ctf-tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn’t a hard problem, but it’s really nice to have them in one place that’s easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.

Installers for the following tools are included:

Category	Source	Tool	Description
binary	Directory	afl	State-of-the-art fuzzer.
binary	Directory	angr	Next-generation binary analysis engine from Shellphish.
binary	Directory	barf	Binary Analysis and Reverse-engineering Framework.
binary	Directory	bindead	A static analysis tool for binaries.
binary	Library	capstone	Multi-architecture disassembly framework.
binary	Directory	checksec	Check binary hardening settings.
binary	Directory	codereason	Semantic Binary Code Analysis Framework.
binary	Directory	crosstool-ng	Cross-compilers and cross-architecture tools.
binary	Directory	cross2	A set of cross-compilation tools from a Japanese book on C.
binary	Directory	elfkickers	A set of utilities for working with ELF files.
binary	Directory	elfparser	Quickly determine the capabilities of an ELF binary through static analysis.
binary	Directory	evilize	Tool to create MD5 colliding binaries
binary	Directory	gdb	Up-to-date gdb with python2 bindings.
binary	Directory	gdb-heap	gdb extension for debugging heap issues.
binary	Directory	gef	Enhanced environment for gdb.
binary	Directory	hongfuzz	A general-purpose, easy-to-use fuzzer with interesting analysis options.
binary	Library	keystone	Lightweight multi-architecture assembler framework.
binary	Directory	libheap	gdb python library for examining the glibc heap (ptmalloc)
binary	Library	lief	Library to Instrument Executable Formats.
binary	Directory	miasm	Reverse engineering framework in Python.
binary	Directory	one_gadget	Magic gadget search for libc.
binary	Directory	panda	Platform for Architecture-Neutral Dynamic Analysis.
binary	Directory	pathgrind	Path-based, symbolically-assisted fuzzer.
binary	Directory	peda	Enhanced environment for gdb.
binary	Directory	preeny	A collection of helpful preloads (compiled for many architectures!).
binary	Directory	pwndbg	Enhanced environment for gdb. Especially for pwning.
binary	Directory	pwntools	Useful CTF utilities.
binary	Directory	python-pin	Python bindings for pin.
binary	Directory	qemu	Latest version of qemu!
binary	Directory	qira	Parallel, timeless debugger.
binary	Directory	radare2	Some crazy thing crowell likes.
binary	Directory	rappel	A linux-based assembly REPL.
binary	Directory	ropper	Another gadget finder.
binary	Directory	rp++	Another gadget finder.
binary	Directory	rr	Record and Replay Debugging Framework
binary	Directory	scratchabit	Easily retargetable and hackable interactive disassembler
binary	Directory	scratchablock	Yet another crippled decompiler project
binary	Directory	seccomp-tools	Provides powerful tools for seccomp analysis
binary	Directory	shellnoob	Shellcode writing helper.
binary	Directory	shellsploit	Shellcode development kit.
binary	Directory	snowman	Cross-architecture decompiler.
binary	Directory	taintgrind	A valgrind taint analysis tool.
binary	Library	unicorn	Multi-architecture CPU emulator framework.
binary	Directory	valgrind	A Dynamic Binary Instrumentation framework with some built-in tools.
binary	Directory	villoc	Visualization of heap operations.
binary	Directory	virtualsocket	A nice library to interact with binaries.
binary	Directory	wcc	The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
binary	Directory	xrop	Gadget finder.
binary	Directory	manticore	Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.
forensics	Directory	binwalk	Firmware (and arbitrary file) analysis tool.
forensics	Directory	dislocker	Tool for reading Bitlocker encrypted partitions.
forensics	Directory	exetractor	Unpacker for packed Python executables. Supports PyInstaller and py2exe.
forensics	Directory	firmware-mod-kit	Tools for firmware packing/unpacking.
forensics	apt	foremost	File carver.
forensics	Directory	pdf-parser	Tool for digging in PDF files
forensics	Directory	peepdf	Powerful Python tool to analyze PDF documents.
forensics	Directory	scrdec	A decoder for encoded Windows Scripts.
forensics	Directory	testdisk	Testdisk and photorec for file recovery.
crypto	Library	codext	Python codecs extension featuring CLI tools for encoding/decoding anything including AI-based guessing mode.
crypto	Directory	cribdrag	Interactive crib dragging tool (for crypto).
crypto	Directory	fastcoll	An md5sum collision generator.
crypto	Directory	foresight	A tool for predicting the output of random number generators. To run, launch “foresee”.
crypto	Directory	featherduster	An automated, modular cryptanalysis tool.
crypto	Directory	galois	A fast galois field arithmetic library/toolkit.
crypto	Directory	hashkill	Hash cracker.
crypto	Directory	hashpump	A tool for performing hash length extension attaacks.
crypto	Directory	hashpump-partialhash	Hashpump, supporting partially-unknown hashes.
crypto	Directory	hash-identifier	Simple hash algorithm identifier.
crypto	Directory	libc-database	Build a database of libc offsets to simplify exploitation.
crypto	Directory	littleblackbox	Database of private SSL/SSH keys for embedded devices.
crypto	Directory	msieve	Msieve is a C library implementing a suite of algorithms to factor large integers.
crypto	Directory	nonce-disrespect	Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.
crypto	Directory	pemcrack	SSL PEM file cracker.
crypto	Directory	pkcrack	PkZip encryption cracker.
crypto	Directory	python-paddingoracle	Padding oracle attack automation.
crypto	Directory	reveng	CRC finder.
crypto	Directory	ssh_decoder	A tool for decoding ssh traffic. You will need `ruby1.8` from `https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng` to run this. Run with `ssh_decoder --help` for help, as running it with no arguments causes it to crash.
crypto	Directory	sslsplit	SSL/TLS MITM.
crypto	Directory	xortool	XOR analysis tool.
crypto	Directory	yafu	Automated integer factorization.
web	Directory	burpsuite	Web proxy to do naughty web stuff.
web	Directory	commix	Command injection and exploitation tool.
web	Directory	dirb	Web path scanner.
web	Directory	dirsearch	Web path scanner.
web	Directory	mitmproxy	CLI Web proxy and python library.
web	Directory	sqlmap	SQL injection automation engine.
web	Directory	subbrute	A DNS meta-query spider that enumerates DNS records, and subdomains.
web	Library	webgrep	`grep` for Web pages, with JS deobfuscation, CSS unminifying and OCR on images.
stego	apt	pngtools	PNG’s analysis tool.
stego	Directory	sound-visualizer	Audio file visualization.
stego	Directory	steganabara	Another image stenography solver.
stego	Directory	stegano-tools	A collection of text and image steganography tools (incl LSB, PVD, PIT).
stego	Directory	stegdetect	Stenography detection/breaking tool.
stego	Docker	stego-toolkit	A docker image with dozens of steg tools.
stego	Directory	stegsolve	Image stenography solver.
stego	Directory	stegosaurus	A steganography tool for embedding arbitrary payloads in Python bytecode (pyc or pyo) files.
stego	Directory	zsteg	detect stegano-hidden data in PNG & BMP.
dsniff	apt	dsniff	Grabs passwords and other data from pcaps/network streams.
android	Directory	apktool	Dissect, dis-assemble, and re-pack Android APKs
android	Directory	android-sdk	The android SDK (adb, emulator, etc).
misc	Directory	xspy	Tiny tool to spy on X sessions.
misc	Directory	z3	Theorem prover from Microsoft Research.
misc	Directory	jdgui	Java decompiler.
misc	Directory	veles	Binary data analysis and visualization tool.
misc	Directory	youtube-dl	Latest version of the popular youtube downloader.

There are also some installers for non-CTF stuff to break the monotony!

Category	Tool	Description
C magic	C-bind	A library used to enable function binding in C!
game	Dwarf Fortress	Something to help you relax after a CTF!
pyvmmonitor	pyvmmonitor	PyVmMonitor is a profiler with a simple goal: being the best way to profile a Python program.
library collection	single_file_libs	A large collection of useful single file include libraries written for C/C++
dolphin	sudolphin	If your friend ever leaves their laptop unlocked, `curl -sSL sh.sudolph.in \| sh` then wait and see!
tor-browser	tor-browser	Useful when you need to hit a web challenge from different IPs.

Usage

To use, do:

# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc

# list the available tools
manage-tools list

# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb

# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools

# install qemu, but use "nice" to avoid degrading performance during compilation
manage-tools -n install qemu

# uninstall gdb
manage-tools uninstall gdb

# uninstall all tools
manage-tools uninstall all

# search for a tool
manage-tools search preload

Where possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall). One exception to this are python tools, which are installed using the pip package manager if possible. A ctftools virtualenv is created during the manage-tools setup command and can be accessed using the command workon ctftools.

Help!

Something not working? I didn’t write (almost) any of these tools, but hit up #ctf-tools on freenode if you’re desperate. Maybe some kind soul will help!

Docker (version 1.7+)

By popular demand, a Dockerfile has been included. You can build a docker image with:

git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools .

And run it with:

docker run -it ctf-tools

The built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).

Alternatively, you can also pull ctf-tools (with some tools preinstalled) from dockerhub:

docker run -it zardus/ctf-tools

Vagrant

You can build a Vagrant VM with:

wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant plugin install vagrant-vbguest
vagrant up

And connect to it via:

vagrant ssh

Kali Linux

Kali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. AFL and Panda comes to mind, in fact any tool that uses QEMU 2.30 will probably fail during compilation under Kali. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali’s tools being broken, or running another distribution separately such as Ubuntu.

Most tools aren’t affected though.

Adding Tools

To add a tool (say, named toolname), do the following:

Create a toolname directory.
Create an install script.
(optional) if special uninstall steps are required, create an uninstall script.

Install Scripts

The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible. Ideally, full uninstallation should be possible with a git clean.

The install script should create a bin directory and put its executables there. These executables will be automatically linked into the main bin directory for the repo. They could be launched from any directory, so don’t make assumptions about the location of $0!

License

The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).

Good luck!