Tutorials

• IppSec - Video tutorials and walkthroughs of popular CTF platforms.

Wargames

• Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.

Platforms

• MotherFucking-CTF (⭐42) - Badass lightweight plaform to host CTFs. No JS involved.

Steganography

• StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).

Tutorials

• Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.

Websites

• Awesome CTF Cheatsheet - CTF Cheatsheet.

Platforms

• echoCTF.RED (⭐40) - Develop, deploy and maintain your own CTF infrastructure.

Bruteforcers

• Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests

Wargames

• CryptoHack - Fun cryptography challenges.

• echoCTF.RED - Online CTF with a variety of targets to attack.

• Hacker101 - CTF from HackerOne

Forensics

• Kroll Artifact Parser and Extractor (KAPE) - Triage program.

• Magnet AXIOM - Artifact-centric DFIR tool.

• Wireshark - Used to analyze pcap or pcapng files

Crypto

• QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).

Networking

• Monit - A linux tool to check a host on the network (and other non-network activities).

Reversing

• Boomerang (⭐322) - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.

• Pwndbg (⭐5k) - A GDB plugin that provides a suite of utilities to hack around GDB easily.

Steganography

• SteganographyOnline - Online steganography encoder and decoder.

Web

• BurpSuite - A graphical tool to testing website security.

Wargames

• PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.

Wikis

• CTF Cheatsheet - CTF tips and tricks.

Forensics

• Snow - A Whitespace Steganography Tool.

Wargames

• PentesterLab - Variety of VM and online challenges (paid).

• SANS HHC - Challenges with a holiday theme released annually and maintained by SANS.

Writeups Collections

• HackThisSite (⭐216) - CTF write-ups repo maintained by HackThisSite team.

Forensics

• Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
  • apt-get install pngcheck

Bruteforcers

• Hydra - A parallelized login cracker which supports numerous protocols to attack

Steganography

• Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.

• Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images

Writeups Collections

• 0e85dc6eaf (⭐83) - Write-ups for CTF challenges by 0e85dc6eaf

• Mzfr (⭐109) - CTF competition write-ups by mzfr

• SababaSec (⭐15) - A collection of CTF write-ups by the SababaSec team

Forensics

• Dnscat2 (⭐2.8k) - Hosts communication through DNS.

• Registry Dumper - Dump your registry.

• CFF Explorer - PE Editor.

• Creddump (⭐219) - Dump windows credentials.

• DVCS Ripper (⭐1.5k) - Rips web accessible (distributed) version control systems.

• Exif Tool - Read, write and edit file metadata.

• Extundelete - Used for recovering lost data from mountable images.

• Fibratus (⭐1.7k) - Tool for exploration and tracing of the Windows kernel.

• Fsck.ext4 - Used to fix corrupt filesystems.

• Malzilla - Malware hunting tool.

• NetworkMiner - Network Forensic Analysis Tool.

• PDF Streams Inflater - Find and extract zlib files compressed in PDF files.

• ResourcesExtract - Extract various filetypes from exes.

• Shellbags (⭐139) - Investigate NT_USER.dat files.

• USBRip (⭐1.1k) - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.

• Volatility (⭐5.7k) - To investigate memory dumps.

• OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.

• Registry Viewer® - Used to view Windows registries.

Platforms

• CTFd (⭐4.3k) - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.

• FBCTF (⭐6.5k) - Platform to host Capture the Flag competitions from Facebook.

• Haaukins (⭐146)- A Highly Accessible and Automated Virtualization Platform for Security Education.

• HackTheArch (⭐62) - CTF scoring platform.

• Mellivora (⭐405) - A CTF engine written in PHP.

• NightShade (⭐104) - A simple security CTF framework.

• OpenCTF (⭐78) - CTF in a box. Minimal setup required.

• PicoCTF (⭐265) - The platform used to run picoCTF. A great framework to host any CTF.

• PyChallFactory (⭐83) - Small framework to create/manage/package jeopardy CTF challenges.

• RootTheBox (⭐691) - A Game of Hackers (CTF Scoreboard & Game Manager).

• Scorebot (⭐46) - Platform for CTFs by Legitbs (Defcon).

• SecGen (⭐2.4k) - Security Scenario Generator. Creates randomly vulnerable virtual machines.

Web

• Uglify (⭐12k)

• Hackbar - Firefox addon for easy web exploitation.

• Postman - Add on for chrome for debugging network requests.

• Raccoon (⭐2.6k) - A high performance offensive security tool for reconnaissance and vulnerability scanning.

• SQLMap (⭐25k) - Automatic SQL injection and database takeover tool. pip install sqlmap

• XSSer - Automated XSS testor.

Attacks

• Yersinia (⭐548) - Attack various protocols on layer 2.

Crypto

• CyberChef - Web app for analysing and decoding data.

• FeatherDuster (⭐989) - An automated, modular cryptanalysis tool.

• Hash Extender (⭐888) - A utility tool for performing hash length extension attacks.

• padding-oracle-attacker (⭐154) - A CLI tool to execute padding oracle attacks.

• PkCrack - A tool for Breaking PkZip-encryption.

• RSACTFTool (⭐3.9k) - A tool for recovering RSA private key with various attack.

• RSATool (⭐851) - Generate private key with knowledge of p and q.

• XORTool (⭐1.2k) - A tool to analyze multi-byte xor cipher.

Bruteforcers

• John The Jumbo (⭐6.9k) - Community enhanced version of John the Ripper.

• John The Ripper - Password Cracker.

Exploits

• DLLInjector (⭐453) - Inject dlls in processes.

• Pwntools (⭐9.5k) - CTF Framework for writing exploits.

• Qira (⭐3.6k) - QEMU Interactive Runtime Analyser.

• ROP Gadget (⭐3.2k) - Framework for ROP exploitation.

• V0lt (⭐358) - Security CTF Toolkit.

Networking

• Zeek - An open-source network security monitor.

Reversing

• Androguard (⭐4.1k) - Reverse engineer Android applications.

• Angr (⭐6.2k) - platform-agnostic binary analysis framework.

• Apk2Gold (⭐616) - Yet another Android decompiler.

• ApkTool - Android Decompiler.

• Barf (⭐1.3k) - Binary Analysis and Reverse engineering Framework.

• Binary Ninja - Binary analysis framework.

• BinUtils - Collection of binary tools.

• ctf_import (⭐100) – run basic functions from stripped binaries cross platform.

• cwe_checker (⭐741) - cwe_checker finds vulnerable patterns in binary executables.

• demovfuscator (⭐597) - A work-in-progress deobfuscator for movfuscated binaries.

• Frida - Dynamic Code Injection.

• GDB - The GNU project debugger.

• GEF (⭐5.1k) - GDB plugin.

• Hopper - Reverse engineering tool (disassembler) for OSX and Linux.

• IDA Pro - Most used Reversing software.

• Jadx (⭐32k) - Decompile Android files.

• Java Decompilers - An online decompiler for Java and Android APKs.

• Krakatau (⭐1.6k) - Java decompiler and disassembler.

• Objection (⭐5.4k) - Runtime Mobile Exploration.

• PEDA (⭐5.2k) - GDB plugin (only python2.7).

• Pin - A dynamic binary instrumentaion tool by Intel.

• PINCE (⭐1.5k) - GDB front-end/reverse engineering tool, focused on game-hacking and automation.

• PinCTF (⭐449) - A tool which uses intel pin for Side Channel Analysis.

• radare2 (⭐17k) - A portable reversing framework.

• Triton (⭐2.6k) - Dynamic Binary Analysis (DBA) framework.

• Uncompyle (⭐410) - Decompile Python 2.7 binaries (.pyc).

• WinDbg - Windows debugger distributed by Microsoft.

• Xocopy - Program that can copy executables with execute, but no read permission.

• Z3 (⭐8.1k) - A theorem prover from Microsoft Research.

• Detox - A Javascript malware analysis tool.

• Revelo - Analyze obfuscated Javascript code.

• Swftools - Collection of utilities to work with SWF files.

Services

• CSWSH - Cross-Site WebSocket Hijacking Tester.

• Request Bin - Lets you inspect http requests to a particular url.

Steganography

• AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).

• Convert - Convert images b/w formats and apply filters.

• Exif - Shows EXIF information in JPEG files.

• Exiftool - Read and write meta information in files.

• Exiv2 - Image metadata manipulation tool.

• ImageMagick - Tool for manipulating images.

• Outguess - Universal steganographic tool.

• SmartDeblur (⭐2.2k) - Used to deblur and fix defocused images.

• Steganabara - Tool for stegano analysis written in Java.

• Stegbreak - Launches brute-force dictionary attacks on JPG image.

• StegCracker (⭐471) - Steganography brute-force utility to uncover hidden data inside files.

• stegextract (⭐98) - Detect hidden files and text in images.

• Steghide - Hide data in various kind of images.

• Stegsolve - Apply various steganography techniques to images.

• Zsteg (⭐940) - PNG/BMP analysis.

Operating Systems

• Android Tamer - Based on Debian.

• BackBox - Based on Ubuntu.

• BlackArch Linux - Based on Arch Linux.

• Fedora Security Lab - Based on Fedora.

• Kali Linux - Based on Debian.

• Parrot Security OS - Based on Debian.

• Pentoo - Based on Gentoo.

• URIX OS - Based on openSUSE.

• Wifislax - Based on Slackware.

• Flare VM (⭐4.1k) - Based on Windows.

• REMnux - Based on Debian.

Tutorials

• CTF Field Guide - Field Guide by Trails of Bits.

• CTF Resources - Start Guide maintained by community.

• LiveOverFlow - Video tutorials on Exploitation.

• MIPT CTF (⭐250) - A small course for beginners in CTFs (in Russian).

Wargames

• Crackmes - Reverse Engineering Challenges.

• Exploit Exercises - Variety of VMs to learn variety of computer security issues.

• Exploit.Education - Variety of VMs to learn variety of computer security issues.

• Gracker (⭐4) - Binary challenges having a slow learning curve, and write-ups for each level.

• Microcorruption - Embedded security CTF.

• Over The Wire - Wargame maintained by OvertheWire Community.

• PWN Challenge - Binary Exploitation Wargame.

• Pwnable.kr - Pwn Game.

• Pwnable.tw - Binary wargame.

• Pwnable.xyz - Binary Exploitation Wargame.

• Reversin.kr - Reversing challenge.

• Ringzer0Team - Ringzer0 Team Online CTF.

• ROP Wargames (⭐20) - ROP Wargames.

• Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.

Websites

• CTF Time - General information on CTF occuring around the worlds.

• Reddit Security CTF - Reddit CTF category.

Wikis

• Bamboofox - Chinese resources to learn CTF.

• bi0s Wiki - Wiki from team bi0s.

• ISIS Lab (⭐379) - CTF Wiki by Isis lab.

• OpenToAll (⭐122) - CTF tips by OTA CTF team members.

Writeups Collections

• Captf - Dumped CTF challenges and materials by psifertex.

• CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community.

• CTFTime Scrapper (⭐27) - Scraps all writeup from CTF Time and organize which to read first.

• pwntools writeups (⭐458) - A collection of CTF write-ups all using pwntools.

• Shell Storm - CTF challenge archive maintained by Jonathan Salwan.

Exploits

• Metasploit - Penetration testing software.
  • Cheatsheet

Reversing

• Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.

Web

• Metasploit JavaScript Obfuscator (⭐29k)

Wargames

• Hacking-Lab - Ethical hacking, computer network and security challenge platform.

Wargames

• Hone Your Ninja Skills - Web challenges starting from basic ones.

Attacks

• Bettercap (⭐12k) - Framework to perform MITM (Man in the Middle) attacks.

Wargames

• Root-Me - Hacking and Information Security learning platform.

Networking

• Masscan (⭐20k) - Mass IP port scanner, TCP port scanner.

• Nmap - An open source utility for network discovery and security auditing.

• Zmap - An open-source network scanner.

Wargames

• W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.

Wargames

• Hack The Box - Weekly CTFs for all types of security enthusiasts.

Exploits

• one_gadget (⭐1.7k) - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.
  • gem install one_gadget

Bruteforcers

• Nozzlr (⭐61) - Nozzlr is a bruteforce framework, trully modular and script-friendly.

• Patator (⭐3k) - Patator is a multi-purpose brute-forcer, with a modular design.

Bruteforcers

• Hashcat - Password Cracker

Exploits

• libformatstr (⭐332) - Simplify format string exploitation.

Web

• OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses

Wargames

• Juice Shop CTF (⭐317) - Scripts and tools for hosting a CTF on OWASP Juice Shop easily.

Networking

• Nipe (⭐1.5k) - Nipe is a script to make Tor Network your default gateway.

Reversing

• Plasma (⭐3k) - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.

Web

• Commix (⭐3.5k) - Automated All-in-One OS Command Injection and Exploitation Tool.

Starter Packs

• LazyKali (⭐41) - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Reversing

• Xxxswf - A Python script for analyzing Flash files.

Web

• W3af (⭐4k) - Web Application Attack and Audit Framework.

Networking

• Wireshark - Analyze the network dumps.
  • apt-get install wireshark

Wargames

• IO - Wargame for binary challenges.

Wargames

• WebHacking - Hacking challenges for web.

Wargames

• Backdoor - Security Platform by SDSLabs.

• SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.

Starter Packs

• CTF Tools (⭐7k) - Collection of setup scripts to install various security research tools.

Reversing

• RABCDAsm (⭐402) - Collection of utilities including an ActionScript 3 assembler/disassembler.

Wargames

• VulnHub - VM-based for practical in digital security, computer application & network administration.

Tutorials

• How to Get Started in CTF - Short guideline for CTF beginners by Endgame

Forensics

• Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
  • apt-get install aircrack-ng

Writeups Collections

• Smoke Leet Everyday (⭐180) - CTF write-ups repo maintained by SmokeLeetEveryday team.

Wargames

• Hack This Site - Training ground for hackers.

Bruteforcers

• Ophcrack - Windows password cracker based on rainbow tables.

Forensics

• Audacity - Analyze sound files (mp3, m4a, whatever).
  • apt-get install audacity

• Bkhive and Samdump2 - Dump SYSTEM and SAM files.
  • apt-get install samdump2 bkhive

• Foremost - Extract particular kind of files using headers.
  • apt-get install foremost

Reversing

• BinWalk (⭐8.6k) - Analyze, reverse engineer, and extract firmware images.

Steganography

• Pngtools - For various analysis related to PNGs.
  • apt-get install pngtools