Pentest Tools
Published on March 19th, 2016 📆 | 8248 Views ⚑
0CTF-Tools – Some setup scripts for security research tools
This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth.
[adsense size='1']
Installers for the following tools are included:
Category | Tool | Description |
---|---|---|
binary | afl | State-of-the-art fuzzer. |
binary | angr | Next-generation binary analysis engine from Shellphish. |
binary | barf | Binary Analysis and Reverse-engineering Framework. |
binary | bindead | A static analysis tool for binaries. |
binary | checksec | Check binary hardening settings. |
binary | codereason | Semantic Binary Code Analysis Framework. |
binary | crosstool-ng | Cross-compilers and cross-architecture tools. |
binary | cross2 | A set of cross-compilation tools from a Japanese book on C. |
binary | elfkickers | A set of utilities for working with ELF files. |
binary | elfparser | Quickly determine the capabilities of an ELF binary through static analysis. |
binary | evilize | Tool to create MD5 colliding binaries |
binary | gdb | Up-to-date gdb with python2 bindings. |
binary | panda | Platform for Architecture-Neutral Dynamic Analysis. |
binary | pathgrind | Path-based, symbolically-assisted fuzzer. |
binary | peda | Enhanced environment for gdb. |
binary | preeny | A collection of helpful preloads (compiled for many architectures!). |
binary | pwntools | Useful CTF utilities. |
binary | python-pin | Python bindings for pin. |
binary | qemu | Latest version of qemu! |
binary | qira | Parallel, timeless debugger. |
binary | radare2 | Some crazy thing crowell likes. |
binary | rp++ | Another gadget finder. |
binary | shellnoob | Shellcode writing helper. |
binary | shellsploit | Shellcode development kit. |
binary | snowman | Cross-architecture decompiler. |
binary | taintgrind | A valgrind taint analysis tool. |
binary | villoc | Visualization of heap operations. |
binary | virtualsocket | A nice library to interact with binaries. |
binary | xrop | Gadget finder. |
forensics | binwalk | Firmware (and arbitrary file) analysis tool. |
forensics | dislocker | Tool for reading Bitlocker encrypted partitions. |
forensics | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. |
forensics | firmware-mod-kit | Tools for firmware packing/unpacking. |
forensics | pdf-parser | Tool for digging in PDF files |
forensics | scrdec | A decoder for encoded Windows Scripts. |
forensics | testdisk | Testdisk and photorec for file recovery. |
crypto | cribdrag | Interactive crib dragging tool (for crypto). |
crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
crypto | hashpump | A tool for performing hash length extension attaacks. |
crypto | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. |
crypto | hash-identifier | Simple hash algorithm identifier. |
crypto | littleblackbox | Database of private SSL/SSH keys for embedded devices. |
crypto | msieve | Msieve is a C library implementing a suite of algorithms to factor large integers. |
crypto | pemcrack | SSL PEM file cracker. |
crypto | pkcrack | PkZip encryption cracker. |
crypto | python-paddingoracle | Padding oracle attack automation. |
crypto | reveng | CRC finder. |
crypto | ssh_decoder | A tool for decoding ssh traffic. You will need ruby1.8 fromhttps://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run withssh_decoder --help for help, as running it with no arguments causes it to crash. |
crypto | sslsplit | SSL/TLS MITM. |
crypto | xortool | XOR analysis tool. |
crypto | yafu | Automated integer factorization. |
web | burpsuite | Web proxy to do naughty web stuff. |
web | commix | Command injection and exploitation tool. |
web | dirs3arch | Web path scanner. |
web | sqlmap | SQL injection automation engine. |
web | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
stego | sound-visualizer | Audio file visualization. |
stego | steganabara | Another image steganography solver. |
stego | stegdetect | Steganography detection/breaking tool. |
stego | stegsolve | Image steganography solver. |
android | apktool | Dissect, dis-assemble, and re-pack Android APKs |
There are also some installers for non-CTF stuff to break the monotony!
Category | Tool | Description |
---|---|---|
game | Dwarf Fortress | Something to help you relax after a CTF! |
[adsense size='1']
Usage
To use, do:
# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc
# list the available tools
manage-tools list
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
# search for a tool
manage-tools search preload
Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean
( NOTE , this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). To support python dependencies, however, make sure to create a virtualenv before installing and using tools (i.e., mkvirtualenv --system-site-packages ctf
. The --system-site-packages
is there for easier reuse of apt-gotten python packages where necessary).
Docker
By popular demand, a Dockerfile has been included. You can build a docker image with:
git clone https://github.com/zardus/ctf-tools
docker build -t ctf-tools .
And run it with:
docker run -it ctf-tools
The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).
Vagrant
You can build a Vagrant VM with:
wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant up
And connect to it via:
vagrant ssh
Adding Tools
To add a tool (say, named toolname ), do the following:
- Create a
toolname
directory. - Create an
install
script. - (optional) if special uninstall steps are required, create an
uninstall
script.
Gloss