Lists which have inspired this one
- CTF Resources - Archive of information, tools, and references regarding CTF competitions.
- Awesome CTF - A curated list of CTF frameworks, libraries, resources and softwares
- SkullTech CTF Resources - A list of resources related to Capture the Flag contests
- InfoSec CTF Resources - Tools and Resources to Prepare for a Hacker CTF Competition or Challenge
- Medium Article - Resources copied from PicoCTF forum
Frameworks for hosting CTFs
- collabCTF - CTF framework written in Django; not maintained
- Mellivora - CTF engine written in PHP
- CTFd - Easy to use framework in Flask
- Wrath CTF Framework - CTF Framework based on Redis
- CTF - CTF Flask framework
- OWASP CTF - Web based hacking challenge application
- Attack Defense CTF Framework - Minimal attack and defense CTF setup based on the LAMPP stack
- mkctf - A CTF framework to create, build, deploy and test challenges
- LibCTF - CTF exploit development and other tools of pwnage
- NightShade - A simple capture the flag framework based on Django
- Puzzle Hero - SCS Concordia's CTF platform based on sqlalchemy and vue.js frontend
- PACTF - CTF framework and website based on Django
- HackTheArch - CTF scoring server with Ruby on Rails
- AppJailLauncher - CTF Framework for Windows
- Scorebot - Ruby scoring framework; not maintained
- OpenCTF - CTF framework written in Go
- CTF Framework - CTF framework written in Ruby
- PicoCTF Old Platform - Not maintained
- PicoCTF Platform 2 - Infrastructure on which picoCTF 2014 ran
- PicoCTF Platform - The platform used to run picoCTF
- iCTF Framework - framework that the UC Santa Barbara Seclab uses to host the iCTF
- Root the Box - real-time capture the flag (CTF) scoring engine IN Python
- FBCTF - Easy to use platform to host Capture the Flag competitions
- SecGen - Creates VMs which have random vulnerabilities
- Dnscat - Hosts communication through DNS
- Registry Dumper - Dump your registry
- Python3 pwntools -
- pwntools -
- CTF Tools -
- LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
- BackBox - Based on Ubuntu
- BlackArch Linux - Based on Arch Linux
- Fedora Security Lab - Based on Fedora
- Kali Linux - Based on Debian
- Parrot Security OS - Based on Debian
- Pentoo - Based on Gentoo
- URIX OS - Based on openSUSE
- Wifislax - Based on Slackware
Tools used for solving Web challenges
- BurpSuite - A graphical tool to testing website security.
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Hackbar - Firefox addon for easy web exploitation
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests
- SQLMap - Automatic SQL injection and database takeover tooli
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor
Tools used for solving Reversing challenges
- Androguard - Reverse engineer Android applications
- Angr - platform-agnostic binary analysis framework
- Apk2Gold - Yet another Android decompiler
- ApkTool - Android Decompiler
- Barf - Binary Analysis and Reverse engineering Framework
- Binary Ninja - Binary analysis framework
- BinUtils - Collection of binary tools
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86 binaries to C
- ctf_import – run basic functions from stripped binaries cross platform
- GDB - The GNU project debugger
- GEF - GDB plugin
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Java Decompilers - An online decompiler for Java and Android APKs
- Krakatau - Java decompiler and disassembler
- PEDA - GDB plugin (only python2.7)
- Pin A dynamic binary instrumentaion tool by Intel
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- radare2 - A portable reversing framework
- Uncompyle - Decompile Python 2.7 binaries (.pyc)
- WinDbg - Windows debugger distributed by Microsoft
- Xocopy - Program that can copy executables with execute, but no read permission
- Z3 - A theorem prover from Microsoft Research
- OllyDBG - x86 Debugger
- IDA Pro - Interactive Disassembler
- strace - Debuuging utility for Linux
JavaScript Deobfustcators
SWF Analyzers
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Swftools - Collection of utilities to work with SWF files
- Xxxswf - A Python script for analyzing Flash files.
- FeatherDuster - An automated, modular cryptanalysis tool
- Hash Extender - A utility tool for performing hash length extension attacks
- PkCrack - A tool for Breaking PkZip-encryption
- RSACTFTool - A tool for recovering RSA private key with various attack
- RSATool - Generate private key with knowledge of p and q
- XORTool - A tool to analyze multi-byte xor cipher
- HashID - Software to identify the different types of hashes
- DLLInjector - Inject dlls in processes
- libformatstr - Simplify format string exploitation.
- Metasploit - Penetration testing software
- one_gadget - A tool to find the one gadget
execve('/bin/sh', NULL, NULL)callgem install one_gadget
- Pwntools - CTF Framework for writing exploits
- Qira - QEMU Interactive Runtime Analyser
- ROP Gadget - Framework for ROP exploitation
- V0lt - Security CTF Toolkit
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys
apt-get install aircrack-ng
- Audacity - Analyze sound files (mp3, m4a, whatever)
apt-get install audacity
- Bkhive and Samdump2 - Dump SYSTEM and SAM files
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor
- Creddump - Dump windows credentials
- DVCS Ripper - Rips web accessible (distributed) version control systems
- Exif Tool - Read, write and edit file metadata
- Extundelete - Used for recovering lost data from mountable images
- Fibratus - Tool for exploration and tracing of the Windows kernel
- Foremost - Extract particular kind of files using headers
apt-get install foremost
- Fsck.ext4 - Used to fix corrupt filesystems
- Malzilla - Malware hunting tool
- NetworkMiner - Network Forensic Analysis Tool
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files
- ResourcesExtract - Extract various filetypes from exes
- Shellbags - Investigate NT_USER.dat files
- UsbForensics - Contains many tools for usb forensics
- Volatility - To investigate memory dumps
- Windows Registry Viewer - Opens raw Windows registry hive files
Tools used for solving Networking challenges
- Bro - An open-source network security monitor
- Masscan - Mass IP port scanner, TCP port scanner
- Monit - A linux tool to check a host on the network (and other non-network activities)
- Nipe - Nipe is a script to make Tor Network your default gateway
- Nmap - An open source utility for network discovery and security auditing
- Wireshark - Analyze the network dumps
apt-get install wireshark
- Zmap - An open-source network scanner
- Bettercap - Framework to perform MITM (Man in the Middle) attacks
- Layer 2 attacks - Attack various protocols on layer 2
- https://www.endgame.com/blog/technical-blog/how-get-started-ctf
- https://medium.com/techatucla/ctf-ucla-beginners-guide-5192318f82
- https://kitctf.de/learning/getting-started
- https://medium.com/@andr3w_hilton/brain-gamez-ctf-1f66cebc7355
- The Linux man-pages Project -
- Linux Users and Groups -
- BashRef - Bash Reference Manual
- OWASP - XSS
- OWASP - XSS Filter Evasion Cheat Sheet
- DOM Clobbering
- HTML Markup Injection
- Testing For Reflected XSS
- Testing For Stored XSS
- Testing For DOM-based XSS
- OWASP - SQLi
- Testing For SQL Injections
- SQL Backdoors
- [Bypassing Modern SQL Injection Security Measures](http://www.blackhatlibrary.net /Sql_injection#Bypassing_modern_SQL_injection_security_measures)
- 9.6 Comment Syntax
- Cheat Sheets
- [video] Advanced SQL Injection
- [video] Defcon 18 - You Spent All That Money And You Still Got Owned
Tutorials to learn how to play CTFs
- CTF Field Guide - Field Guide by Trails of Bits
- CTF Resources - Start Guide maintained by community
- Damn Vulnerable Web Application PHP/MySQL web application that is damn vulnerable
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
- MIPT CTF - A small course for beginners in CTFs (in Russian)
Always online CTFs
- Backdoor - Security Platform by SDSLabs.
- Ctfs.me - CTF All the time
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
- Hack The Box - Weekly CTFs for all types of security enthusiasts.
- Hack This Site - Training ground for hackers.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- IO - Wargame for binary challenges.
- Over The Wire - Wargame maintained by OvertheWire Community
- Pwnable.kr - Pwn Game
- Ringzer0Team - Ringzer0 Team Online CTF
- Root-Me - Hacking and Information Security learning platform.
- ROP Wargames - ROP Wargames
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
- WebHacking - Hacking challenges for web.
- WeChall - Always online challenge site.
- WTHack OnlineCTF - CTF Practice platform for every level of cyber security enthusiasts.
- ctf365
- overthewire
- [tunnelsup](https://www.tunnelsup.com/hacker-challenges/
- [root-me.org](https://www.root-me.org/en/Capture-The-Flag/
Self-hosted CTFs
- Juice Shop CTF - Scripts and tools for hosting a CTF on OWASP Juice Shop easily.
- http://www.badstore.net/
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
http://www.owasp.org/index.php/Owasp_SiteGenerator
Damn Vulnerable Web App
Stanford SecureBench
Stanford SecureBench Micro
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Various general websites about and on ctf
- CTF Time - General information on CTF occuring around the worlds
- Reddit Security CTF - Reddit CTF category
Lists of CTFs
wechall (excellent list of challenge sites)
forgottensec (good CTF wiki, though focused on CCDC)
shell-storm (great archive of CTFs)
captf
Various Wikis available for learning about CTFs
- ISIS Lab - A wiki of CyberSecurity Projects by Isis lab
- http://ctfs.github.io/resources/
Collections of CTF write-ups
- Captf - Dumped CTF challenges and materials by psifertex
- CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community
- CTFTime Scrapper - Scraps all writeup from ctf time and organize which to read first
- pwntools writeups - A collection of CTF write-ups all using pwntools
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan
- Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.
- kitctf
Stackexchange
Stackoverflow
Quora
Wikipedia
Wolfram
Reddit