Getting Started with CTFs

CTF starting

CTF Competitions

CTF Guides and Resources

CTF Frameworks or All-In One Tools for CTF

  • PwnTools – a CTF framework and exploit development library used by Gallopsled in every CTF
  • ctf-tools – a Github repository of open source scripts for your CTF needs like binwalk and apktool
  • Metasploit Framework – aside from being a penetration testing framework and software, Metasploit has modules for automatic exploitation and tools for crafting your exploits like find_badchars.rb, egghunter.rb, patter_offset.rb, pattern_create.rb, etc.
  • ROPgadget – used for ROP exploitation
  • Peda – Python Exploit Development Assistance for GDB
  • Google – where you can ask some questions

Reverse Engineering Tools, Decompilers and Debuggers

  • Immunity Debugger – a debugger similar to OllyDbg that has some cool plugins with the use of Python
  • OllyDbg – the most disassembly-based and GUI debugger for Windows
  • SWFScan – allows you to decompile Flash files
  • gdb – GNU Debugger
  • IDA Pro – Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • WinDbg – Windows Debugger distributed by Microsoft
  • Apktool – a tool for reversing Android apk files
  • PE Tool – provide a handful of useful tools for working with Windows PE executables
  • UPX – Ultimate Packer for eXecutables
  • dex2jar (Android)
  • Radare2 – Unix-like reverse engineering framework and commandline tools
  • Strace – a system call tracer and another debugging tool
  • Objdump – part of GNU Binutils
  • PEID – used to determine if any obfuscator was used to pack the executable file. The open source packer that is often used is the UPX packer

Tools for Static Code Analysis

  • RIPS – a static code analyzer for auditing vulnerabilities in PHP applications
  • HP Fortify Static Code Analyzer – also known as Fortify SCA which is a commercial software that is a multi-language auditor for vulnerabilities
  • OWASP Code Crawler – a static code review tool for .NET and J2EE/JAVA code which supports the OWASP Code Review Project
  • OWASP LAPSE Project – security auditing tool for detecting vulnerabilities in Java EE Applications
  • Flawfinder – a static source code analyzer that examines C/C++ source code and reports possible security weaknesses


  • Strings – allows you to search and extract ASCII and UNICODE strings from a binary
  • SANS SIFT – SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu Live CD
  • ProDiscover Basic – evidence analyzer and data imaging tool
  • Volatility – memory forensics framework
  • The Sleuth Kit – open source digital forensics tool
  • FTK Imager – data preview and imaging tool
  • IPhone Analyzer – used for iPhone Forensics but only supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
  • Xplico – network forensics tool
  • Binwalk – firmware analysis tool which allows you to extract the firmware image
  • ExifTool – a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of file formats like EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony
  • dd – a command line utility for Unix and Linux which allows you to copy and convert files
  • CAINE – Computer Aided INvestigative Environment is a Live GNU/Linux distribution which is aimed for digital forensics
  • Autopsy – GUI to the command line digital investigation analysis tools in The Sleuth Kit
  • Any Hex Editors will do
  • DEFT Linux – Digital Evidence & Forensics Toolkit Linux distribution
  • Windows Sysiternals – consist of Windows system utilities that contain various useful programs


  • Hashdump
  • Sage
  • John The Ripper – is a free and fast password cracker available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS
  • Cryptool – open source e-learning tool illustrating cryptographic and cryptanalytic concepts
  • – online decoder and encoder for crypto and most people who are joining CTF competitions have this website opened while playing


  • Steghide – a stega tool that can be used for embedding or extracting data in various kinds of image and audio files
  • Ffmpeg – cross-platform software to record, convert and stream audio and video
  • Gimp – GNU Image Manipulation Program
  • Audacity – free audio auditor and recorder
  • Stepic – python image steganography
  • Pngcheck – PNG tester and debugger which verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data)
  • OpenStego – free steganography solution
  • OutGuess
  • StegFS
  • MP3Stego – allows you to hide text in MP3 files
  • AtomicParsley – command line program for reading, parsing and setting metadata into MPEG-4 files
  • Foremost – a console program used for file recovery

For Web Vulnerability Hunting or Web Exploitation

  • Burp Suite – commonly used for web application security testing and usually for finding manual web vulnerabilities which has an intercepting proxy and customizable plugins
  • OWASP ZAP – an Open Web Application Security Project similar to Burp but free and open source
  • WPScan – a blackbox WordPress Vulnerability Scanner
  • W3af – open source web application security scanner
  • OWASP Dirbuster – directory bruteforce or discovery tool
  • Bizploit – open source ERP Penetration Testing framework


  • aircrack-ng Suite – an open source WEP/WPA/WPA2 cracking tool which is usually bundled in most pentesting distributions
  • reaver – WiFi Protected Setup attacker tool
  • Kismet – 802.11 layer2 wireless network detector, sniffer, and intrusion detection system
  • Pixiewps – a tool used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack)
  • Nmap – an open source port scanner which has plugins for vulnerability assessment and net discovery
  • Wireshark – network sniffer and network protocol analyzer for Unix and Windows
  • Netcat -the TCP/IP swiss army
  • Captipper – a python tool to analyze, explore, and revive HTTP malicious traffic
  • Scapy – a powerful interactive packet manipulation program

For Your Protection in Attack in Defend

  • Snort – lightweight and free network intrusion detection system for UNIX and Windows
  • Iptables
  • Any Antivirus and Two-Way firewall will do
  • Chellam – Wi-Fi IDS/Firewall for Windows which detect Wi-Fi attacks, such as Honeypots, Evil Twins, Mis-association, and Hosted Network based backdoors etc., against a Windows based client without the need of custom hardware or drivers
  • peepdf – Python tool to explore PDF files in order to find out if the file can be harmful or not
  • Android IMSI-Catcher Detector – Android app for detecting IMSI-Catchers

Some Linux Distributions Ideal for CTF

  • Santoku Linux – GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs
  • Kali Linux – a fully packed penetration testing Linux distribution based on Debian
  • BackBox Linux – a simplistic penetration testing distro based on Ubuntu
  • CAINE – Computer Aided I
  • Nvestigative Environment is a Live GNU/Linux distribution which is aimed for digital forensics
  • DEFT Linux – Digital Evidence & Forensics Toolkit Linux distribution

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


  1. Great blog here! Also your website loads up fast! What host are you
    using? Can I get your affiliate link to your host? I wish my website loaded up as quickly as
    yours lol

    my web page buy CBD

  2. I am really inspired along with your writing skills and also with the structure for your blog. Is this a paid topic or did you modify it yourself? Anyway keep up the nice high quality writing, it is uncommon to see a nice blog like this one today.

  3. Way cool! Some extremely valid points! I appreciate you writing
    this article plus the rest of the site is very

  4. I抦 impressed, I have to say. Really rarely do I encounter a weblog that抯 both educative and entertaining, and let me inform you, you may have hit the nail on the head. Your idea is outstanding; the issue is one thing that not sufficient people are talking intelligently about. I am very comfortable that I stumbled across this in my seek for something relating to this.

  5. Nice post. I learn something more challenging on totally different blogs everyday. It’ll at all times be stimulating to read content material from other writers and practice a bit something from their store. I抎 desire to use some with the content on my weblog whether you don抰 mind. Natually I抣l provide you with a link in your net blog. Thanks for sharing.

  6. There are actually quite a lot of details like that to take into consideration. That is a great level to carry up. I provide the ideas above as common inspiration but clearly there are questions just like the one you deliver up the place a very powerful factor might be working in sincere good faith. I don?t know if finest practices have emerged around issues like that, but I am certain that your job is clearly recognized as a fair game. Each boys and girls feel the impression of only a second抯 pleasure, for the remainder of their lives.

  7. I enjoy looking through a post that can make people think. Also, thanks for allowing for me to comment!|

  8. Hey there! This is kind of off topic but I need some help from an established blog. Is it very hard to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about creating my own but I’m not sure where to begin. Do you have any points or suggestions? Many thanks|

  9. I’m impressed, I must say. Rarely do I encounter a blog that’s equally educative and entertaining, and let me tell you, you have hit the nail on the head. The issue is something too few people are speaking intelligently about. I am very happy that I came across this during my hunt for something relating to this.|

  10. Hello, i think that i saw you visited my blog thus i came to “return the favor”.I am attempting to find things to improve my web site!I suppose its ok to use some of your ideas!!|

  11. An impressive share! I have just forwarded this onto a co-worker who had been conducting a little homework on this. And he in fact bought me breakfast due to the fact that I discovered it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanks for spending some time to discuss this topic here on your web page.|

  12. It’s truly very difficult in this active life to listen news on TV, therefore I only use the web for that reason, and take the most recent news.|

  13. Howdy would you mind stating which blog platform you’re using? I’m planning to start my own blog in the near future but I’m having a tough time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I’m looking for something unique. P.S My apologies for getting off-topic but I had to ask!|

  14. Hi there would you mind letting me know which web host you’re using? I’ve loaded your blog in 3 completely different internet browsers and I must say this blog loads a lot faster then most. Can you recommend a good hosting provider at a reasonable price? Thank you, I appreciate it!|

  15. Thank you a bunch for sharing this with all folks you really realize what you’re speaking approximately! Bookmarked. Kindly additionally consult with my site =). We may have a hyperlink exchange contract between us|

  16. Hey there, I think your site might be having browser compatibility issues. When I look at your website in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, great blog!|

  17. I do not even know the way I finished up here, but I thought this put up was good. I do not recognize who you are however definitely you’re going to a famous blogger when you aren’t already. Cheers!|

  18. It’s great that you are getting thoughts from this post as well as from our discussion made at this place.|

Leave a Reply

Your email address will not be published. Required fields are marked *