Top 314 ctf open source projects

Automatic SSRF fuzzer and exploitation tool

A curated list of Game Challenges from various CTFs

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

The best tool for finding one gadget RCE in libc.so.6

TCP flow analyzer with sugar for A/D CTF

My solutions to some CTF challenges and a list of interesting resources about pwning stuff

DEFCON CTF 2017 Stuff of Shit by HITCON

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Here record some tips about pwn. Something is obsoleted and won't be updated. Sorry about that.

PwnableWeb is a suite of web applications for use in information security training.

A sandbox to protect your pwn challenges being pwned in CTF AWD.

Venom - A Multi-hop Proxy for Penetration Testers

Writeups for HacktheBox 'boot2root' machines

won't maintain

Detect hidden files and text in images

A Discord bot that provides ctf tools for collaboration in Discord servers!

CTF write-ups by PDKT team with English and Indonesian language

Some of my CTF solutions

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

✔️ CTF problems and solutions solved by Qwaz

CTF Field Guide

AWD 自动化攻击框架

Riscure Hack Me embedded hardware CTF 2017-2018.

Build a database of libc offsets to simplify exploitation

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

oscp-ctf is a small collection of basic Bash scripts that make life easier and save time whether you are in the OSCP labs, HackThebox or playing around with CTFs.

Learning Penetration Testing of Android Applications

A flag submitter service with distributed attackers for attack/defense CTF games.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Micro-framework for rapid development of reusable security tools

Good to know, easy to forget information about binaries and their exploitation!

Free Labs to Train Your Pentest / CTF Skills

CTF writeups

📚 VoidHack CTF write-ups

Backwards program slice stitching for automatic CTF problem solving.

ctfcli is a tool to manage Capture The Flag events and challenges

CTF framework and exploit development library

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs

This tool aims at automating the identification of potential service running behind ports identified manually either through manual scan or services running locally. The tool is useful when nmap or any scanning tool is not available and in the situation during which you did a manual port scanning and then want to identify the services running behind the identified ports.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Writeup of security — CTFLearn Challenges.

Docker based Wargame Platform - To practice your CTF skills

(mostly web related) web challenge writeups between 2011 and 2015

Snoop — инструмент разведки на основе открытых данных (OSINT world)

DEFCON 2018 Qualification writeups

For effective cheating detection in competitions. Utilizes Linux Kernel Module (LKM) for generating flags.

repo with challenge material for riceteacatpanda (2020)

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🌸 Interactive shellcoding environment to easily craft shellcodes

Code-Audit-Challenges

Platform to host Capture the Flag competitions

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

CTF Training 经典赛题复现环境

Educational, CTF-styled labs for individuals interested in Memory Forensics

Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)

A curated list of CTF frameworks, libraries, resources and softwares

国内各大CTF赛题及writeup整理

Pentest environment deployer (kali linux + targets) using vagrant and chef.