This is a collection of setup scripts to create an install of various security research tools. Of course, this isn’t a hard problem, but it’s really nice to have them in one place that’s easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.
Installers for the following tools are included:
Next-generation binary analysis engine from Shellphish.
Binary Analysis and Reverse-engineering Framework.
A static analysis tool for binaries.
Check binary hardening settings.
Semantic Binary Code Analysis Framework.
Cross-compilers and cross-architecture tools.
A set of cross-compilation tools from a Japanese book on C.
A set of utilities for working with ELF files.
Quickly determine the capabilities of an ELF binary through static analysis.
Tool to create MD5 colliding binaries
Up-to-date gdb with python2 bindings.
gdb extension for debugging heap issues.
Enhanced environment for gdb.
A general-purpose, easy-to-use fuzzer with interesting analysis options.
gdb python library for examining the glibc heap (ptmalloc)
Reverse engineering framework in Python.
Platform for Architecture-Neutral Dynamic Analysis.
Path-based, symbolically-assisted fuzzer.
Enhanced environment for gdb.
A collection of helpful preloads (compiled for many architectures!).
Enhanced environment for gdb. Especially for pwning.
Useful CTF utilities.
Python bindings for pin.
Latest version of qemu!
Parallel, timeless debugger.
Some crazy thing crowell likes.
Another gadget finder.
Another gadget finder.
Record and Replay Debugging Framework
Shellcode writing helper.
Shellcode development kit.
A valgrind taint analysis tool.
Visualization of heap operations.
A nice library to interact with binaries.
The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
Firmware (and arbitrary file) analysis tool.
Tool for reading Bitlocker encrypted partitions.
Unpacker for packed Python executables. Supports PyInstaller and py2exe.
Tools for firmware packing/unpacking.
Tool for digging in PDF files
Powerful Python tool to analyze PDF documents.
A decoder for encoded Windows Scripts.
Testdisk and photorec for file recovery.
Interactive crib dragging tool (for crypto).
An md5sum collision generator.
A tool for predicting the output of random number generators. To run, launch “foresee”.
An automated, modular cryptanalysis tool.
A tool for performing hash length extension attaacks.
Hashpump, supporting partially-unknown hashes.
Simple hash algorithm identifier.
Database of private SSL/SSH keys for embedded devices.
Msieve is a C library implementing a suite of algorithms to factor large integers.
SSL PEM file cracker.
PkZip encryption cracker.
Padding oracle attack automation.
A tool for decoding ssh traffic. You will need ruby1.8 from http://ift.tt/1lkGk7O to run this. Run with ssh_decoder –help for help, as running it with no arguments causes it to crash.
XOR analysis tool.
Automated integer factorization.
Web proxy to do naughty web stuff.
Command injection and exploitation tool.
Web path scanner.
Web path scanner.
CLI Web proxy and python library.
SQL injection automation engine.
A DNS meta-query spider that enumerates DNS records, and subdomains.
Audio file visualization.
Another image steganography solver.
Steganography detection/breaking tool.
Image steganography solver.
detect stegano-hidden data in PNG & BMP.
Dissect, dis-assemble, and re-pack Android APKs
The android SDK (adb, emulator, etc).
Tiny tool to spy on X sessions.
Theorem prover from Microsoft Research.
Binary data analysis and visulalization tool.
There are also a couple of installers for useful libraries included. Currently only the python bindings for these libraries are installed.
Multi-architecture disassembly framework.
Lightweight multi-architecture assembler framework.
Multi-architecture CPU emulator framework.
Library to Instrument Executable Formats.
There are also some installers for non-CTF stuff to break the monotony!
Something to help you relax after a CTF!
Useful when you need to hit a web challenge from different IPs.
PyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program.
To use, do:
# set up the path
# list the available tools
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don’t let it sudo install dependencies
manage-tools install pwntools
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
# search for a tool
manage-tools search preload
Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the pip package manager if possible. A ctftools virtualenv is created during the manage-tools setup command and can be accessed using the command workon ctftools.
[I] https://malwr.com/: online binary analysis
[I] https://retdec.com/: online decompiler for c/c++ binaries
[I] http://ift.tt/YIm4QX: online decompiler for .NET/flash and others…
[I] http://ift.tt/1H4YAZ1: java decompiler online
[S|W] Reflector: assembly browser for .NET
[F|O|W] Simple Assembly Explorer: another .NET disassembler
[F|O|W] de4dot: .NET deobfuscator
[S] IDA: debugger
[F|O] OllyDbg: debugger
[F|O|W] x64dbg: debugger
[C|O|L] gdb: Gnu debugger for linux
[M|G] peda: python plugin for gdb
[M|G] gef: gdb plugin supporting more architectures than peda
[C|O|L] [strace/ltrace]: system call tracers / dynamic call tracers (librairies)
[G] dex2jar: apk unpacker (android package)
[S] dede: delphi decompiler
[S] Pin: dynamic binary instrumentation framework
[G] Pintool: binary password finder for ctf using pin
[O|L] checksec: check binary protections
[F] DiE: binary packer detection
[G] Qira: timeless debugger with web interface by geohot
[G|C] ROPGadget: tool for rop chaining
[G|C] plasma: interactive disassembler in pseudo-C with colored syntax
[O|C|L] XOCopy: copy memory of execute only ELF binaries
[G|C] Shellsploit: shellcode generator framework
[G|C] radare2: analyzer, disassembler, debugger
[G] Bokken: Python-GTK GUI for radare2
[G|C] libformatstr: python lib to make string format exploits
[G] pwntools: Python framework to quickly develop exploits
[G] binjitsu: fork of pwntools
[G|C] fixenv: Script to align stack withtout ASLR and gdb,strace,ltrace
[O|W] cheatengine: memory scanner and other usefull things
[G] Voltron: Great UI Debugger
[G] Z3: Z3 is a theorem prover
[G] angr: binary analysis, allows value-set analysis
[G] rop-tool: another helpful tool for ROP
[G] villoc: visualize heap chunks on linux
[O|C] valgrind: binary analysis allowing to spot read/write errors on memory operations
[S|W] apimonitor: inspect process calls and trace them
[F|W] PEiD: identify which packer has been used on PE binaries
[F|W] ImpREC: reconstruct IAT table for unpacked binaries
[O|C] Flawfinder: static source code analyzer for C/C++ which report possible security weakness
[G|C] afl: fuzzer
[G] gdbgui: web lightweight gui interface for gdb
[G|C] one_gadget: script to find and identify constraints on magc gadget
[G|C] Ropper: gadgets finder, better than ROPgadget for ARM
[C|O] volatility: forensic tool to analyse memory dump from windows/linux
[C|O] Autopsy/Sleuth: analyse hard drives and smartphones
[C|O] Foremost: file recovery after deletion or format
[G|C] BinWalk: find files into file
[S] dff: complete forensic gui analyser with lots of automation
[G|C] origami: pdf forensic analysis with optional GUI
[F|W] MFTDump: dump/copy $MFT file on windows
[G|C] AppCompatCacheParser: dump shimcache entries from Registry (can use offline registry)
[F|W] [RegistryExplorer: GUI to explore registry with search options and possibility to use offline register
[C|G] xortool: find xor key/key length from xor text/binary
[C|G] cribdrag: interactive crib dragging on xored text
[C|G] hash_extender: hash extension forger
[C|G] hash-identifier: hash identifier
[C|G] PadBuster: break CBC encryption using an oracle
[C|G] lsb-toolkit: extract bit from images for steganography
[C|O] john: hash cracker (bruteforce + dico attacks)
[F|O] hashcat: hash bruteforce cracker that support GPU
[C|G] rsatool: calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d)
[I] http://quipqiup.com/: basic cryptography solver
[G|C] python-paddingoracle: python tool to exploit padding oracle
[F|O] DirBuster: bruteforce/dictionnary attack on webserver to find hidden directories
[I] http://ift.tt/2pMXC4x: XSS spreadsheet
[C|O] sqlmap: sql injection
[S] Burp suite: request tool analysis/forge request
[S|W] fiddler: HTTP web proxy
[I] http://requestb.in/: get a temporary page to receive GET/POST request
[I] http://en.42.meup.org/ : Temporary web hosting
[I] https://zerobin.net/: anonymous encrypted pastebin
[I] http://pastebin.com/: paste code/text with coloration
[I] http://portquiz.net/: test outgoing ports
[I] http://botscout.com/: check if an IP is flagged as spam/bot
[P|R] HackBar: xss/sql tests
[R] TamperData: modify and tamper HTTP requests
[R] Advanced Cookie Manager: Edit cookie
[R] Modify Headers: Edit HTTP headers
[R] HTTP Requester: Edit HTTP requests
[R] FlagFox: Info about current website
[R] Live HTTP Headers: View Headers
[P] ModHeader: edit HTTP requests
[G] Nikto2: web server scanner
[P] EditThisCookie: edit cookie, can lock cookie
[I] http://ift.tt/1BDYiVC: free domain research tools, find subdomains
[I] http://ift.tt/1AW46v5: subdomain bruteforce not 100% free
[G] Hydra: remote password cracker
[G|C] wuzz: webclient curl like using ncurses
[C|O] Netcat: network tool, can listen or connect using TCP/UDP
[C|O] nmap: network tool to scan ports and discover services
[C|O] Scapy: powerful interactive packet manipulation program
[C|O] Aircrack: wi-fi injection/monitoring/cracking
[S|O] Wireshark: network packet analyzer
[S|W] NetworkMiner: sniffer/pcap analyzer, pretty good for files and see what’s going on with HTTP traffic
[C|O] Hexinject: Packer injector and sniffer. Allows to modify packets on the fly
[C|F] exiftags: linux package to check jpg tags
[O|C] ExifTool: read/edit metadata of various file formats
[F|O|W] tweakpng: tool to resize image for steganography
[F|O] Stegsolve: perform quick image analysis to find hidden things
[F|O] Wbstego: retrieve/hide messages in various container
[F|O|W] Cuckoo: interactive sandbox malware analysis
[F|O|W] Photorec: recover erased file
[C|O] QEMU: machine emulator and virtualizer
[C|S] metasploit: Generate payload and browser exploits
[C|O] binutils: tons of CLI tools
[S] vmware: virtualization products
[I] http://rubular.com/: ruby regex online
[M|O] kali: hacking linux OS
[I] http://ift.tt/1HHo1m3: exploits database
[G|C] AutoLocalPrivilegeEscalation: bash script to get root if possible
[C|O] sshpass: pass ssh password without typing it (highly insecure)
[C|O] virt-what: simple bash script to detect virtualization environment
[W|O] ProcessHacker: Extended taskmanager
[G]: english-words: simple english wordlist
[G]: fuzzdb: tons of lists for fuzzing
[W] pax0r: another huge list of tools
[G] SecLists: SecLists is the security tester’s companion. It is a collection of multiple types of lists used during security assessments
[G] ctf-tools: list of tools similar to this one
[G] http://ift.tt/1ZKYnUw: awesome list related to hacking
[I] http://ift.tt/PopmyC: online programmation on most languages
[I] http://ift.tt/1GF9raf: check disassembly code produced with different versions of gcc