637 Open source projects that are alternatives of or similar to Ctf

Very simple script(s) to hasten binary exploit creation

CTF竞赛权威指南

📚 VoidHack CTF write-ups

Web wrapper of niklasb/libc-database

A collection of hacking / penetration testing resources to make you better!

Exploiting challenges in Linux and Windows

The best tool for finding one gadget RCE in libc.so.6

A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda

kernel-pwn and writeup collection

📢 🔒 Exploit farm for attack-defense CTF competitions

Framework for rapid development and reusable of security tools

Repository to train/learn memory corruption on the ARM platform.

CTF framework and exploit development library

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

CTF中Pwn的快速利用模板（包含awd pwn）

some experience in CTFs

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

🌸 Interactive shellcoding environment to easily craft shellcodes

Backwards program slice stitching for automatic CTF problem solving.

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

Roblox Exploit Source Code Called IceMeme with some cmds, lua c and limited lua execution with simple ui in c#

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.

A flag submitter service with distributed attackers for attack/defense CTF games.

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

This tool aims at automating the identification of potential service running behind ports identified manually either through manual scan or services running locally. The tool is useful when nmap or any scanning tool is not available and in the situation during which you did a manual port scanning and then want to identify the services running behind the identified ports.

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Writeup of CVE-2020-15906

Here you can get full exploit for SAP NetWeaver AS JAVA

ctfcli is a tool to manage Capture The Flag events and challenges

Build a database of libc offsets to simplify exploitation

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulnerability Labs for security analysis

✔️ CTF problems and solutions solved by Qwaz

Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs

Fully Featured Nintendo DS Loader for Ghidra

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

Micro-framework for rapid development of reusable security tools

Remote exploitation framework written in Python

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Focus on cybersecurity | collection of PoC and Exploits

CTF Field Guide

oscp-ctf is a small collection of basic Bash scripts that make life easier and save time whether you are in the OSCP labs, HackThebox or playing around with CTFs.

Asynchronous Python implementation of SlowLoris DoS attack

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68

pentest framework

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

Writeup of security — CTFLearn Challenges.

NSA Hacking Tool Recreation UnitedRake

Exploit Discord's cache system to remote upload payloads on Discord users machines

Docker based Wargame Platform - To practice your CTF skills

(mostly web related) web challenge writeups between 2011 and 2015

Automated Twitter mass account creation and follow using Selenium and Tor VPN

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Exploiting Edge's read:// urlhandler

AWD 自动化攻击框架

Disabling kernel lockdown on Ubuntu without physical access