🔧 Tools of the trade
Clone or download
Latest commit 8139e61 Mar 7, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Aug 14, 2016
.travis.yml Add Travis CI to check links Nov 8, 2016
README.md Update binwalk URL Mar 7, 2018

README.md

Tools

Tools of the trade

General

  • Good Linux machine or VM either via VMware, VirtualBox, or vagrant - would suggest Ubuntu 14.04 LTS
  • Python (both 2.7 and 3)
  • Hex Editor (ghex recommended)

Binary exploitation/reversing

  • IDA (Demo, if not Pro)
  • gdb
  • PEDA - makes gdb far more usable
  • qira - if you can get it to work & understand it
  • checksec - peda can give the same info though
  • pwntools - makes pwning easier
  • radare2 - reverse engineering framework
  • angr - a binary analysis framework with a great symbolic execution engine
  • fupy - fast and dirty python decompiler
  • JD-GUI - java decompiler
  • Java Decompilers - Online decompiler for Java and Android APKs
  • syms2elf - A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table

Cryptography

  • Rumkin ciphers - multiple (ancient) crypto stuff
  • quipqiup - solving cryptograms
  • xortool - solving multi-byte xor cipher
  • rsatool - to calculate rsa params
  • featherduster - An automated, modular cryptanalysis tool
  • attackrsa - An all-in-one tool including many common attacks against RSA problems in CTF
  • RsaCTFtool - An automated tool to crack public keys of rsa using various standard techniques
  • Untwister - A seed recovery tool for various PRNGs

Forensics

  • Foremost - recover hidden files
  • Binwalk - find offsets of files which are concatenated contiguously
  • Autopsy - find deleted files from harddisk dumps
  • Wireshark - analyze network captures
  • Stegsolve
  • Cloudshark - Analyze network captures online
  • John The Ripper - password cracking tool
  • Stegosaurus - tool that allows embedding arbitrary payloads in Python bytecode (pyc or pyo) files

Web exploitation

  • GitTools - downloads exposed .git repo of vulnearable websites
  • SQLMap - automated sql injection
  • Hackbar - indispensible addon for web exploitation in firefox
  • CookieManager - addon for firefox
  • Postman - add on for chrome.
  • requests - python library used for sending HTTP requests
  • Wfuzz - to detect directories and pages on the server using common wordlists.
  • XSS Payloads