CTF Tools and Resources
Useful tools and references, click on tool name to visit download page or access reference materials
--Tool names in italics are native to Kali
Multi-use tools
- CyberChef : Great tool for multi-layer crypto challenges, basic stego, and deobfuscation
Stego Tools
- StegOnline : Online tool to manipulate RGB values in an image, modify image for least significant bit (LSB)
- Sonic Visualiser : Downloadable tool that visualizes and analyzes audio recordings, great for audio stego challenges
- ffmpeg : Converts audio files to different formats and demodulates audio to find hidden messages, among other audio file manipulations
- steghide : Basic command-line stego tool to extract embedded data from media files
- PhonoPaper : Phone app that plays audio and therefore exposes hidden messages from equalizer-seeming images (link is to Google app store but it's also available in the Apple App Store)
- PDF Parser : Python-based command-line tool that parses through PDF files and identifies fundamental elements
Decryption Tools
- Cryptii : Online Caesar cipher decoder that allows you to manipulate case, foreign characters, decoding alphabet, and numbers
- Base64 Decode/Encode : Basic online base64 decoder/encoder
Password Crackers/Brute Force Tools
- fcrackzip : Command-line tool for cracking legacy hashes on zip files, link provided is a comprehensive guide. Can be installed on Kali using :
sudo apt-get install fcrackzip
- dirb : Command-line tool that scans for existing and/or hidden web objects. Do not use this tool if the CTF organizers ask participants to not brute-force challenges.
- John the Ripper : Command-line tool that cracks cleartext and hashed passwords
Reverse Engineering
- Ghidra : Open-source reverse engineering tool developed by the National Security Agency compatible with Windows, Mac, and Linux
Javascript Deobfuscation
JSNice: Makes Javascript code more readable
JSBeautify.io: Makes Javascript code more readable, structures whitespace/code structure to be more legible
JSConsole: Allows testing of Javascript code