Capture The Flag (CTF) Toolkit
A list of my most used tools for a CTF engagement.
- NMAP (Network Mapper): Port scanning, vulnerability detection, services enumeration and much more. Check out it’s documentation to see more.
- RustScan: It uses a different method to scan ports much quicker than nmap, which then can be passed to nmap script engine.
- hydra: Login cracker which supports numerous protocols to attack.
- enum4linux: A tool for enumerating information from Windows and Samba systems.
- Impacket: A collection of Python classes for working with network protocols. Focused on providing low-level programmatic access to the packets and for some protocols the protocol implementation itself.
2. Web Application
- GoBuster: Mainly used for directory brute forcing, but it has more options like dns, fuzz and vhost. You can install it on Kali Linux using the command “sudo apt install gobuster”
- Nikto: Web application vulnerability scanner. Just give this man a link and he will do his best to find security lacks.
- Burpsuite: The go-to tool for web application penetration testing. It has a tun of options, I highly recommend you go check it out.
- OWASP ZAP: Free and open source web app scanner.
- WPScan: Facing a wordpress-made website? This tool definitely can help you. Plugins and themes enumeration, vulnerability assessment (this needs an api token, you can get one creating an account here) and much more.
- SQLMap: You can scan a entire website for SQL Injection vulnerabilities using this tool, including forms, parameters and more.
- Postman: Requests debugging and much more. Also has a chrome extension, but deprecated.
- Wfuzz: Designed for bruteforcing Web Applications, it can be used for finding resources, and checking different kinds of injections.
3. Hashing & cryptography
There are a bunch of online tools for decoding, deciphering and etc.
- john: Local hash cracking tool
- hashcat: Local hash cracking tool
- Decoding base64 from CLI using: echo “base64_code” | base64 -d
- John The Ripper scripts: You can find it in /usr/share/john (kali linux). You can convert a bunch of files to john for brute forcing. Example: if there’s a password encrypted zip file, you can use: zip2john file.zip > john.txt and then john john.txt and specify the wordlist.
4. Steganography & hidden data
- Steghide: Hides and extracts data from files. You can install it on your kali machine running the command: sudo apt install steghide
Extracting data example: steghide extract -sf file.jpg
- Stegpy: Extract hidden data from png, bmp, gif, webp and wav.
- Audacity: Multi-track audio editor.
- outguess: Hides and extracts data in the most redundant content data bits of existing files.
5. Reverse engineering
- Radare2: r2 is a rewrite from scratch of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks.
- hexeditor: Part of kali’s suite of tools for editing files hexadecimal values.
- ghidra: A suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.
- searchsploit: A command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. Already included by default in Kali.
- Metasploit: The world’s most used penetration testing framework.
- Pwntools: CTF framework designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
- Commix: Test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
- PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security
- Reverse shell generator: An online reverse shell generator.