Capture The Flag (CTF) Toolkit

A list of my most used tools for a CTF engagement.

1. Networking

NMAP (Network Mapper): Port scanning, vulnerability detection, services enumeration and much more. Check out it’s documentation to see more.
RustScan: It uses a different method to scan ports much quicker than nmap, which then can be passed to nmap script engine.

hydra: Login cracker which supports numerous protocols to attack.
enum4linux: A tool for enumerating information from Windows and Samba systems.
Impacket: A collection of Python classes for working with network protocols. Focused on providing low-level programmatic access to the packets and for some protocols the protocol implementation itself.

GoBuster: Mainly used for directory brute forcing, but it has more options like dns, fuzz and vhost. You can install it on Kali Linux using the command “sudo apt install gobuster”
Nikto: Web application vulnerability scanner. Just give this man a link and he will do his best to find security lacks.
Burpsuite: The go-to tool for web application penetration testing. It has a tun of options, I highly recommend you go check it out.
OWASP ZAP: Free and open source web app scanner.
WPScan: Facing a wordpress-made website? This tool definitely can help you. Plugins and themes enumeration, vulnerability assessment (this needs an api token, you can get one creating an account here) and much more.
SQLMap: You can scan a entire website for SQL Injection vulnerabilities using this tool, including forms, parameters and more.
Postman: Requests debugging and much more. Also has a chrome extension, but deprecated.
Wfuzz: Designed for bruteforcing Web Applications, it can be used for finding resources, and checking different kinds of injections.

There are a bunch of online tools for decoding, deciphering and etc.

john: Local hash cracking tool
hashcat: Local hash cracking tool
Decoding base64 from CLI using: echo “base64_code” | base64 -d
John The Ripper scripts: You can find it in /usr/share/john (kali linux). You can convert a bunch of files to john for brute forcing. Example: if there’s a password encrypted zip file, you can use: zip2john file.zip > john.txt and then john john.txt and specify the wordlist.

Steghide: Hides and extracts data from files. You can install it on your kali machine running the command: sudo apt install steghide
Extracting data example: steghide extract -sf file.jpg
Stegpy: Extract hidden data from png, bmp, gif, webp and wav.
Audacity: Multi-track audio editor.
outguess: Hides and extracts data in the most redundant content data bits of existing files.

Binwalk: Search into a given binary for embedded files and executable code.
ExifTool: Reading, writing and editing metadata information in a wide variety of files.
strings: Prints the strings of printable characters from a file. Part of kali’s suite of tools

Radare2: r2 is a rewrite from scratch of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks.
hexeditor: Part of kali’s suite of tools for editing files hexadecimal values.
ghidra: A suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

searchsploit: A command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. Already included by default in Kali.
Metasploit: The world’s most used penetration testing framework.
Pwntools: CTF framework designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
Commix: Test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security
Reverse shell generator: An online reverse shell generator.

CTF Platforms that I use and I think they’re great: