# Best Tooling For CTF

<figure><img src="https://www.hucerc.com/wp-content/uploads/2021/11/CTF-icon1-300x169-1.jpg" alt=""><figcaption><p><strong>CyberSecurity CTF Tools</strong></p></figcaption></figure>

In addition a knowledge of basic Linux commands, access to the following tools (or equivalent tools) are recommended as preparation for an entry level Capture-the-Flag (CTF) competition. Use what ever works for you!

1. [**General Competition Tools**](http://www.hucerc.com/?page_id=2611)**:**
   * [**B**](http://www.hucerc.com/?page_id=1977)[**asic Linux Commands**](http://www.hucerc.com/?page_id=1977)
   * [**Kali Linux**](http://www.hucerc.com/?page_id=1856)
   * &#x20;[**Google Chrome SSH**](https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo?hl=en) – Lightweight SSH Browser addon:
   * [**Number / Text Conversion Tools**](http://www.hucerc.com/?page_id=1972)**:**
     * [Number Converter](https://www.rapidtables.com/convert/number/index.html) ( Binary, Octal, Decimal, Hex)
     * [Hex to ASCII (text)](https://www.rapidtables.com/convert/number/hex-to-ascii.html)
     * [Binary to Text](https://www.rapidtables.com/convert/number/binary-to-ascii.html)
     * [Text to Numbers](https://cryptii.com/pipes/text-decimal) (Hex, Decimal, Binary)
     * [Base64 ](https://base64.guru/converter/decode)(Text, Hex, Video, Audio, etc. )
     * [Base2-Base36](https://www.translatorscafe.com/unit-converter/en-US/numbers/3-23/decimal-base-20/) – Base2 to Base36 Converter
2. [**Open Source Intelligence**](http://www.hucerc.com/?page_id=2183):
   * Google, [Google Maps](https://www.google.com/maps), [Google Dorks (operators)](https://securitytrails.com/blog/google-hacking-techniques)
   * [whois.domaintools.com](http://whois.domaintools.com/)  – Domain owners, name servers info, IP addresses&#x20;
   * [www.robtex.com](https://www.robtex.com/) – Host name, IP , DNS and registry information
   * [Jeffrey’s Image Meta Data Viewer](http://exif.regex.info/exif.cgi) –  Image Meta Data info
3. [**Steganography Tools:**](http://www.hucerc.com/?page_id=2679)
   * [**StegOnline**](https://stylesuxx.github.io/steganography/) – web-based open-source port of StegSolve.
   * [**Hex Editor**](https://hexed.it/?hl=en) – browser based hex editor
   * ‘[***strings***](https://www.howtogeek.com/427805/how-to-use-the-strings-command-on-linux/)‘ – Linux command to view visible text characters
   * ‘[***binwalk***](https://tools.kali.org/forensics/binwalk)‘ – Linux command to extract embedded files and executables
   * [**Digital Invisible Ink Toolkit**](http://diit.sourceforge.net/) – hide/extract files from inside an image&#x20;
   * [**Steghide**](http://steghide.sourceforge.net/)  – open source steganography software (Linux)
   * [**Stegosuite**](https://stegosuite.org/) – a free steganography tool written in Java (Linux).
   * [**pngcheck**](http://www.libpng.org/pub/png/apps/pngcheck.html) – look for/correct broken chunks.
   * [**GeorgeOM.net**](https://georgeom.net/StegOnline/upload) – Geo Explore Colour & Bit Planes (Go to “Browse Bit Planes”)
4. [**Crytography Decoders:**](https://en.wikipedia.org/wiki/Substitution_cipher)
   * [**XOR Decorder**](http://xor.pw/) – Calculate exclusive ‘OR’ operation
   * [**Caesar Cipher**](https://cryptii.com/pipes/caesar-cipher) – Shift Cipher
   * [**ROT13**](http://www.unit-conversion.info/texttools/rot13/#data) – Shift Cipher
   * [**A1Z26**](https://planetcalc.com/4884/) – Replace Letters with Numbers
   * [**Vigenere Cipher** ](http://rumkin.com/tools/cipher/vigenere.php) (requires a key)
   * [**Atbash Cipher (simple)**](http://rumkin.com/tools/cipher/atbash.php)
   * [**Vernan**](https://www.dcode.fr/vernam-cipher-vigenere) **(**[**One-time Pad**](https://en.wikipedia.org/wiki/One-time_pad)**)**
   * [**Rail Fence Cipher (ZigZag)**](http://rumkin.com/tools/cipher/railfence.php)
5. [**Password Cracking**](http://www.hucerc.com/?page_id=2443)**:**
   1. [**Hash-Identifier**](https://tools.kali.org/password-attacks/hash-identifier) – Identifies hash type (Kali)
   2. [**Hashcat**](https://hashcat.net/wiki/doku.php?id=hashcat)  – HASH cracking tool (Kali)
   3. **Crackstation** – Browser based Hash Cracker:  (<https://crackstation.net/>)
   4. [**md5sum**](https://en.wikipedia.org/wiki/Md5sum) – calculates/verifies 128-bit [MD5](https://en.wikipedia.org/wiki/MD5) [hashes](https://en.wikipedia.org/wiki/Cryptographic_hash_function),
   5. [**John the Ripper**](https://en.wikipedia.org/wiki/John_the_Ripper) – Detect and crack weak PWs (Kali).
   6. [**Rockyou.txt WordList**](https://www.kaggle.com/wjburns/common-password-list-rockyoutxt) (download) –  contains 14m unique PWs (Kali).
6. [**Web Exploitation**:](http://www.hucerc.com/?page_id=2447)
   1. **/robots.txt –**  lists pages or files that search engines can’t request,
   2. [**Dirbuster**](https://tools.kali.org/web-applications/dirbuster) **–** brute force discovery of **hidden** directories/files (Kali)
   3. [**Development Tools**](https://developers.google.com/web/tools/chrome-devtools#discover) **–** Browser option use to inspect source and cookies.
   4. **User Agent Extension** – allows browser to switch user agent .
7. [**Log Analysis:**](http://www.hucerc.com/?page_id=2193)
   * See [Basic Linux Commands](http://www.hucerc.com/?page_id=1977)
8. [**Scanning:**](http://www.hucerc.com/?page_id=2382)
   1. [**Nmap**](http://nmap.org/) – utility for network discovery and auditing
   2. [**Dirbuster**](https://tools.kali.org/web-applications/dirbuster) – Scan web sites for hidden web pages
   3. [**Metasploit Framework**](https://en.wikipedia.org/wiki/Metasploit_Project) – scan for known vulnerabilities (Kali)
   4. [**Recon-ng**](https://bitbucket.org/LaNMaSteR53/recon-ng) – perform recon on remote targets (Kali).
   5. [**W3bin.com**](http://w3bin.com/) – Info on who is hosting a website
9. [**Network Traffic Analysis**](http://www.hucerc.com/?page_id=2454)**:**
   1. [**Wireshark**](https://www.wireshark.org/) – GUI based traffic capture and analysis tool (Kali, Windows or Mac OS).
   2. [**tcpdump**](https://en.wikipedia.org/wiki/Tcpdump) –  [packet analyzer](https://en.wikipedia.org/wiki/Packet_analyzer) utility for Linux [command line](https://en.wikipedia.org/wiki/Command_line_interface)&#x20;
   3. [**WinDump**](https://www.winpcap.org/windump/) – Windows version on tcpdump.
   4. [**ngrep**](https://en.wikipedia.org/wiki/Ngrep) – search for strings in network packets
10. [**Enumeration and Exploitation**](http://www.hucerc.com/?page_id=2492)[**:**](http://www.hucerc.com/?page_id=2556)
    1. ‘**File’** **Command** – determine a file type (including executables)
    2. **‘Strings’ Command** – Display text comments in an executable.
    3. [**Hex Editor**](https://hexed.it/?hl=en) – view executable for visible text stings
    4. ‘[***xxd*****&#x20; -r’** ](https://www.tutorialspoint.com/unix_commands/xxd.htm)**Command** – convert a hex dump back to its original binary form
    5. [**Ghidra**](https://ghidra-sre.org/) – reverse engineering tool developed by the NSA
    6. [***Objdump -d***](https://golang.org/cmd/objdump/)  – Linux command line dis-assembler
    7. [**Netcat** ](https://en.wikipedia.org/wiki/Netcat) – utility that reads and writes data across network
    8. [**uncompyle6**](https://pypi.org/project/uncompyle6/) **–** translates Python bytecode back into source
    9. [**GDB**](https://www.gnu.org/software/gdb/) – Inspect memory w/in the code being debugged
    10. [**Pwntools**](http://docs.pwntools.com/en/stable/) – a CTF framework and exploit development library.
11. [**Wireless Exploitation**](http://www.hucerc.com/?page_id=2556):
    1. [**Wigle.Net**](https://wigle.net/) – Wifi info database for hotspots from around the world
    2. [**Kali Linux**](https://www.kali.org/downloads/) – Linux suite of cybersecurity tools
    3. [**Wireshark**](https://www.wireshark.org/#download) – network packet analysis
    4. [**Aircrack- ng**](https://www.wireshark.org/#download) – tools to assess WiFi network security
    5. ‘[*i**fconfig***](https://en.wikipedia.org/wiki/Ifconfig)‘ command –   configure and query [TCP/IP](https://en.wikipedia.org/wiki/TCP/IP) network interface parameters
    6. [**Stumbler**](http://www.netstumbler.com/downloads/)  (set SSID to ANY) active mode (Windows)
    7. [**Kismet**](http://www.kismetwireless.net/documentation.shtml) : both war-drive and sniffer. Uses passive mode (Linux)

### References:

* [Basic Cyber Competition Skill Domains](http://www.hucerc.com/?page_id=609)
* [Cybersecurity Capture-the-flag (CTF) Competition Tips](http://www.hucerc.com/?page_id=2140)
* [CTF101 – Cryptography](https://ctf101.org/cryptography/overview/)
* [CTF101 – Forensics](https://ctf101.org/forensics/overview/)
* [CTF101 – Web Exploitation](https://ctf101.org/web-exploitation/overview/)
* [CTF101 – Reverse Engineering](https://ctf101.org/reverse-engineering/overview/)
* [CTF101 – Binary Exploitation](https://ctf101.org/binary-exploitation/overview/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hexinuni.gitbook.io/readme/cybersecurity-tool/ctf/best-tooling-for-ctf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.