ctf-tools & HackingTools: Exhaustive list of hacking tools

ctf-tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn’t a hard problem, but it’s really nice to have them in one place that’s easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.

Installers for the following tools are included:

Category

Tool

Description

binary

afl

State-of-the-art fuzzer.

binary

angr

Next-generation binary analysis engine from Shellphish.

binary

barf

Binary Analysis and Reverse-engineering Framework.

binary

bindead

A static analysis tool for binaries.

binary

checksec

Check binary hardening settings.

binary

codereason

Semantic Binary Code Analysis Framework.

binary

crosstool-ng

Cross-compilers and cross-architecture tools.

binary

cross2

A set of cross-compilation tools from a Japanese book on C.

binary

elfkickers

A set of utilities for working with ELF files.

binary

elfparser

Quickly determine the capabilities of an ELF binary through static analysis.

binary

evilize

Tool to create MD5 colliding binaries

binary

gdb

Up-to-date gdb with python2 bindings.

binary

gdb-heap

gdb extension for debugging heap issues.

binary

gef

Enhanced environment for gdb.

binary

hongfuzz

A general-purpose, easy-to-use fuzzer with interesting analysis options.

binary

libheap

gdb python library for examining the glibc heap (ptmalloc)

binary

miasm

Reverse engineering framework in Python.

binary

panda

Platform for Architecture-Neutral Dynamic Analysis.

binary

pathgrind

Path-based, symbolically-assisted fuzzer.

binary

peda

Enhanced environment for gdb.

binary

preeny

A collection of helpful preloads (compiled for many architectures!).

binary

pwndbg

Enhanced environment for gdb. Especially for pwning.

binary

pwntools

Useful CTF utilities.

binary

python-pin

Python bindings for pin.

binary

qemu

Latest version of qemu!

binary

qira

Parallel, timeless debugger.

binary

radare2

Some crazy thing crowell likes.

binary

ropper

Another gadget finder.

binary

rp++

Another gadget finder.

binary

rr

Record and Replay Debugging Framework

binary

shellnoob

Shellcode writing helper.

binary

shellsploit

Shellcode development kit.

binary

snowman

Cross-architecture decompiler.

binary

taintgrind

A valgrind taint analysis tool.

binary

villoc

Visualization of heap operations.

binary

virtualsocket

A nice library to interact with binaries.

binary

wcc

The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.

binary

xrop

Gadget finder.

forensics

binwalk

Firmware (and arbitrary file) analysis tool.

forensics

dislocker

Tool for reading Bitlocker encrypted partitions.

forensics

exetractor

Unpacker for packed Python executables. Supports PyInstaller and py2exe.

forensics

firmware-mod-kit

Tools for firmware packing/unpacking.

forensics

pdf-parser

Tool for digging in PDF files

forensics

peepdf

Powerful Python tool to analyze PDF documents.

forensics

scrdec

A decoder for encoded Windows Scripts.

forensics

testdisk

Testdisk and photorec for file recovery.

crypto

cribdrag

Interactive crib dragging tool (for crypto).

crypto

fastcoll

An md5sum collision generator.

crypto

foresight

A tool for predicting the output of random number generators. To run, launch “foresee”.

crypto

featherduster

An automated, modular cryptanalysis tool.

crypto

hashkill

Hash cracker.

crypto

hashpump

A tool for performing hash length extension attaacks.

crypto

hashpump-partialhash

Hashpump, supporting partially-unknown hashes.

crypto

hash-identifier

Simple hash algorithm identifier.

crypto

littleblackbox

Database of private SSL/SSH keys for embedded devices.

crypto

msieve

Msieve is a C library implementing a suite of algorithms to factor large integers.

crypto

pemcrack

SSL PEM file cracker.

crypto

pkcrack

PkZip encryption cracker.

crypto

python-paddingoracle

Padding oracle attack automation.

crypto

reveng

CRC finder.

crypto

ssh_decoder

A tool for decoding ssh traffic. You will need ruby1.8 from http://ift.tt/1lkGk7O to run this. Run with ssh_decoder –help for help, as running it with no arguments causes it to crash.

crypto

sslsplit

SSL/TLS MITM.

crypto

xortool

XOR analysis tool.

crypto

yafu

Automated integer factorization.

web

burpsuite

Web proxy to do naughty web stuff.

web

commix

Command injection and exploitation tool.

web

dirb

Web path scanner.

web

dirsearch

Web path scanner.

web

mitmproxy

CLI Web proxy and python library.

web

sqlmap

SQL injection automation engine.

web

subbrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

stego

sound-visualizer

Audio file visualization.

stego

steganabara

Another image steganography solver.

stego

stegdetect

Steganography detection/breaking tool.

stego

stegsolve

Image steganography solver.

stego

zsteg

detect stegano-hidden data in PNG & BMP.

android

apktool

Dissect, dis-assemble, and re-pack Android APKs

android

android-sdk

The android SDK (adb, emulator, etc).

misc

xspy

Tiny tool to spy on X sessions.

misc

z3

Theorem prover from Microsoft Research.

misc

jdgui

Java decompiler.

misc

veles

Binary data analysis and visulalization tool.

There are also a couple of installers for useful libraries included. Currently only the python bindings for these libraries are installed.

Category

Library

Description

binary

capstone

Multi-architecture disassembly framework.

binary

keystone

Lightweight multi-architecture assembler framework.

binary

unicorn

Multi-architecture CPU emulator framework.

binary

lief

Library to Instrument Executable Formats.

There are also some installers for non-CTF stuff to break the monotony!

Category

Tool

Description

game

Dwarf Fortress

Something to help you relax after a CTF!

tor-browser

tor-browser

Useful when you need to hit a web challenge from different IPs.

pyvmmonitor

pyvmmonitor

PyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program.

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

# list the available tools
manage-tools list

# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb

# install pwntools, but don’t let it sudo install dependencies
manage-tools install pwntools

# uninstall gdb
manage-tools uninstall gdb

# uninstall all tools
manage-tools uninstall all

# search for a tool
manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the pip package manager if possible. A ctftools virtualenv is created during the manage-tools setup command and can be accessed using the command workon ctftools.

Binary

[I] https://malwr.com/: online binary analysis

[I] https://retdec.com/: online decompiler for c/c++ binaries

[I] http://ift.tt/YIm4QX: online decompiler for .NET/flash and others…

[I] http://ift.tt/1H4YAZ1: java decompiler online

[S|W] Reflector: assembly browser for .NET

[F|O|W] Simple Assembly Explorer: another .NET disassembler

[F|O|W] de4dot: .NET deobfuscator

[S] IDA: debugger

[F|O] OllyDbg: debugger

[F|O|W] x64dbg: debugger

[C|O|L] gdb: Gnu debugger for linux

[M|G] peda: python plugin for gdb

[M|G] gef: gdb plugin supporting more architectures than peda

[C|O|L] [strace/ltrace]: system call tracers / dynamic call tracers (librairies)

[G] dex2jar: apk unpacker (android package)

[S] dede: delphi decompiler

[S] Pin: dynamic binary instrumentation framework

[G] Pintool: binary password finder for ctf using pin

[O|L] checksec: check binary protections

[F] DiE: binary packer detection

[G] Qira: timeless debugger with web interface by geohot

[G|C] ROPGadget: tool for rop chaining

[G|C] plasma: interactive disassembler in pseudo-C with colored syntax

[O|C|L] XOCopy: copy memory of execute only ELF binaries

[G|C] Shellsploit: shellcode generator framework

[G|C] radare2: analyzer, disassembler, debugger

[G] Bokken: Python-GTK GUI for radare2

[G|C] libformatstr: python lib to make string format exploits

[G] pwntools: Python framework to quickly develop exploits

[G] binjitsu: fork of pwntools

[G|C] fixenv: Script to align stack withtout ASLR and gdb,strace,ltrace

[O|W] cheatengine: memory scanner and other usefull things

[G] Voltron: Great UI Debugger

[G] Z3: Z3 is a theorem prover

[G] angr: binary analysis, allows value-set analysis

[G] rop-tool: another helpful tool for ROP

[G] villoc: visualize heap chunks on linux

[O|C] valgrind: binary analysis allowing to spot read/write errors on memory operations

[S|W] apimonitor: inspect process calls and trace them

[F|W] PEiD: identify which packer has been used on PE binaries

[F|W] ImpREC: reconstruct IAT table for unpacked binaries

[O|C] Flawfinder: static source code analyzer for C/C++ which report possible security weakness

[G|C] afl: fuzzer

[G] gdbgui: web lightweight gui interface for gdb

[G|C] one_gadget: script to find and identify constraints on magc gadget

[G|C] Ropper: gadgets finder, better than ROPgadget for ARM

Forensic

[C|O] volatility: forensic tool to analyse memory dump from windows/linux

[C|O] Autopsy/Sleuth: analyse hard drives and smartphones

[C|O] Foremost: file recovery after deletion or format

[G|C] BinWalk: find files into file

[S] dff: complete forensic gui analyser with lots of automation

[G|C] origami: pdf forensic analysis with optional GUI

[F|W] MFTDump: dump/copy $MFT file on windows

[G|C] AppCompatCacheParser: dump shimcache entries from Registry (can use offline registry)

[F|W] [RegistryExplorer: GUI to explore registry with search options and possibility to use offline register

Cryptography

[C|G] xortool: find xor key/key length from xor text/binary

[C|G] cribdrag: interactive crib dragging on xored text

[C|G] hash_extender: hash extension forger

[C|G] hash-identifier: hash identifier

[C|G] PadBuster: break CBC encryption using an oracle

[C|G] lsb-toolkit: extract bit from images for steganography

[C|O] john: hash cracker (bruteforce + dico attacks)

[F|O] hashcat: hash bruteforce cracker that support GPU

[C|G] rsatool: calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d)

[I] http://quipqiup.com/: basic cryptography solver

[G|C] python-paddingoracle: python tool to exploit padding oracle

Web

[F|O] DirBuster: bruteforce/dictionnary attack on webserver to find hidden directories

[I] http://ift.tt/2pMXC4x: XSS spreadsheet

[C|O] sqlmap: sql injection

[S] Burp suite: request tool analysis/forge request

[S|W] fiddler: HTTP web proxy

[I] http://requestb.in/: get a temporary page to receive GET/POST request

[I] http://en.42.meup.org/ : Temporary web hosting

[I] https://zerobin.net/: anonymous encrypted pastebin

[I] http://pastebin.com/: paste code/text with coloration

[I] http://portquiz.net/: test outgoing ports

[I] http://botscout.com/: check if an IP is flagged as spam/bot

[P|R] HackBar: xss/sql tests

[R] TamperData: modify and tamper HTTP requests

[R] Advanced Cookie Manager: Edit cookie

[R] Modify Headers: Edit HTTP headers

[R] HTTP Requester: Edit HTTP requests

[R] FlagFox: Info about current website

[R] Live HTTP Headers: View Headers

[P] ModHeader: edit HTTP requests

[G] Nikto2: web server scanner

[P] EditThisCookie: edit cookie, can lock cookie

[I] http://ift.tt/1BDYiVC: free domain research tools, find subdomains

[I] http://ift.tt/1AW46v5: subdomain bruteforce not 100% free

[G] Hydra: remote password cracker

[G|C] wuzz: webclient curl like using ncurses

Network

[C|O] Netcat: network tool, can listen or connect using TCP/UDP

[C|O] nmap: network tool to scan ports and discover services

[C|O] Scapy: powerful interactive packet manipulation program

[C|O] Aircrack: wi-fi injection/monitoring/cracking

[S|O] Wireshark: network packet analyzer

[S|W] NetworkMiner: sniffer/pcap analyzer, pretty good for files and see what’s going on with HTTP traffic

[C|O] Hexinject: Packer injector and sniffer. Allows to modify packets on the fly

Steganography

[C|F] exiftags: linux package to check jpg tags

[O|C] ExifTool: read/edit metadata of various file formats

[F|O|W] tweakpng: tool to resize image for steganography

[F|O] Stegsolve: perform quick image analysis to find hidden things

[F|O] Wbstego: retrieve/hide messages in various container

Misc

[F|O|W] Cuckoo: interactive sandbox malware analysis

[F|O|W] Photorec: recover erased file

[C|O] QEMU: machine emulator and virtualizer

[C|S] metasploit: Generate payload and browser exploits

[C|O] binutils: tons of CLI tools

[S] vmware: virtualization products

[I] https://regex101.com/: javascript/python/php regex online

[I] http://rubular.com/: ruby regex online

[M|O] kali: hacking linux OS

[I] http://ift.tt/1HHo1m3: exploits database

[G|C] AutoLocalPrivilegeEscalation: bash script to get root if possible

[C|O] sshpass: pass ssh password without typing it (highly insecure)

[C|O] virt-what: simple bash script to detect virtualization environment

[W|O] ProcessHacker: Extended taskmanager

[G]: english-words: simple english wordlist

[G]: fuzzdb: tons of lists for fuzzing

Sec/Tools list

[W] pax0r: another huge list of tools

[G] SecLists: SecLists is the security tester’s companion. It is a collection of multiple types of lists used during security assessments

[G] ctf-tools: list of tools similar to this one

[I] http://ift.tt/1YyLn50

[G] http://ift.tt/1ZKYnUw: awesome list related to hacking

Programming

[I] http://ift.tt/PopmyC: online programmation on most languages

[I] http://ift.tt/1GF9raf: check disassembly code produced with different versions of gcc

Source

http://ift.tt/2oxQ0yk

http://ift.tt/1QVzKAg

The post ctf-tools & HackingTools: Exhaustive list of hacking tools appeared first on Penetration Testing in Linux. http://ift.tt/2oxPDnc http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s