CTF Tools

CTF Tools



Wireshark is a widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides a rich set of features that enable users to perform in-depth analysis of network data.



Fiddler is a web debugging tool that allows you to inspect all HTTP(S) traffic between your computer and the Internet. It's particularly useful for web developers and testers who need to debug web applications, troubleshoot connectivity issues, and optimize web performance.



Dirsearch is a command-line tool designed for directory and file enumeration on web servers. It is commonly used in the information gathering phase of a penetration test or a bug bounty hunt to discover hidden directories, files, and potentially sensitive information that could pose a security risk.



HxD is a versatile hexadecimal editor that is widely used for various tasks related to binary data manipulation, reverse engineering, and data analysis. It provides users with a user-friendly interface to view and edit raw binary data in hexadecimal format.



Stegsolve is a versatile steganography analysis tool that helps users detect and extract hidden data embedded within images. It offers a range of features designed to analyze various forms of image-based steganography, such as LSB (Least Significant Bit) encoding and other more sophisticated methods.



Audacity is a free, open-source, cross-platform audio software that is widely used for recording, editing, and processing audio files. It provides a comprehensive set of tools that enable users to perform a variety of audio tasks with ease and efficiency.



IDA Pro, often referred to as the Interactive DisAssembler, is a premier disassembler and debugger tool used by reverse engineers, security researchers, and software developers. It is renowned for its ability to convert machine code into readable assembly language, which is instrumental in understanding the inner workings of software, analyzing malware, and performing vulnerability assessments.



JADX is an open-source decompiler and disassembler for Android applications. It is a powerful tool used to convert dex (Dalvik Executable) and apk (Android Package Kit) files back into a more human-readable format, typically Java source code. This allows developers and reverse engineers to analyze and understand the underlying source code of Android apps, which can be useful for various purposes such as auditing app security, modifying app behavior, or simply learning from existing code.


Binary Ninja

Binary Ninja is a powerful reverse engineering platform that enables users to analyze and manipulate binary code. It is designed for a range of tasks, from malware analysis and vulnerability research to software auditing and code optimization. The platform offers a unique combination of features that facilitate a deeper understanding of binary executables.



JD-GUI is a stand-alone graphical utility that displays Java source codes of '.class' files. It is a reverse engineering tool that allows developers and researchers to inspect and analyze compiled Java classes without needing the original source code. JD-GUI is particularly useful for understanding the inner workings of libraries, debugging complex issues, and learning from the design and implementation of other Java applications.



Ghidra is a software reverse engineering (SRE) framework developed and maintained by the National Security Agency Research Directorate. It is a comprehensive suite of tools that supports the analysis of compiled code on various platforms, including Windows, macOS, and Linux. Ghidra offers a range of features such as disassembly, assembly, decompilation, graphing, and scripting, catering to both user interaction and automation. The framework is capable of handling multiple processor instruction sets and executable formats, and it can be extended with custom scripts and plugins developed in Java or Python.


Burp Suite

Burp Suite is a widely used integrated platform for performing security testing of web applications. It is designed to help security professionals identify vulnerabilities such as cross-site scripting (XSS), SQL injection, and other common threats. The suite offers a range of tools that work seamlessly together to support the entire process of attacking a web application, from initial mapping and scanning to later stages of analysis and exploitation.



Zsteg is a steganalysis tool designed to detect and extract hidden information embedded within various types of digital media, such as images, audio files, and videos. The primary function of Zsteg is to analyze the content of these files to identify any anomalies or patterns that may indicate the presence of steganography.



ExifTool is a powerful command-line utility for reading, writing, and editing metadata in image, audio, and video files, as well as other types of files. It is widely used in the CTF (Capture The Flag) community for its ability to extract and manipulate Exif (Exchangeable Image File Format) data, which often contains valuable information for forensic analysis and steganalysis.


010 Editor

010 Editor, often referred to simply as "zero one zero," is a professional-grade hex editor designed for various tasks such as data recovery, security testing, and file analysis.



MP3Stego is a software tool used for audio steganography, specifically for embedding hidden data within MP3 audio files. This allows users to transmit information covertly, as the audio file containing the hidden data can appear normal to the listener. It is often used in the context of CTF (Capture The Flag) challenges to test the participants' skills in steganography and steganalysis (the detection of steganographic content). MP3Stego is a classic tool in the field and has been the subject of various analyses and research papers, making it a staple in the CTF community for audio-related challenges.



Nmap is a utility for network discovery and security auditing. It is used to identify hosts on a network, detect open ports, and determine which services are running on those ports. Nmap is particularly valuable for its ability to reveal potential vulnerabilities in networked systems and is a fundamental tool in the cybersecurity field. It is often used in CTF (Capture The Flag) competitions for network-based challenges that require the identification and exploitation of open ports or services. Nmap supports a variety of port scanning techniques, making it a versatile tool for network reconnaissance and security assessment.



OllyDbg is a binary debugger tool used for reverse engineering and analyzing executable files, particularly those compiled from high-level programming languages such as C, C++, and others. It is widely recognized in the cybersecurity community for its user-friendly interface and powerful features that assist in tasks such as disassembly, debugging, and patching of software. OllyDbg is frequently employed in CTF (Capture The Flag) competitions, especially in challenges that involve binary exploitation, vulnerability assessment, and understanding the inner workings of compiled code. It allows participants to step through code execution, set breakpoints, and analyze memory, which are crucial skills for tackling complex security problems.



GDB, or the GNU Debugger, is a sophisticated command-line debugger that is widely used in software development and reverse engineering. It is a critical tool in the CTF (Capture The Flag) community for its ability to debug and analyze programs written in various programming languages, such as C, C++, and others. GDB allows users to start and stop the execution of programs at specific points (breakpoints), examine the state of the program (including variables, registers, and memory), and modify the program's execution path. This capability is essential for understanding how a program works, identifying bugs, and uncovering security vulnerabilities.



Ysoserial is a tool that is widely recognized in the cybersecurity field for its role in generating payloads that exploit unsafe Java object deserialization.



Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.



This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O/Raw formats on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.



WinDbg is a powerful Microsoft Windows debugger that is widely used for debugging Windows applications, analyzing system crashes, and performing low-level system analysis. It is part of the Windows Debugger (WinDbg) suite, which includes the kernel-mode debugger, the user-mode debugger, and the debugger engine. WinDbg is an essential tool for developers, system administrators, and security researchers who need to delve into the inner workings of the Windows operating system and applications.



Checksec is a bash script to check the properties of executables (like PIE, RELRO, Canaries, ASLR, Fortify Source).



x64dbg is an open-source debugging tool for Windows that offers powerful features for reverse engineering and analyzing executables, particularly for x86 and x64 architectures. It is designed to help developers and security researchers in tasks such as debugging, malware analysis, and understanding the inner workings of software.



"Detect It Easy" (often abbreviated as DIE) is a tool designed for the detection of various types of packers, cryptors, and protectors used by malware and some legitimate software to obfuscate their code. The tool is used by security researchers, malware analysts, and IT professionals to identify the obfuscation techniques used by a given binary, which can be crucial in the process of malware analysis and reverse engineering.



"ExeInfoPE" is a tool used for analyzing Portable Executable (PE) files, which are common in the Windows operating system for executables, DLLs (Dynamic Link Libraries), and device drivers. It is a versatile utility that provides detailed information about the structure and content of PE files.


Cheat Engine

Cheat Engine is an open-source tool designed for modifying single-player games running under the Windows operating system. It is often used by gamers to alter game data such as health, time, money, or speed to make the game easier or to experiment with game mechanics. However, it should be noted that using Cheat Engine or any other game modification tools can violate the terms of service of some games and can potentially lead to bans or other penalties.



GJoy Dex Analyzer (GDA) is a software tool designed for analyzing and manipulating Dalvik bytecode, which is used by Android applications. It is particularly useful for developers and reverse engineers who need to inspect or modify the compiled code of Android apps (APKs).



Decompyle++ aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support byte-code from any version of Python.



WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.



CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.



AntSword is an open source, cross-platform website administration tool, being designed to meet the needs of penetration testers together with security researchers with permissions and/or authorizations as well as webmasters.



ZipCenOp is a Java tool to play with Zip pseudo-encryption.



hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.


John the Ripper

John the Ripper is a powerful and widely used password-cracking tool that has been around since the early 1990s. It is open-source software, and its primary purpose is to test the strength of passwords by attempting to crack them through various methods. It is named after the character Jack the Ripper, symbolizing its ability to penetrate ("rip") through password defenses.



Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.