CTF Tooling

Stego

Repository	Description
https://330k.github.io/misc_tools/unicode_steganography.html	zero width space stego
https://offdev.net/demos/zwsp-steg-js	zero width space stego
https://neatnik.net/steganographr/	zero width space stego
AperiSolve	online platform which performs layer analysis on image
steghide	steganography program that is able to hide data in various kinds of image
stegseek	steghide bruteforce
https://georgeom.net/StegOnline/upload	A web-based, enhanced and open-source port of StegSolve
zsteg	detect stegano-hidden data in PNG & BMP
jsteg	JPEG steganography

Cryptography

Repository	Description
RsaCtfTool	RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
Ciphey	Automatically decrypt encryptions without knowing the key or cipher, decode encodings
CyberChef	The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Remorse	MORSE bruteforce if you don’t know where spacing goes
https://dtmf.netlify.app/	DTMF decoder (Multitap, T9)
https://morsecode.world/international/decoder/audio-decoder-adaptive.html	Morse (audio) to text
https://www.dcode.fr/	GOAT of ciphers
https://quipqiup.com/	auto solve substitution ciphers

Forensics

Repository	Description
NTLMRawUnhide.py	Extract NTLMv2 hashes from a pcap
ospf.py	Extract OSPF hashes from a pcap
volatility3	An advanced memory forensics framework
magika	Detect file content types with deep learning
Wireshark	The world’s most popular network protocol analyzer
Imhex	Hex Editor with patterns
Autopsy	digital forensics platform and graphical interface for disk images
pkcrack	Crack ZIP archive passwords being on known plain-text

Web Exploitation

Repository	Description
Arachni	Web Application Security Scanner Framework
burpsuite	Full web testing suite, including proxied requests
Caido	Like Burp but written in Rust
dirb	Web application directory/file fuzzer to find other pages or files worth looking at.
dotGit	A Firefox and Chrome extension that shows you if there is an exposed `.git` directory
feroxbuster	Web application directory/file fuzzer to find other pages or files worth looking at. Written in Rust.
flask-unsign	Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application
gobuster	Web application directory/file fuzzer to find other pages or files worth looking at. Also supports DNS busting (such as subdomains). Written in Go.
Nikto	Web server scanner to perform security checks on a web server.
nosqlmap	Like sqlmap, but for NoSQL.
PayloadsAllTheThings	Useful payloads for a variety of attacks such as SQLi, IDOR, XSS, etc.
sqlmap	Performs automated SQL injection tests on GET and POST requests.
w3af	Web application attack and audit framework.
wappalyzer	Identify what frameworks a website runs
wpscan	Automatic WordPress scanner to identify information about a WordPress site and possible vulnerabilities.