Skip to content

DU4L/tool-lists

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 

Repository files navigation

Tool List

Here you can find some useful tools to solve a CTF. Feel free to add some tools!

Categories

  1. Web
  2. Forensic
  3. Misc
  4. Crypto
  5. Reverse
  6. OSINT
  7. Exploit
  8. Other

Web

Wappalyzer

Wappalyzer is a browser extension to identify web technologies utilized by a website.

OWASP favicon database

The OWASP favicon database can be used to identify common web platforms based on the MD5 hash of the favicon.

CRT.SH

crt.sh contains a searchable database of various certificate transparency logs to find other certificates issues for the same domain or by the same organisation.

Sublist3r

Sublister enumerates subdomains using various search engines.

Forensic

Binwalk

Binwalk is a tool for searching binary files like images and audio files for embedded files and data.

    binwalk file        //Displays the embedded data in the given file 
    binwalk -e file     //Displays and extracts the data from the given file

WavstegPermalink

WavSteg is a python3 tool that can hide data and files in wav files and can also extract data from wav files.

    python3 WavSteg.py -r -s soundfile -o outputfile

Exiftool

Sometimes important stuff is hidden in the metadata of the image or the file , exiftool can be very helpful to view the metadata of the files.

    exiftool "file"     shows the metadata of the given file

Misc

Crypto

Whatever happens, google is your friend. There are a lot cryptography tools online. Some of them are good tools some are made offline like OpenSSL.

Cracking compressed file:

  • John the Ripper
    john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
  • fcrackzip
    fcrackzip -D -u -p rockyou.txt  filename.zip
  • Hashcat

Reverse

Ghidra is a Software Reverse Engineering (SER) Framework developed by the NSA. Features include a disassembler (binary data -> ASM), decompiler (ASM -> C), a debugger (with GDB) and a scripting interface.

The Gnu-Debugger is a debugger for Linux, allowing you to examine the program at runtime. With GEF (GDB Enhanced Features) you get a nicer output and easier command syntax.

A (spiritual) successor to the classic OllyDbg, allowing you to debug x86/x64 binaries on windows.

A very useful python package which makes exploit development quick and easy for CTFs.

A unix x86/x64 disassembler

A tool for Android reverse engineering, can decompile an .apk file.

A network proxy allowing you to intercept HTTP(S) traffic and read it. This can be useful if you want to find out what API an Android App talks to, simply point your Android proxy to Fiddler and you will see all the traffic.

A tool which helps you identify data about an executable, e.g. tools used for obfuscation and compiler and linker data.

OSINT

Find owner of websites or IP-Addres with who.is

Find every platform a user might be registered

Exploit

Other

About

Useful tools for CTF different categories.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •