CTF-and-Computer-Security-Tools

List of tools & libraries that I have learn and use for Capture-The-Flags (CTFs) & Computer Security Learning

DISCLAIMER : Some of the tools below could damage personal and public properties, which may leads to illegal activities (especially in Network & Web sections). Thus, only educational and legally-permitted use

The difference of white-hat and black-hat is only their ethicity and legality
- Unknown

Educational & permitted platforms I have been practising on :

• TryHackMe
• HackTheBox
• VulnHub
• Hacker101
• Cryptohack
• And Capture-The-Flag competitions (Checkout their rules before using)

Cryptography

No.	Tool	Homepage	Description
1.	Cyberchef	https://gchq.github.io/CyberChef/	The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
2.	Dcode	https://www.dcode.fr/	For decrypting various kind of uncommon encoding methods
3.	xortool	https://github.com/hellman/xortool
4.	Esolang	https://esolangs.org/wiki/Main_Page	Information about Esoteric programming language, like brainfuck
5.	Cryptii	https://cryptii.com/
6.	RsaCTFTool	https://github.com/Ganapati/RsaCtfTool	Instant RSA Encryption Decryptor, work better with basic knowledge of RSA, Sage Math package required
7.	Cryptool	https://www.cryptool.org/en/

Password Cracking

No.	Tool	Homepage	Description
1.	Hashcat	https://hashcat.net/hashcat/
2.	John The Ripper	https://www.openwall.com/john/
3.	md5hashing	https://md5hashing.net/	Hash cracking based on database record
4.	Hydra	https://github.com/vanhauser-thc/thc-hydra	An online login password cracker that supports on multiple protocols, eg. HTTP & SSH

Forensics

No.	Tool	Homepage	Description
1.	Binwalk	https://github.com/ReFirmLabs/binwalk	Used for analyzing, reverse engineering, and extracting firmware imagestool
2.	Foremost	https://github.com/korczis/foremost	A console program to recover files based on their headers, footers, and internal data structures.
3.	Exiftool	https://exiftool.org/	Perl library & CLI to read, write and edit meta information in a wide variety of file formats
4.	Volatility	https://www.volatilityfoundation.org/	An Open Source Memory Forensics Framework
5.	Strings
6.	The Sleuth Kit	https://sleuthkit.org/sleuthkit/	A library and collection of command line tools that allow you to investigate disk images
7.	HexEditor
8.	Autopsy	https://www.autopsy.com/download/	An Open Source forensics platform for analyzing all types of mobile devices and digital media

Reverse Engineering

No.	Tool	Homepage	Description
1.	Ghidra	https://ghidra-sre.org/	Written in Java & C++, JDK v11+ required
2.	GDB	http://www.gnu.org/software/gdb/download/
3.	IDA Pro	https://www.hex-rays.com/products/ida/support/download.shtml	Multi-purpose, payment required
4.	radare2	http://www.radare.org/y/?p=download	Unix-like RE framework * CLI
5.	Apktool	https://ibotpeaches.github.io/Apktool/	Andriod RE apk files
6.	Cutter	https://cutter.re/	GUI version of radare2, written in Python
7.	Hopper	https://www.hopperapp.com/	Analyse IPA files, ie. iOS application files
8.	plistutil	https://github.com/libimobiledevice/libplist	C library to handle Apple .plist files in XML format.
9.	dex2jar	https://github.com/pxb1988/dex2jar	Tools to work with android .dex and java .class files
10.	jd-gui	https://java-decompiler.github.io/	A Java decompiler with GUI, worked with JAR files

Web

No.	Tool	Homepage	Description
1.	Burp Suite	https://portswigger.net/burp	Community Edition should be enough
2.	OWASP ZAP	https://www.zaproxy.org/	Same use as Burp while maintained by OWASP, while different in certain features

Networking

No.	Tool	Homepage	Description
1.	Wireshark	https://www.wireshark.org/	An Open Source network & packet analyzer
2.	tcpdump	https://www.tcpdump.org/	Command-line packet analyzer
3.	netcat	https://sectools.org/tool/netcat/	A computer networking utility for reading from and writing to network connections using TCP or UDP, features includes port scanning, transferring files, and port listening, and it can be used as a backdoor
4.	Nmap	https://nmap.org/	A free and open source (license) utility for network discovery and security auditing
5.	aircrack-ng	https://www.aircrack-ng.org/	Tool for WiFi network security
6.	OWASP Amass	https://github.com/OWASP/Amass	A network mapping tool by attacking surfaces and external asset discovery using open source information gathering and active reconnaissance techniques

Steganography

Images

No.	Tool	Homepage	Description
1.	Steghide	https://github.com/StefanoDeVuono/steghide
2.	Stegoveritas	https://github.com/bannsec/stegoVeritas
3.	Exiftool	https://exiftool.org/	Perl library & CLI to read, write and edit meta information in a wide variety of file formats
4.	Stegosuite	https://stegosuite.org/
5.	Pngcheck	http://www.libpng.org/pub/png/apps/pngcheck.html
6.	Foremost	https://github.com/korczis/foremost	A console program to recover files based on their headers, footers, and internal data structures.

Audio

No.	Tool	Homepage	Description
1.	Audacity	https://www.audacityteam.org/
2.	Sonic Visualizer	https://www.sonicvisualiser.org/

OSINT (Open Source INTelligence)

No.	Tool	Homepage	Description
1.	OSINT Framework	https://osintframework.com/	Online framework for information gathering from free tools/resources
2.	WayBack Machine	https://web.archive.org/	Search for website snapshot version
3.	Shodan	https://www.shodan.io/	Search for internet connected devices info
4.	Social Media		eg. GitHub, Facebook, Instagram, Twitter, etc
5.	Recon-ng	https://github.com/lanmaster53/recon-ng	Open Source Intelligence gathering tool
6.	Pastebin	https://pastebin.com/	Search for raw data
7.	Yandex	https://yandex.com/	Search engine for reverse image search, powered by machine learning

Recon

No.	Tool	Homepage	Description
1.	Nmap	https://nmap.org/	Used to get website information by sending designated packet
2.	sublist3r	https://github.com/aboul3la/Sublist3r	Finding subdirectories of a website
3.	Gobuster	https://github.com/OJ/gobuster	Directory bruteforcing (Recommended)
4.	dirb	https://tools.kali.org/web-applications/dirb	Directory bruteforcing
5.	Dirbuster	https://tools.kali.org/web-applications/dirbuster	Java-based GUI for directory enumeration
6.	Wappalyzer	https://www.wappalyzer.com/lookup/	Browser extension that can reveal the technology stack used by any website instantly

Malware Analysis

No.	Tool/Sandbox	Homepage	Description
1.	VirusTotal	https://www.virustotal.com/gui/
2.	Hybrid Analysis	https://www.hybrid-analysis.com/
3.	MobSF	https://github.com/MobSF/Mobile-Security-Framework-MobSF	Mobile Security Framework, all-in-one
4.	Drozer	https://labs.f-secure.com/tools/drozer/	Security and attack framework for Android
5.	cycript	http://www.cycript.org/	JS framework to RE iOS & Mac OS X applications
6.	unc0ver	https://unc0ver.dev/	One of the most advance jailbreak tool for iOS devices
7.	Cydia	https://cydia-app.com/	Unofficial iPhone appstore with jailbreak resources

Vulnerable VMs for exploitation practices

No.	Virtual Machine	Homepage	Description
1.	OWASP Security Shepherd	https://owasp.org/www-project-security-shepherd/	Web and mobile application security training platform, to improve security awareness
2.	Damn Vulnerable Web App	https://github.com/digininja/DVWA	A PHP/MySQL web application that is designed to be damn vulnerable
3.	Metaspoitable 2	https://docs.rapid7.com/metasploit/metasploitable-2/	A secure test environment to perform penetration testing & research with Metaspoit
4.	OWASP WebGoat	https://github.com/WebGoat/WebGoat	A designated insecure Java Spring Boot web application to introduce OWASP Top 10