Best Tooling For CTF

CyberSecurity CTF Tools

In addition a knowledge of basic Linux commands, access to the following tools (or equivalent tools) are recommended as preparation for an entry level Capture-the-Flag (CTF) competition. Use what ever works for you!

1. General Competition Tools:

   • Basic Linux Commands

   • Kali Linux

   • Google Chrome SSH – Lightweight SSH Browser addon:

   • Number / Text Conversion Tools:

     • Number Converter ( Binary, Octal, Decimal, Hex)

     • Hex to ASCII (text)

     • Binary to Text

     • Text to Numbers (Hex, Decimal, Binary)

     • Base64 (Text, Hex, Video, Audio, etc. )

     • Base2-Base36 – Base2 to Base36 Converter

2. Open Source Intelligence:

   • Google, Google Maps, Google Dorks (operators)

   • whois.domaintools.com – Domain owners, name servers info, IP addresses

   • www.robtex.com – Host name, IP , DNS and registry information

   • Jeffrey’s Image Meta Data Viewer – Image Meta Data info

3. Steganography Tools:

   • StegOnline – web-based open-source port of StegSolve.

   • Hex Editor – browser based hex editor

   • ‘strings‘ – Linux command to view visible text characters

   • ‘binwalk‘ – Linux command to extract embedded files and executables

   • Digital Invisible Ink Toolkit – hide/extract files from inside an image

   • Steghide – open source steganography software (Linux)

   • Stegosuite – a free steganography tool written in Java (Linux).

   • pngcheck – look for/correct broken chunks.

   • GeorgeOM.net – Geo Explore Colour & Bit Planes (Go to “Browse Bit Planes”)

4. Crytography Decoders:

   • XOR Decorder – Calculate exclusive ‘OR’ operation

   • Caesar Cipher – Shift Cipher

   • ROT13 – Shift Cipher

   • A1Z26 – Replace Letters with Numbers

   • Vigenere Cipher (requires a key)

   • Atbash Cipher (simple)

   • Vernan (One-time Pad)

   • Rail Fence Cipher (ZigZag)

5. Password Cracking:

   1. Hash-Identifier – Identifies hash type (Kali)

   2. Hashcat – HASH cracking tool (Kali)

   3. Crackstation – Browser based Hash Cracker: (https://crackstation.net/)

   4. md5sum – calculates/verifies 128-bit MD5 hashes,

   5. John the Ripper – Detect and crack weak PWs (Kali).

   6. Rockyou.txt WordList (download) – contains 14m unique PWs (Kali).

6. Web Exploitation:

   1. /robots.txt – lists pages or files that search engines can’t request,

   2. Dirbuster – brute force discovery of hidden directories/files (Kali)

   3. Development Tools – Browser option use to inspect source and cookies.

   4. User Agent Extension – allows browser to switch user agent .

7. Log Analysis:

   • See Basic Linux Commands

8. Scanning:

   1. Nmap – utility for network discovery and auditing

   2. Dirbuster – Scan web sites for hidden web pages

   3. Metasploit Framework – scan for known vulnerabilities (Kali)

   4. Recon-ng – perform recon on remote targets (Kali).

   5. W3bin.com – Info on who is hosting a website

9. Network Traffic Analysis:

   1. Wireshark – GUI based traffic capture and analysis tool (Kali, Windows or Mac OS).

   2. tcpdump – packet analyzer utility for Linux command line

   3. WinDump – Windows version on tcpdump.

   4. ngrep – search for strings in network packets

10. Enumeration and Exploitation:

    1. ‘File’ Command – determine a file type (including executables)

    2. ‘Strings’ Command – Display text comments in an executable.

    3. Hex Editor – view executable for visible text stings

    4. ‘xxd -r’ Command – convert a hex dump back to its original binary form

    5. Ghidra – reverse engineering tool developed by the NSA

    6. Objdump -d – Linux command line dis-assembler

    7. Netcat – utility that reads and writes data across network

    8. uncompyle6 – translates Python bytecode back into source

    9. GDB – Inspect memory w/in the code being debugged

    10. Pwntools – a CTF framework and exploit development library.

11. Wireless Exploitation:

    1. Wigle.Net – Wifi info database for hotspots from around the world

    2. Kali Linux – Linux suite of cybersecurity tools

    3. Wireshark – network packet analysis

    4. Aircrack- ng – tools to assess WiFi network security

    5. ‘ifconfig‘ command – configure and query TCP/IP network interface parameters

    6. Stumbler (set SSID to ANY) active mode (Windows)

    7. Kismet : both war-drive and sniffer. Uses passive mode (Linux)

References:

• Basic Cyber Competition Skill Domains

• Cybersecurity Capture-the-flag (CTF) Competition Tips

• CTF101 – Cryptography

• CTF101 – Forensics

• CTF101 – Web Exploitation

• CTF101 – Reverse Engineering

• CTF101 – Binary Exploitation