Inspired by the tool list published by TUCTF, we thought it would be a good idea to provide a list of tools we use to compete in various CTFs. We’ll be updating this list periodically.
- Reverse Engineering
WaoN is a Wave-to-Notes transcriber, that is, the inverse of timidity by Tuukka Toivonen (and its descendants timidity++).
Midi Sheet Music is a free program that simultaneously,
- Plays MIDI music files
- Highlights the piano notes
- Highlights the sheet music notes
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus many more hashes and ciphers in “community enhanced” -jumbo versions and/or with other contributed patches.
rsatool calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d).
Resulting parameters are displayed and can optionally be written as an OpenSSL compatible DER or PEM encoded RSA private key.
A tool to do some xor analysis,
- Guess the key length (based on count of equal chars)
- Guess the key (base on knowledge of most frequent char)
PEDA (Python Exploit Development Assistance for GDB) [Github]
- Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging.
- Add commands to support debugging and exploit development (for a full list of commands use peda help)
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine – The older version can be found in the Archives directory but it will not be maintained.
Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
Aircrack-ng is a complete suite of tools to assess WiFi network security.
HxD is a fast free hex editor that can open files of any size (up to 8EB), gives raw read/write access to disks and main memory (RAM), still being as easy to use as any text-editor.
A Hex Editor.
binwalk is a fast, easy to use tool for analyzing and extracting firmware images.
6. Reverse Engineering
Java Decompiler [Website]
The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all. Evaluation version available.
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.
Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..
VB Decompiler [Website]
VB Decompiler has a built-in powerful disassembler and emulator commands to the extent possible to bring the assembly code to the original.
Extracts data from images useful in their analysis.
Provides additional tools for analyzing pictures.
See binwalk in Forensics, capable of retrieving embedded photos.
Burp Suite [Website]
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Postman (Chrome extension) [Website]
Create and send POST requests from within Chrome.
Tamper Data (Firefox Extension) [Website]
Intercept, tamper with, and resend POST requests from within Firefox.