Day 18: Essential CTF Tools

We are about to kick off the 2019 CTF season with the awesome 
Insomni’hack Teaser 2019, I can’t wait to play, are you joining? No matter your level, I suggest giving it a go, if you get stuck read the write-ups which are great because you always learn more when you had a go and invested personally.

In anticipation of the event, here is a list of essential tools taken from a great CTF repository that lists not only solve tools but also tools to create CTFs.

https://github.com/apsdehal/awesome-ctf

Attacks

Tools used for performing various kinds of attacks

  • Bettercap — Framework to perform MITM (Man in the Middle) attacks.
  • Layer 2 attacks — Attack various protocols on layer 2

Crypto

Tools used for solving Crypto challenges

  • FeatherDuster — An automated, modular cryptanalysis tool
  • Hash Extender — A utility tool for performing hash length extension attacks
  • PkCrack — A tool for Breaking PkZip-encryption
  • RSACTFTool — A tool for recovering RSA private key with various attack
  • RSATool — Generate private key with knowledge of p and q
  • XORTool — A tool to analyze multi-byte xor cipher

Bruteforcers

Tools used for various kind of bruteforcing (passwords etc.)

  • Hashcat — Password Cracker
  • John The Jumbo — Community enhanced version of John the Ripper
  • John The Ripper — Password Cracker
  • Nozzlr — Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack — Windows password cracker based on rainbow tables.
  • Patator — Patator is a multi-purpose brute-forcer, with a modular design.

Exploits

Tools used for solving Exploits challenges

  • DLLInjector — Inject dlls in processes
  • libformatstr — Simplify format string exploitation.
  • Metasploit — Penetration testing software
  • one_gadget — A tool to find the one gadget
  • Pwntools — CTF Framework for writing exploits
  • Qira — QEMU Interactive Runtime Analyser
  • ROP Gadget — Framework for ROP exploitation
  • V0lt — Security CTF Toolkit

Forensics

Tools used for solving Forensics challenges

Registry Viewers

Networking

Tools used for solving Networking challenges

  • Bro — An open-source network security monitor.
  • Masscan — Mass IP port scanner, TCP port scanner.
  • Monit — A linux tool to check a host on the network (and other non-network activities).
  • Nipe — Nipe is a script to make Tor Network your default gateway.
  • Nmap — An open source utility for network discovery and security auditing.
  • Wireshark — Analyze the network dumps.
  • Zmap — An open-source network scanner.

Reversing

Tools used for solving Reversing challenges

  • Androguard — Reverse engineer Android applications
  • Angr — platform-agnostic binary analysis framework
  • Apk2Gold — Yet another Android decompiler
  • ApkTool — Android Decompiler
  • Barf — Binary Analysis and Reverse engineering Framework
  • Binary Ninja — Binary analysis framework
  • BinUtils — Collection of binary tools
  • BinWalk — Analyze, reverse engineer, and extract firmware images.
  • Boomerang — Decompile x86 binaries to C
  • ctf_import — run basic functions from stripped binaries cross platform
  • Frida — Dynamic Code Injection
  • GDB — The GNU project debugger
  • GEF — GDB plugin
  • Hopper — Reverse engineering tool (disassembler) for OSX and Linux
  • IDA Pro — Most used Reversing software
  • Jadx — Decompile Android files
  • Java Decompilers — An online decompiler for Java and Android APKs
  • Krakatau — Java decompiler and disassembler
  • Objection — Runtime Mobile Exploration
  • PEDA — GDB plugin (only python2.7)
  • Pin A dynamic binary instrumentaion tool by Intel
  • Plasma — An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg — A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 — A portable reversing framework
  • Triton — Dynamic Binary Analysis (DBA) framework
  • Uncompyle — Decompile Python 2.7 binaries (.pyc)
  • WinDbg — Windows debugger distributed by Microsoft
  • Xocopy — Program that can copy executables with execute, but no read permission
  • Z3 — a theorem prover from Microsoft Research

JavaScript Deobfuscators

  • Detox — A Javascript malware analysis tool
  • Revelo — Analyze obfuscated Javascript code

SWF Analyzers

  • RABCDAsm — Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools — Collection of utilities to work with SWF files
  • Xxxswf — A Python script for analyzing Flash files.

Services

Various kind of useful services available around the internet

  • CSWSH — Cross-Site WebSocket Hijacking Tester
  • Request Bin — Lets you inspect http requests to a particular url

Steganography

Tools used for solving Steganography challenges

  • Convert — Convert images b/w formats and apply filters
  • Exif — Shows EXIF information in JPEG files
  • Exiftool — Read and write meta information in files
  • Exiv2 — Image metadata manipulation tool
  • ImageMagick — Tool for manipulating images
  • Outguess — Universal steganographic tool
  • Pngtools — For various analysis related to PNGs
  • SmartDeblur — Used to deblur and fix defocused images
  • Steganabara — Tool for stegano analysis written in Java
  • Stegbreak — Launches brute-force dictionary attacks on JPG image
  • StegCracker — Steganography brute-force utility to uncover hidden data inside files
  • stegextract — Detect hidden files and text in images
  • Steghide — Hide data in various kind of images
  • Stegsolve — Apply various steganography techniques to images
  • Zsteg — PNG/BMP analysis

Web

Tools used for solving Web challenges

  • BurpSuite — A graphical tool to testing website security.
  • Commix — Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar — Firefox addon for easy web exploitation
  • OWASP ZAP — Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman — Add on for chrome for debugging network requests
  • Raccoon — A high performance offensive security tool for reconnaissance and vulnerability scanning
  • SQLMap — Automatic SQL injection and database takeover tooli
  • W3af — Web Application Attack and Audit Framework.
  • XSSer — Automated XSS testor