the command workon ctftools.

Help!

Something not working? I didn't write (almost) any of these tools, but hit up #ctf-tools on freenode if you're desperate. Maybe some kind soul will help!

Docker (version 1.7+)

By popular demand, a Dockerfile has been included. You can build a docker image with:

git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools .

And run it with:

docker run -it ctf-tools

The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).

Alternatively, you can also pull ctf-tools (with some tools preinstalled) from dockerhub:

docker run -it zardus/ctf-tools

Vagrant

You can build a Vagrant VM with:

wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant plugin install vagrant-vbguest
vagrant up

And connect to it via:

vagrant ssh

Kali Linux

Kali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. AFL and Panda comes to mind, in fact any tool that uses QEMU 2.30 will probably fail during compilation under Kali. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali's tools being broken, or running another distribution separately such as Ubuntu.

Most tools aren't affected though.

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Create a toolname directory.
  2. Create an install script.
  3. (optional) if special uninstall steps are required, create an uninstall script.

Install Scripts

The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible. Ideally, full uninstallation should be possible with a git clean.

The install script should create a bin directory and put its executables there. These executables will be automatically linked into the main bin directory for the repo. They could be launched from any directory, so don't make assumptions about the location of $0!

License

The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).

Good luck!

See Also

There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/aWEsoMe-cTf.

There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.