CTF-Checklist

A composite list of various vulnerabilities and tools to look for and use while exploiting common CTF challenges

Forensics

Tool	Description	Link
Wireshark	Capture packets sent by devices and analyze pcap files	Wireshark
pkcrack	Crack zip passwords or run known plaintext attacks	pkcrack
volatility	Analyze memory dumps	volatility
rockyou.txt	List of common passwords helpful in many categories	rockyou.txt
Aperi Solve	Image forensics tool that runs many stegonography tools	Aperi Solve
Audacity	Analyze, visualize, and modify audio files	Audacity
SleuthKit	Analyze disk drives and dumps	SleuthKit
John The Ripper	General purpose password cracker	John The Ripper
dsniff	Sniff passwords from packet capture files	dsniff
foremost	Extract files from other files by header	sudo apt install foremost
stegsnow	white space steganography	sudo apt install steganography

Web

Tool	Description	Link
RequestBin	Capture web requests	RequestBin
revshells	Generate reverse web shells for upload to a variety of different server types	revshells
BurpSuite	Intercept http requests, analyze them, and modify them before sending	BurpSuite
sqlmap	Automate sending sql injection payloads and detect sql injections on webpages	sqlmap
SQL Injection	SQL Injection authentication bypass cheatsheet	sql cheatsheet
SUID Find	Find SUID binaries on a linux system using find / -perm -u=s -type f 2>/dev/null
root binary find	Find binaries that run with root privileges	sudo -l
Dirbuster	Find hidden directory and file paths on web servers	Dirbuster
Postman	General purpose HTTP request debugger and generator	Postman

Binary Exploitation

Tool	Description	Link
ir0nstone	PWN tutorials containing many resources/scripts for solving pwn challenges	ir0nstone
pwntools	Python library for prototyping and writing exploits	pwntools
ROPGadget	Tool for find ROP tools and crafting ROP chains	ROPGadget
shellstorm	Database of shellcode in both assembly and byte format	shellstorm
Wiremask Buffer Overflow	Buffer overflow pattern generator that when combined with gdb can determine the offset to EIP/RIP when no canary is present	Wiremask
one_gadget	Find ROP gadgets specifically for spawning a shell i.e ROPing to execve('/bin/sh/, NULL, NULL)	one_gadget
checksec	check binary security properties of the executable revealing which attack vectors will be possible	sudo apt-get install checksec
Guide to Reading Assembly	The faker's guide to reading (x86) assembly language	Assembly Guide

Reverse Engineering

Tool	Description	Link
Ghidra	Reverse Engineering toolkit for decompiling binaries into C code for static analysis	Ghidra
Uncompyle	Decompile Python binaries	Uncompyle
angr	Binary analysis platform for Python with static/dynamic analysis support and symbolic execution	angr
jdgui	Java decompiler for .class files	jdgui
IDA Freeware	Binary code analysis and reverse engineering	IDA Freeware
ImHex	Hex Editor for reverse engineering with patterns	ImHex

Cryptography

Tool	Description	Link
alpertron	Factor very large integers	alpertron
factordb	Database of many factored large integers	factordb
CyberChef	Generally useful for analyze encoded/encrypted strings and files	CyberChef
z3	Theorem prover	z3
OR-Tools	Similar to z3 but supposedly faster	OR-Tools
RsaCtfTool	Python script for automatically running known RSA attacks given various inputs	RsaCtfTool
sage	Fast math good. Fast math as python library good for quick scripting solutions	sage
xortool	Good for multi-byte xor analysis	xortool
randcrack	Predict values generated by Python's random module	randcrack
RSA Algorithm	A nice explanation of the RSA algorithm by Lei Mao	RSA Tutorial
Elliptic Curves	Elliptic Curve notes by Ben Lynn	Elliptic Curves
cryptopals	Website with learning tools and challenges for learning about cryptography	cryptopals

OSINT

Tool	Description	Link
ARPSyndicate	List of helpful OSINT resources	ARPSyndicate
Epieos	OSINT Tool search engine that performs a variety of searches	Epieos

Papers

Category	Title	Link
crypto	Solving problems with the LLL algorithm	LLL