CyberSecurity CTF Tools

In addition a knowledge of basic Linux commands, access to the following tools (or equivalent tools) are recommended as preparation for an entry level Capture-the-Flag (CTF) competition. Use what ever works for you!

  1. General Competition Tools:
  2. Open Source Intelligence:
  3. Steganography Tools:
    • StegOnline – web-based open-source port of StegSolve.
    • Hex Editor – browser based hex editor
    • strings‘ – Linux command to view visible text characters
    • binwalk‘ – Linux command to extract embedded files and executables
    • Digital Invisible Ink Toolkit – hide/extract files from inside an image 
    • Steghide  – open source steganography software (Linux)
    • Stegosuite – a free steganography tool written in Java (Linux).
    • pngcheck – look for/correct broken chunks.
    • – Geo Explore Colour & Bit Planes (Go to “Browse Bit Planes”)
  4. Crytography Decoders:
  5. Password Cracking:
    1. Hash-Identifier – Identifies hash type (Kali)
    2. Hashcat  – HASH cracking tool (Kali)
    3. Crackstation – Browser based Hash Cracker:  (
    4. md5sum – calculates/verifies 128-bit MD5 hashes,
    5. John the Ripper – Detect and crack weak PWs (Kali).
    6. Rockyou.txt WordList (download) –  contains 14m unique PWs (Kali).
  6. Web Exploitation:
    1. /robots.txt –  lists pages or files that search engines can’t request,
    2. Dirbuster – brute force discovery of hidden directories/files (Kali)
    3. Development Tools – Browser option use to inspect source and cookies.
    4. User Agent Extension – allows browser to switch user agent .
  7. Log Analysis:
  8. Scanning:
    1. Nmap – utility for network discovery and auditing
    2. Dirbuster – Scan web sites for hidden web pages
    3. Metasploit Framework – scan for known vulnerabilities (Kali)
    4. Recon-ng – perform recon on remote targets (Kali).
    5. – Info on who is hosting a website
  9. Network Traffic Analysis:
    1. Wireshark – GUI based traffic capture and analysis tool (Kali, Windows or Mac OS).
    2. tcpdump –  packet analyzer utility for Linux command line 
    3. WinDump – Windows version on tcpdump.
    4. ngrep – search for strings in network packets
  10. Enumeration and Exploitation:
    1. File’ Command – determine a file type (including executables)
    2. ‘Strings’ Command – Display text comments in an executable.
    3. Hex Editor – view executable for visible text stings
    4. xxd  -r’ Command – convert a hex dump back to its original binary form
    5. Ghidra – reverse engineering tool developed by the NSA
    6. Objdump -d  – Linux command line dis-assembler
    7. Netcat  – utility that reads and writes data across network
    8. uncompyle6 – translates Python bytecode back into source
    9. GDB – Inspect memory w/in the code being debugged
    10. Pwntools – a CTF framework and exploit development library.
  11. Wireless Exploitation:
    1. Wigle.Net – Wifi info database for hotspots from around the world
    2. Kali Linux – Linux suite of cybersecurity tools
    3. Wireshark – network packet analysis
    4. Aircrack- ng – tools to assess WiFi network security
    5. ifconfig‘ command –   configure and query TCP/IP network interface parameters
    6. Stumbler  (set SSID to ANY) active mode (Windows)
    7. Kismet : both war-drive and sniffer. Uses passive mode (Linux)