Tools

This list is a mirror. Original list is maintained here. Feel free to make a pull request to the original list.

General

  • Good Linux machine or VM either via VMware, VirtualBox, or vagrant - would suggest Ubuntu 14.04 LTS
  • Python (both 2.7 and 3)
  • Hex Editor (ghex recommended)

Binary exploitation / reversing

  • IDA (Demo, if not Pro)
  • gdb
  • PEDA - makes gdb far more usable
  • qira - if you can get it to work & understand it
  • checksec - peda can give the same info though
  • pwntools - makes pwning easier
  • radare2 - reverse engineering framework
  • angr - a binary analysis framework with a great symbolic execution engine
  • fupy - fast and dirty python decompiler
  • JD-GUI - java decompiler
  • Java Decompilers - Online decompiler for Java and Android APKs
  • syms2elf - A plugin for Hex-Ray’s IDA Pro and radare2 to export the symbols recognized to the ELF symbol table

Cryptography

  • Rumkin ciphers - multiple (ancient) crypto stuff
  • quipqiup - solving cryptograms
  • xortool - solving multi-byte xor cipher
  • rsatool - to calculate rsa params
  • featherduster - An automated, modular cryptanalysis tool
  • attackrsa - An all-in-one tool including many common attacks against RSA problems in CTF
  • RsaCTFtool - An automated tool to crack public keys of rsa using various standard techniques
  • Untwister - A seed recovery tool for various PRNGs

Forensics

Web exploitation

  • GitTools - downloads exposed .git repo of vulnearable websites
  • SQLMap - automated sql injection
  • Hackbar - indispensible addon for web exploitation in firefox
  • CookieManager - addon for firefox
  • Postman - add on for chrome.
  • requests - python library used for sending HTTP requests
  • Wfuzz - to detect directories and pages on the server using common wordlists.
  • XSS Payloads
  • Jwt_tool - for manipulating JSON Web Tokens
  • Dirsearch - Web path scanner