Tools
This list is a mirror. Original list is maintained here. Feel free to make a pull request to the original list.
General
- Good Linux machine or VM either via VMware, VirtualBox, or vagrant - would suggest Ubuntu 14.04 LTS
- Python (both 2.7 and 3)
- Hex Editor (ghex recommended)
Binary exploitation / reversing
- IDA (Demo, if not Pro)
- gdb
- PEDA - makes gdb far more usable
- qira - if you can get it to work & understand it
- checksec - peda can give the same info though
- pwntools - makes pwning easier
- radare2 - reverse engineering framework
- angr - a binary analysis framework with a great symbolic execution engine
- fupy - fast and dirty python decompiler
- JD-GUI - java decompiler
- Java Decompilers - Online decompiler for Java and Android APKs
- syms2elf - A plugin for Hex-Ray’s IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
Cryptography
- Rumkin ciphers - multiple (ancient) crypto stuff
- quipqiup - solving cryptograms
- xortool - solving multi-byte xor cipher
- rsatool - to calculate rsa params
- featherduster - An automated, modular cryptanalysis tool
- attackrsa - An all-in-one tool including many common attacks against RSA problems in CTF
- RsaCTFtool - An automated tool to crack public keys of rsa using various standard techniques
- Untwister - A seed recovery tool for various PRNGs
Forensics
- Foremost - recover hidden files
- Binwalk - find offsets of files which are concatenated contiguously
- Autopsy - find deleted files from harddisk dumps
- Wireshark - analyze network captures
- Stegsolve
- Cloudshark - Analyze network captures online
- John The Ripper - password cracking tool
- Stegosaurus - tool that allows embedding arbitrary payloads in Python bytecode (pyc or pyo) files
Web exploitation
- GitTools - downloads exposed .git repo of vulnearable websites
- SQLMap - automated sql injection
- Hackbar - indispensible addon for web exploitation in firefox
- CookieManager - addon for firefox
- Postman - add on for chrome.
- requests - python library used for sending HTTP requests
- Wfuzz - to detect directories and pages on the server using common wordlists.
- XSS Payloads
- Jwt_tool - for manipulating JSON Web Tokens
- Dirsearch - Web path scanner