This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth.
Installers for the following tools are included:
| Category | Tool | Description |
|---|---|---|
| binary | afl | State-of-the-art fuzzer. |
| binary | angr | Next-generation binary analysis engine from Shellphish. |
| binary | barf | Binary Analysis and Reverse-engineering Framework. |
| binary | bindead | A static analysis tool for binaries. |
| binary | checksec | Check binary hardening settings. |
| binary | codereason | Semantic Binary Code Analysis Framework. |
| binary | crosstool-ng | Cross-compilers and cross-architecture tools. |
| binary | elfkickers | A set of utilities for working with ELF files. |
| binary | elfparser | Quickly determine the capabilities of an ELF binary through static analysis. |
| binary | evilize | Tool to create MD5 colliding binaries |
| binary | gdb | Up-to-date gdb with python2 bindings. |
| binary | panda | Platform for Architecture-Neutral Dynamic Analysis. |
| binary | pathgrind | Path-based, symbolically-assisted fuzzer. |
| binary | peda | Enhanced environment for gdb. |
| binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
| binary | pwntools | Useful CTF utilities. |
| binary | python-pin | Python bindings for pin. |
| binary | qemu | Latest version of qemu! |
| binary | qira | Parallel, timeless debugger. |
| binary | radare2 | Some crazy thing crowell likes. |
| binary | rp++ | Another gadget finder. |
| binary | shellnoob | Shellcode writing helper. |
| binary | snowman | Cross-architecture decompiler. |
| binary | taintgrind | A valgrind taint analysis tool. |
| binary | villoc | Visualization of heap operations. |
| binary | virtualsocket | A nice library to interact with binaries. |
| binary | xrop | Gadget finder. |
| forensics | binwalk | Firmware (and arbitrary file) analysis tool. |
| forensics | dislocker | Tool for reading Bitlocker encrypted partitions. |
| forensics | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. |
| forensics | firmware-mod-kit | Tools for firmware packing/unpacking. |
| forensics | pdf-parser | Tool for digging in PDF files |
| forensics | scrdec | A decoder for encoded Windows Scripts. |
| forensics | testdisk | Testdisk and photorec for file recovery. |
| crypto | cribdrag | Interactive crib dragging tool (for crypto). |
| crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
| crypto | hashpump | A tool for performing hash length extension attaacks. |
| crypto | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. |
| crypto | hash-identifier | Simple hash algorithm identifier. |
| crypto | littleblackbox | Database of private SSL/SSH keys for embedded devices. |
| crypto | msieve | Msieve is a C library implementing a suite of algorithms to factor large integers. |
| crypto | pemcrack | SSL PEM file cracker. |
| crypto | pkcrack | PkZip encryption cracker. |
| crypto | python-paddingoracle | Padding oracle attack automation. |
| crypto | reveng | CRC finder. |
| crypto | ssh_decoder | A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash. |
| crypto | sslsplit | SSL/TLS MITM. |
| crypto | xortool | XOR analysis tool. |
| crypto | yafu | Automated integer factorization. |
| web | burpsuite | Web proxy to do naughty web stuff. |
| web | commix | Command injection and exploitation tool. |
| web | dirs3arch | Web path scanner. |
| web | sqlmap | SQL injection automation engine. |
| web | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
| stego | sound-visualizer | Audio file visualization. |
| stego | steganabara | Another image steganography solver. |
| stego | stegdetect | Steganography detection/breaking tool. |
| stego | stegsolve | Image steganography solver. |
| android | apktool | Dissect, dis-assemble, and re-pack Android APKs |
There are also some installers for non-CTF stuff to break the monotony!
| Category | Tool | Description |
|---|---|---|
| game | Dwarf Fortress | Something to help you relax after a CTF! |
To use, do:
# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc
# list the available tools
manage-tools list
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
# search for a tool
manage-tools search preloadWhere possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall).
To support python dependencies, however, make sure to create a virtualenv before installing and using tools (i.e., mkvirtualenv --system-site-packages ctf. The --system-site-packages is there for easier reuse of apt-gotten python packages where necessary).
Something not working? I didn't write (almost) any of these tools, but hit up #ctf-tools on freenode if you're desperate. Maybe some kind soul will help!
By popular demand, a Dockerfile has been included. You can build a docker image with:
git clone https://github.com/zardus/ctf-tools
docker build -t ctf-tools .And run it with:
docker run -it ctf-toolsThe built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).
You can build a Vagrant VM with:
wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant upAnd connect to it via:
vagrant sshTo add a tool (say, named toolname), do the following:
- Create a
toolnamedirectory. - Create an
installscript. - (optional) if special uninstall steps are required, create an
uninstallscript.
The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible.
Ideally, full uninstallation should be possible with a git clean.
The install script should create a bin directory and put its executables there.
These executables will be automatically linked into the main bin directory for th
5EA0
e repo.
They could be launched from any directory, so don't make assumptions about the location of $0!
The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is "starware". If you find it useful, star it on github (https://github.com/zardus/ctf-tools).
Good luck!
There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/awesome-ctf.
There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.
These tools are present in the Debian or Ubuntu repos (in an adequately new version). They're not included in ctf-tools, but are included here as notes for the author.
| Category | Package | Description | Package |
|---|---|---|---|
| forensics | foremost | File carver. | foremost |
| dsniff | dsniff | Grabs passwords and other data from pcaps/network streams. | dsniff |
| Category | Package | Description | Repo/deb |
|---|---|---|---|
| stego | sound-visualizer | Audio file visualization. | deb |