ctf-tools.md

opensource-ctf-tools

A collection of open source CTF tools

Environments

Vulnerable environments

• Vulnerable By Design ~ VulnHub
• logicalhacking/DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities
• OWASP/igoat - OWASP iGoat - A Deliberately Insecure Application to learn iOS App Pentesting and Defense
• a0xnirudh/kurukshetra - A framework for teaching secure coding by means of interactive problem solving
• PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
• KNOXSS Add-on Test Page - XSS 测试环境
• s4n7h0/xvwa - a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security

CTF source codes

• tharina/35c3ctf - 35C3 Junior CTF pwnables

Online resources

• Hack The Box :: Penetration Testing Labs
• Root Me : Hacking and Information Security learning platform

Collections

Cheatsheet

• w181496/Web-CTF-Cheatsheet

AWS

• RhinoSecurityLabs/cloudgoat - Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool

Windows kernel

• clymb3r/KdExploitMe - A kernel driver to practice writing exploits against, as well as some example exploits using public techniques
• hacksysteam/HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Windows Driver

Linux

• r0hi7/BinExp - Linux Binary Exploitation

LDAP

• digininja/vuLnDAP - A vulnerable LDAP based web app written in Golang

ARM

• bkerler/exploit_me - Very vulnerable ARM application (CTF style exploitation tutorial)

iOS

• OWASP/iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

NodeJS

• bkimminich/juice-shop - an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws

Crackme

• reoky/android-crackme-challenge - A collection of reverse engineering challenges for learning about the Android operating system and mobile security

Uncategorized

• CTF资源库|CTF工具下载|CTF工具包|CTF工具集合
• DominicBreuker/stego-toolkit - Collection of steganography tools - helps with CTF challenges
• jnferguson/double-free-examples - Basic examples of double free exploitation/etc functionality in glibc/jemalloc/tcmalloc

Tips

• Naetw/CTF-pwn-tips - Here records some tips about pwn
• CTF Wiki

Writeups

• orangetw/My-CTF-Web-Challenges - Collection of CTF Web challenges I made
• Shiva108/CTF-notes - Mostly CTF notes
• Solveme.peng.kr平台Web题解
• 第二届强网杯Web Writeup
• google/google-ctf - Google CTF https://g.co/ctf