| Virtual Machines / Distributions | |
| Reverse Engineering | REMnux Flare-VM |
| Android | Androl4b |
| Generic pentesting | Kali linux Edmonton Police Service Technological Crimes Unit (TCU) VM |
| Lists (You may also want to have a look at the preinstalled tools of the VMs) | |
| Awesome lists | zardus/ctf-tools psdehal/awesome-ctf MrMugiwara/CTF-Tools SandySekharan/CTF-tool |
| Misc | werew/CTFtools |
| Online tools | |
| Encoding/Decoding |
CyberChef dCode |
| Image forensics |
Forensically FotoForensics |
| File formats/Binary analysis |
Kaitai FileFormat.Info |
| Deobfuscators/beautifiers |
JStillery |
| Reverse Engineering |
Compiler Explorer Java Decompilers |
| Crypto |
cryptool.org rumkin.com CyberChef dCode |
| Program analysis (reverse engineering, pwning, etc.) | ||
| Reverse engineering frameworks | radare2 | Unix-like opensource reversing framework |
| ghidra | A software reverse engineering (SRE) suite of tools developed by NSA | |
| Ida | Probably the most used reversing software | |
| angr | Python binary analysis framework | |
| Debuggers | gdb | The GNU Project Debugger |
| pwndbg | Exploit Development and Reverse Engineering with GDB (peda 2.0) | |
| x64dbg | Open-source debugger for windows | |
| Symbolic/Concolic execution and SAT/SMT solvers |
angr | Python binary analysis framework |
| Klee | Symbolic Execution Engine using LLVM bitcode | |
| Manticore | Symbolic execution tool for analysis of binaries and smart contracts | |
| z3 | Open source Microsoft's theorem prover | |
| Triton | DBA framework for concolic execution, taint analysis etc. | |
| ROP | Ropper | Gadget and ropchains finder for different architectures |
| One Gadget | Tool for finding one gadget RCE in libc.so.6 | |
| Dynamic instrumentation tools | Pin | Intel's dynamic binary instrumentation framework for IA-32, x86-64 and MIC |
| Valgrind | Dynamic binary instrumentation using VEX (intended for heavyweight binary analysis) | |
| Frida | Inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX | |
| Fuzzing | AFL | Fuzzing using genetic algorithms and compile-time instrumentation |
| Honggfuzz | Multi-platform fuzzer | |
| Editing/manipulating executables | elf.h | Simply the header file <elf.h> |
| LIEF | Library to parse, modify and abstract executables | |
| CTF utilities | pwntools | CTF framework and exploit development library |
| Java & Android | APKtool | A tool for reverse engineering Android apk files |
| ByteCodeViewer | A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) | |
| Emulation | qemu | Generic and open source machine emulator and virtualizer |
| Unicorn | Multi-platform, multi-architecture CPU emulator framework (with python bindings) | |
| Hex editors | 010 Editor | Editor with several binary templates and analysis tools |
| Kaitai | Inspect and analyze files (has also a web IDE) | |
| Source code explorers | Sourcetrail | Source code explorer to get productive on unfamiliar source code |
| Forensics | ||
| Memory dumps | Volatility | Analyze volatile memory (RAM) samples |
| Binwalk | Tool for analyzing, reverse engineering, and extracting firmware image/td> | |
| GIMP | Can be used to extract RAW pictures from memory dumps | |
| The Sleuth Kit | Analyze disk images and recover files from them | |
| fsck | Check and repair Linux file systems | |
| Audio (and Waveforms-related) Forensic | Audacity | Inspect audio traces |
| Network Forensic | Network Miner | Regenerate/reassemble transmitted files and certificates from PCAP files |
| Wireshark | The world’s foremost and widely-used network protocol analyzer | |
| Scapy | Scapy is a powerful interactive packet manipulation and inspection program | |
| ZIP | brute_zlib | A simple script for brute-forcing zlib decompression (useful to extract data from corrupted archives) |
| Crypto | ||
| Libraries | cryptography | Python library with interfaces to common cryptographic algorithms |
| Misc | python-paddingoracle | A portable, padding oracle exploit API |
| HashPump | A tool to exploit the hash length extension attack | |
| RSAtool | Calculates RSA (p, q, n, d, e) and RSA-CRT (dP, dQ, qInv) parameters given either two primes (p, q) or modulus and private exponent (n, d) | |
| Networking | ||
| Hosts discovery | Nmap | Utility for network discovery and security auditing |
| Analyzing traffic and crafting packets | Wireshark | The world’s foremost and widely-used network protocol analyzer |
| Scapy | Scapy is a powerful interactive packet manipulation and inspection program | |
| Web | ||
| Web proxies | OWASP ZAP | Web proxy and security-testing framework |
| mitmproxy | A free and open source interactive HTTPS proxy | |