Need help with ctf-tools?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

zardus
5.3K Stars 1.5K Forks BSD 3-Clause "New" or "Revised" License 658 Commits 21 Opened issues

Description

Some setup scripts for security research tools.

Services available

!
?

Need anything else?

Contributors list

ctf-tools

Build Status IRC

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.

Installers for the following tools are included:

| Category | Source | Tool | Description | |----------|--------|------|-------------| | binary | Directory | afl | State-of-the-art fuzzer. | <!--tool--> <!--times-out--> | binary | Directory | angr | Next-generation binary analysis engine from Shellphish. | <!--tool--> <!--no-test--> | binary | Directory | barf | Binary Analysis and Reverse-engineering Framework. | <!--tool--><!--times-out--> | binary | Directory | bindead | A static analysis tool for binaries. | <!--tool--><!--failing--> | binary | Library | capstone | Multi-architecture disassembly framework. | <!--tool--><!--test--> | binary | Directory | checksec | Check binary hardening settings. | <!--tool--><!--test--> | binary | Directory | codereason | Semantic Binary Code Analysis Framework. | <!--tool--><!--failing--> | binary | Directory | crosstool-ng | Cross-compilers and cross-architecture tools. | <!--tool--><!--no-test--> | binary | Directory | cross2 | A set of cross-compilation tools from a Japanese book on C. | <!--tool--><!--no-test--> | binary | Directory | elfkickers | A set of utilities for working with ELF files. | <!--tool--><!--test--> | binary | Directory | elfparser | Quickly determine the capabilities of an ELF binary through static analysis. | <!--tool--><!--test--> | binary | Directory | evilize | Tool to create MD5 colliding binaries | <!--tool--><!--test--> | binary | Directory | gdb | Up-to-date gdb with python2 bindings. | <!--tool--><!--failing--> | binary | Directory | gdb-heap | gdb extension for debugging heap issues. | <!--tool--><!--test--> | binary | Directory | gef | Enhanced environment for gdb. | <!--tool--><!--no-test--> | binary | Directory | hongfuzz | A general-purpose, easy-to-use fuzzer with interesting analysis options. | <!--tool--><!--test--> | binary | Library | keystone | Lightweight multi-architecture assembler framework. | <!--tool--><!--test--> | binary | Directory | libheap | gdb python library for examining the glibc heap (ptmalloc) | <!--tool--><!--no-test--> | binary | Library | lief | Library to Instrument Executable Formats. | <!--tool--><!--test--> | binary | Directory | miasm | Reverse engineering framework in Python. | <!--tool--> <!--test--> | binary | Directory | one_gadget | Magic gadget search for libc. | <!--tool--> <!--test--> | binary | Directory | panda | Platform for Architecture-Neutral Dynamic Analysis. | <!--tool--><!--no-test--> | binary | Directory | pathgrind | Path-based, symbolically-assisted fuzzer. | <!--tool--><!--failing--> | binary | Directory | peda | Enhanced environment for gdb. | <!--tool--><!--test--> | binary | Directory | preeny | A collection of helpful preloads (compiled for many architectures!). | <!--tool--><!--no-test--> | binary | Directory | pwndbg | Enhanced environment for gdb. Especially for pwning. | <!--tool--><!--no-test--> | binary | Directory | pwntools | Useful CTF utilities. | <!--tool--><!--no-test--> | binary | Directory | python-pin | Python bindings for pin. | <!--tool--><!--test--> | binary | Directory | qemu | Latest version of qemu! | <!--tool--><!--times-out--> | binary | Directory | qira | Parallel, timeless debugger. | <!--tool--><!--times-out--> | binary | Directory | radare2 | Some crazy thing crowell likes. | <!--tool--><!--test--> | binary | Directory | rappel | A linux-based assembly REPL. | <!--tool--><!--test--> | binary | Directory | ropper | Another gadget finder. | <!--tool--><!--test--> | binary | Directory | rp++ | Another gadget finder. | <!--tool--><!--test--> | binary | Directory | rr | Record and Replay Debugging Framework | <!--tool--><!--test--> | binary | Directory | scratchabit | Easily retargetable and hackable interactive disassembler | <!--tool--><!--test--> | binary | Directory | scratchablock | Yet another crippled decompiler project | <!--tool--><!--test--> | binary | Directory | seccomp-tools | Provides powerful tools for seccomp analysis | <!--tool--><!--test--> | binary | Directory | shellnoob | Shellcode writing helper. | <!--tool--><!--test--> | binary | Directory | shellsploit | Shellcode development kit. | <!--tool--><!--test--> | binary | Directory | snowman | Cross-architecture decompiler. | <!--tool--><!--test--> | binary | Directory | taintgrind | A valgrind taint analysis tool. | <!--tool--><!--failing--> | binary | Library | unicorn | Multi-architecture CPU emulator framework. | <!--tool--><!--test--> | binary | Directory | valgrind | A Dynamic Binary Instrumentation framework with some built-in tools. | <!--tool--><!--test--> | binary | Directory | villoc | Visualization of heap operations. | <!--tool--><!--test--> | binary | Directory | virtualsocket | A nice library to interact with binaries. | <!--tool--><!--test--> | binary | Directory | wcc | The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms. | <!--tool--><!--no-test--> | binary | Directory | xrop | Gadget finder. | <!--tool--><!--failing--> | binary | Directory | manticore | Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation. | <!--tool--><!--no-test--> | forensics | Directory | binwalk | Firmware (and arbitrary file) analysis tool. | <!--tool--><!--test--> | forensics | Directory | dislocker | Tool for reading Bitlocker encrypted partitions. | <!--tool--><!--test--> | forensics | Directory | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. | <!--tool--><!--test--> | forensics | Directory | firmware-mod-kit | Tools for firmware packing/unpacking. | <!--tool--><!--test--> | forensics | apt | foremost | File carver. | <!--deb-tool--> | forensics | Directory | pdf-parser | Tool for digging in PDF files | <!--tool--><!--test--> | forensics | Directory | peepdf | Powerful Python tool to analyze PDF documents. | <!--tool--><!--test--> | forensics | Directory | scrdec | A decoder for encoded Windows Scripts. | <!--tool--><!--test--> | forensics | Directory | testdisk | Testdisk and photorec for file recovery. | <!--tool--><!--test--> | crypto | Directory | cribdrag | Interactive crib dragging tool (for crypto). | <!--tool--><!--test--> | crypto | Directory | fastcoll | An md5sum collision generator. | <!--tool--><!--test--> | crypto | Directory | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". | <!--tool--><!--test--> | crypto | Directory | featherduster | An automated, modular cryptanalysis tool. | <!--tool--><!--no-test--> | crypto | Directory | galois | A fast galois field arithmetic library/toolkit. | <!--tool--><!--test--> | crypto | Directory | hashkill | Hash cracker. | <!--tool--><!--test--> | crypto | Directory | hashpump | A tool for performing hash length extension attaacks. | <!--tool--><!--test--> | crypto | Directory | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. | <!--tool--><!--test--> | crypto | Directory | hash-identifier | Simple hash algorithm identifier. | <!--tool--><!--test--> | crypto | Directory | libc-database | Build a database of libc offsets to simplify exploitation. | <!--tool--><!--test--> | crypto | Directory | littleblackbox | Database of private SSL/SSH keys for embedded devices. | <!--tool--><!--test--> | crypto | Directory | msieve | Msieve is a C library implementing a suite of algorithms to factor large integers. | <!--tool--><!--test--> | crypto | Directory | nonce-disrespect | Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. | <!--tool--><!--test--> | crypto | Directory | pemcrack | SSL PEM file cracker. | <!--tool--><!--test--> | crypto | Directory | pkcrack | PkZip encryption cracker. | <!--tool--><!--test--> | crypto | Directory | python-paddingoracle | Padding oracle attack automation. | <!--tool--><!--test--> | crypto | Directory | reveng | CRC finder. | <!--tool--><!--test--> | crypto | Directory | ssh_decoder | A tool for decoding ssh traffic. You will need

ruby1.8
from
https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng
to run this. Run with
ssh_decoder --help
for help, as running it with no arguments causes it to crash. | <!--tool--><!--test--> | crypto | Directory | sslsplit | SSL/TLS MITM. | <!--tool--><!--test--> | crypto | Directory | xortool | XOR analysis tool. | <!--tool--><!--test--> | crypto | Directory | yafu | Automated integer factorization. | <!--tool--><!--test--> | web | Directory | burpsuite | Web proxy to do naughty web stuff. | <!--tool--><!--failing--> | web | Directory | commix | Command injection and exploitation tool. | <!--tool--><!--test--> | web | Directory | dirb | Web path scanner. | <!--tool--><!--test--> | web | Directory | dirsearch | Web path scanner. | <!--tool--><!--test--> | web | Directory | mitmproxy | CLI Web proxy and python library. | <!--tool--><!--no-test--> | web | Directory | sqlmap | SQL injection automation engine. | <!--tool--><!--test--> | web | Directory | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. | <!--tool--><!--test--> | stego | apt | pngtools | PNG's analysis tool. | <!--deb-tool--> | stego | Directory | sound-visualizer | Audio file visualization. | <!--tool--><!--failing--> | stego | Directory | steganabara | Another image stenography solver. | <!--tool--><!--test--> | stego | Directory | stegdetect | Stenography detection/breaking tool. | <!--tool--><!--test--> | stego | Docker | stego-toolkit | A docker image with dozens of steg tools. | <!--tool--><!--no-test--> | stego | Directory | stegsolve | Image stenography solver. | <!--tool--><!--test--> | stego | Directory | stegosaurus | A steganography tool for embedding arbitrary payloads in Python bytecode (pyc or pyo) files. | <!--tool--><!--no-test--> | stego | Directory | zsteg | detect stegano-hidden data in PNG & BMP. | <!--tool--><!--no-test--> | dsniff | apt | dsniff | Grabs passwords and other data from pcaps/network streams. | <!--deb-tool--> | android | Directory | apktool | Dissect, dis-assemble, and re-pack Android APKs | <!--tool--><!--test--> | android | Directory | android-sdk | The android SDK (adb, emulator, etc). | <!--tool--><!--no-test--> | misc | Directory | xspy | Tiny tool to spy on X sessions. | <!--tool--><!--test--> | misc | Directory | z3 | Theorem prover from Microsoft Research. | <!--tool--><!--times-out--> | misc | Directory | jdgui | Java decompiler. | <!--tool--><!--test--> | misc | Directory | veles | Binary data analysis and visualization tool. | <!--tool--><!--test--> | misc | Directory | youtube-dl | Latest version of the popular youtube downloader. | <!--tool--><!--test-->

There are also some installers for non-CTF stuff to break the monotony!

| Category | Tool | Description | |----------|------|-------------| | C magic | C-bind | A library used to enable function binding in C! | | game | Dwarf Fortress | Something to help you relax after a CTF! | <!--tool--> | pyvmmonitor | pyvmmonitor | PyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program. | <!--tool--><!--test--> | library collection | single_file_libs | A large collection of useful single file include libraries written for C/C++ | | dolphin | sudolphin | If your friend ever leaves their laptop unlocked,

curl -sSL sh.sudolph.in \| sh
then wait and see! | | tor-browser | tor-browser | Useful when you need to hit a web challenge from different IPs. | <!--tool--><!--test-->

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

list the available tools

manage-tools list

install gdb, allowing it to try to sudo install dependencies

manage-tools -s install gdb

install pwntools, but don't let it sudo install dependencies

manage-tools install pwntools

install qemu, but use "nice" to avoid degrading performance during compilation

manage-tools -n install qemu

uninstall gdb

manage-tools uninstall gdb

uninstall all tools

manage-tools uninstall all

search for a tool

manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to

git clean
(NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the
pip
package manager if possible. A
ctftools
virtualenv is created during the
manage-tools setup
command and can be accessed using the command
workon ctftools
.

Help!

Something not working? I didn't write (almost) any of these tools, but hit up #ctf-tools on freenode if you're desperate. Maybe some kind soul will help!

Docker (version 1.7+)

By popular demand, a Dockerfile has been included. You can build a docker image with:

git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools .

And run it with:

docker run -it ctf-tools

The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).

Alternatively, you can also pull ctf-tools (with some tools preinstalled) from dockerhub:

docker run -it zardus/ctf-tools

Vagrant

You can build a Vagrant VM with:

wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant plugin install vagrant-vbguest
vagrant up

And connect to it via:

vagrant ssh

Kali Linux

Kali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. AFL and Panda comes to mind, in fact any tool that uses QEMU 2.30 will probably fail during compilation under Kali. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali's tools being broken, or running another distribution separately such as Ubuntu.

Most tools aren't affected though.

Adding Tools

To add a tool (say, named toolname), do the following:

  1. Create a
    toolname
    directory.
  2. Create an
    install
    script.
  3. (optional) if special uninstall steps are required, create an
    uninstall
    script.

Install Scripts

The install script will be run with

$PWD
being
toolname
. It should install the tool into this directory, in as contained a manner as possible. Ideally, full uninstallation should be possible with a
git clean
.

The install script should create a

bin
directory and put its executables there. These executables will be automatically linked into the main
bin
directory for the repo. They could be launched from any directory, so don't make assumptions about the location of
$0
!

License

The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).

Good luck!

See Also

There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/aWEsoMe-cTf.

There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.