Virtual Machines / Distributions | |
Reverse Engineering | REMnux Flare-VM |
Android | Androl4b |
Generic pentesting | Kali linux Edmonton Police Service Technological Crimes Unit (TCU) VM |
Lists (You may also want to have a look at the preinstalled tools of the VMs) | |
Awesome lists | zardus/ctf-tools psdehal/awesome-ctf MrMugiwara/CTF-Tools SandySekharan/CTF-tool |
Misc | werew/CTFtools |
Online tools | |
Encoding/Decoding |
CyberChef dCode |
Image forensics |
Forensically FotoForensics |
File formats/Binary analysis |
Kaitai FileFormat.Info |
Deobfuscators/beautifiers |
JStillery |
Reverse Engineering |
Compiler Explorer Java Decompilers |
Crypto |
cryptool.org rumkin.com CyberChef dCode |
Program analysis (reverse engineering, pwning, etc.) | ||
Reverse engineering frameworks | radare2 | Unix-like opensource reversing framework |
ghidra | A software reverse engineering (SRE) suite of tools developed by NSA | |
Ida | Probably the most used reversing software | |
angr | Python binary analysis framework | |
Debuggers | gdb | The GNU Project Debugger |
pwndbg | Exploit Development and Reverse Engineering with GDB (peda 2.0) | |
x64dbg | Open-source debugger for windows | |
Symbolic/Concolic execution and SAT/SMT solvers |
angr | Python binary analysis framework |
Klee | Symbolic Execution Engine using LLVM bitcode | |
Manticore | Symbolic execution tool for analysis of binaries and smart contracts | |
z3 | Open source Microsoft's theorem prover | |
Triton | DBA framework for concolic execution, taint analysis etc. | |
ROP | Ropper | Gadget and ropchains finder for different architectures |
One Gadget | Tool for finding one gadget RCE in libc.so.6 | |
Dynamic instrumentation tools | Pin | Intel's dynamic binary instrumentation framework for IA-32, x86-64 and MIC |
Valgrind | Dynamic binary instrumentation using VEX (intended for heavyweight binary analysis) | |
Frida | Inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX | |
Fuzzing | AFL | Fuzzing using genetic algorithms and compile-time instrumentation |
Honggfuzz | Multi-platform fuzzer | |
Editing/manipulating executables | elf.h | Simply the header file <elf.h> |
LIEF | Library to parse, modify and abstract executables | |
CTF utilities | pwntools | CTF framework and exploit development library |
Java & Android | APKtool | A tool for reverse engineering Android apk files |
ByteCodeViewer | A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) | |
Emulation | qemu | Generic and open source machine emulator and virtualizer |
Unicorn | Multi-platform, multi-architecture CPU emulator framework (with python bindings) | |
Hex editors | 010 Editor | Editor with several binary templates and analysis tools |
Kaitai | Inspect and analyze files (has also a web IDE) | |
Source code explorers | Sourcetrail | Source code explorer to get productive on unfamiliar source code |
Forensics | ||
Memory dumps | Volatility | Analyze volatile memory (RAM) samples |
Binwalk | Tool for analyzing, reverse engineering, and extracting firmware image/td> | |
GIMP | Can be used to extract RAW pictures from memory dumps | |
The Sleuth Kit | Analyze disk images and recover files from them | |
fsck | Check and repair Linux file systems | |
Audio (and Waveforms-related) Forensic | Audacity | Inspect audio traces |
Network Forensic | Network Miner | Regenerate/reassemble transmitted files and certificates from PCAP files |
Wireshark | The world’s foremost and widely-used network protocol analyzer | |
Scapy | Scapy is a powerful interactive packet manipulation and inspection program | |
ZIP | brute_zlib | A simple script for brute-forcing zlib decompression (useful to extract data from corrupted archives) |
Crypto | ||
Libraries | cryptography | Python library with interfaces to common cryptographic algorithms |
Misc | python-paddingoracle | A portable, padding oracle exploit API |
HashPump | A tool to exploit the hash length extension attack | |
RSAtool | Calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d) | |
Networking | ||
Hosts discovery | Nmap | Utility for network discovery and security auditing |
Analyzing traffic and crafting packets | Wireshark | The world’s foremost and widely-used network protocol analyzer |
Scapy | Scapy is a powerful interactive packet manipulation and inspection program | |
Web | ||
Web proxies | OWASP ZAP | Web proxy and security-testing framework |
mitmproxy | A free and open source interactive HTTPS proxy |