--Tool names in italics are native to Kali

Multi-use tools

• CyberChef : Great tool for multi-layer crypto challenges, basic stego, and deobfuscation

Stego Tools

• StegOnline : Online tool to manipulate RGB values in an image, modify image for least significant bit (LSB)

• Sonic Visualiser : Downloadable tool that visualizes and analyzes audio recordings, great for audio stego challenges

• ffmpeg : Converts audio files to different formats and demodulates audio to find hidden messages, among other audio file manipulations

• steghide : Basic command-line stego tool to extract embedded data from media files

• PhonoPaper : Phone app that plays audio and therefore exposes hidden messages from equalizer-seeming images (link is to Google app store but it's also available in the Apple App Store)

• PDF Parser : Python-based command-line tool that parses through PDF files and identifies fundamental elements

Decryption Tools

• Cryptii : Online Caesar cipher decoder that allows you to manipulate case, foreign characters, decoding alphabet, and numbers

• Base64 Decode/Encode : Basic online base64 decoder/encoder

Password Crackers/Brute Force Tools

• fcrackzip : Command-line tool for cracking legacy hashes on zip files, link provided is a comprehensive guide. Can be installed on Kali using :

  sudo apt-get install fcrackzip
  

• dirb : Command-line tool that scans for existing and/or hidden web objects. Do not use this tool if the CTF organizers ask participants to not brute-force challenges.

• John the Ripper : Command-line tool that cracks cleartext and hashed passwords

Reverse Engineering

• Ghidra : Open-source reverse engineering tool developed by the National Security Agency compatible with Windows, Mac, and Linux

Javascript Deobfuscation

• JSNice: Makes Javascript code more readable

• JSBeautify.io: Makes Javascript code more readable, structures whitespace/code structure to be more legible

• JSConsole: Allows testing of Javascript code