Capture The Flag (CTF) Toolkit

A list of my most used tools for a CTF engagement.

Photo by Arget on Unsplash

1. Networking

Port Scanning

  • NMAP (Network Mapper): Port scanning, vulnerability detection, services enumeration and much more. Check out it’s documentation to see more.
  • RustScan: It uses a different method to scan ports much quicker than nmap, which then can be passed to nmap script engine.

Protocols

  • hydra: Login cracker which supports numerous protocols to attack.
  • enum4linux: A tool for enumerating information from Windows and Samba systems.
  • Impacket: A collection of Python classes for working with network protocols. Focused on providing low-level programmatic access to the packets and for some protocols the protocol implementation itself.

Others

  • Wireshark: Network protocol analyzer.
  • Aircrack-NG: Complete suite of tools to assess WiFi network security.

2. Web Application

  • GoBuster: Mainly used for directory brute forcing, but it has more options like dns, fuzz and vhost. You can install it on Kali Linux using the command “sudo apt install gobuster”
  • Nikto: Web application vulnerability scanner. Just give this man a link and he will do his best to find security lacks.
  • Burpsuite: The go-to tool for web application penetration testing. It has a tun of options, I highly recommend you go check it out.
  • OWASP ZAP: Free and open source web app scanner.
  • WPScan: Facing a wordpress-made website? This tool definitely can help you. Plugins and themes enumeration, vulnerability assessment (this needs an api token, you can get one creating an account here) and much more.
  • SQLMap: You can scan a entire website for SQL Injection vulnerabilities using this tool, including forms, parameters and more.
  • Postman: Requests debugging and much more. Also has a chrome extension, but deprecated.
  • Wfuzz: Designed for bruteforcing Web Applications, it can be used for finding resources, and checking different kinds of injections.

3. Hashing & cryptography

Online

There are a bunch of online tools for decoding, deciphering and etc.

Local

  • john: Local hash cracking tool
  • hashcat: Local hash cracking tool
  • Decoding base64 from CLI using: echo “base64_code” | base64 -d
  • John The Ripper scripts: You can find it in /usr/share/john (kali linux). You can convert a bunch of files to john for brute forcing. Example: if there’s a password encrypted zip file, you can use: zip2john file.zip > john.txt and then john john.txt and specify the wordlist.

4. Steganography & hidden data

Steganography

  • Steghide: Hides and extracts data from files. You can install it on your kali machine running the command: sudo apt install steghide
    Extracting data example: steghide extract -sf file.jpg
  • Stegpy: Extract hidden data from png, bmp, gif, webp and wav.
  • Audacity: Multi-track audio editor.
  • outguess: Hides and extracts data in the most redundant content data bits of existing files.

Hidden data

  • Binwalk: Search into a given binary for embedded files and executable code.
  • ExifTool: Reading, writing and editing metadata information in a wide variety of files.
  • strings: Prints the strings of printable characters from a file. Part of kali’s suite of tools

5. Reverse engineering

  • Radare2: r2 is a rewrite from scratch of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks.
  • hexeditor: Part of kali’s suite of tools for editing files hexadecimal values.
  • ghidra: A suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

6. Exploitation

  • searchsploit: A command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. Already included by default in Kali.
  • Metasploit: The world’s most used penetration testing framework.
  • Pwntools: CTF framework designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
  • Commix: Test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
  • PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security
  • Reverse shell generator: An online reverse shell generator.

7. Extra

CTF Platforms that I use and I think they’re great:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store