CTF Toolbox | A list of usefull tools for pentesting

In general if I stumble into a challenge I need a vulnerability I will try to search hacktricks

Cryptography

• Substitution cipher or vigenere ciphers (without key): quipqiup.com
• SageMath: sagemath.org
• Generate private key with knowledge of p and q: RSATool
• CyberChef: cyberchef.org
• RsaCtfTool: RsaCtfTool - RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

Forensics

• Autopsy: autopsy.com
• EXIF Viewer: onlineexifviewer.com
• Hydra - FTP/SSH bruteforce
• Crackstation: crackstation.net
• Analyze audio files: Audacity - apt-get install audacity
• Find and extract zlib files compressed in PDF files: PDF Streams Inflater
• Used to analyze pcap or pcapng files: Wireshark
• Binwalk: binwalk.org
• Foremost: foremost
• Volatility: volatility - An advanced memory forensics framework

Stegonography

• StegOnline: StegOnline
• Stegsolve: Stegsolve
• StegHide: stegseek
• JPEG steganography: jsteg
• zsteg: zsteg

OSINT

• sherlock (social media accounts): github.com/sherlock-project/sherlock
• theHarvester github.com/laramies/theHarvester
• Google Images: images.google.com
• Whois History: osint.sh/whoishistory
• DNS Dumpster: dnsdumpster.com
• crt.sh - Certificate Search: crt.sh
• pimeyes: pimeyes.com - Face Search Engine Reverse Image Search
• Shodan: shodan.io - Search for vulnerabilities on publicly exposed services
• SpiderFoot: spiderfoot

Misc

• Nothing yet.

Reverse Engineering

• GDB: apt install gbd
• Ghidra: github.com/NationalSecurityAgency/ghidra/
• IDA: hex-rays.com/ida-free
• Regex: regex101.com
• Decompiler Explorer: dogbolt.org
• radare2: radare2 - UNIX-like reverse engineering framework and command-line toolset
• .NET decompiler: CodemerxDecompile
• Program for determining types of files for Windows, Linux and MacOS. Detect It Easy

Python Reverse Engineering

• Python bytecode decompiler (.pyc): https://pylingual.io/
• PyInstaller Extractor: https://pyinstxtractor-web.netlify.app/

Web Exploitation

• DirBuster: www.kali.org/tools/dirbuster
• BurpSuite: BurpSuite
• SQLMap: SQLMap
• Postman: Postman
• domain.ltd/robots.txt

Pentesting

• HackTricks: https://book.hacktricks.xyz
• Nmap: https://nmap.org/
• Metasploit: https://www.metasploit.com/
• gobuster: gobuster