Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Tools of the trade


  • Good Linux machine or VM either via VMware, VirtualBox, or vagrant - would suggest Ubuntu 14.04 LTS
  • Python (both 2.7 and 3)
  • Hex Editor (ghex recommended)

Binary exploitation/reversing

  • IDA (Demo, if not Pro)
  • gdb
  • PEDA - makes gdb far more usable
  • qira - if you can get it to work & understand it
  • checksec - peda can give the same info though
  • pwntools - makes pwning easier
  • radare2 - reverse engineering framework
  • angr - a binary analysis framework with a great symbolic execution engine
  • fupy - fast and dirty python decompiler
  • JD-GUI - java decompiler
  • Java Decompilers - Online decompiler for Java and Android APKs
  • syms2elf - A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table


  • Rumkin ciphers - multiple (ancient) crypto stuff
  • quipqiup - solving cryptograms
  • xortool - solving multi-byte xor cipher
  • rsatool - to calculate rsa params
  • featherduster - An automated, modular cryptanalysis tool
  • attackrsa - An all-in-one tool including many common attacks against RSA problems in CTF
  • RsaCTFtool - An automated tool to crack public keys of rsa using various standard techniques
  • Untwister - A seed recovery tool for various PRNGs


  • Foremost - recover hidden files
  • Binwalk - find offsets of files which are concatenated contiguously
  • Autopsy - find deleted files from harddisk dumps
  • Wireshark - analyze network captures
  • Stegsolve
  • Cloudshark - Analyze network captures online
  • John The Ripper - password cracking tool
  • Stegosaurus - tool that allows embedding arbitrary payloads in Python bytecode (pyc or pyo) files

Web exploitation

  • GitTools - downloads exposed .git repo of vulnearable websites
  • SQLMap - automated sql injection
  • Hackbar - indispensible addon for web exploitation in firefox
  • CookieManager - addon for firefox
  • Postman - add on for chrome.
  • requests - python library used for sending HTTP requests
  • Wfuzz - to detect directories and pages on the server using common wordlists.
  • XSS Payloads


🔧 Tools of the trade



No releases published


No packages published