Ctf
Gekko Geko / June 2023 (517 Words, 3 Minutes)
Some ctf and cyber security stuff
List
- Amass
- Crackstation
- CyberChef
- Dirstalk
- Docker TOR Hidden Service
- FeroxBuster
- GTFObins
- Nishang
- Offensive Docker
- PEASS-ng
- Pwncat
- Reconftw
- RevShells
- Snoopy
- TORdock
- The PenTesters Framework
- Try It Online
- UDP Reverse Shells
- Wordlists
Amass
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Crackstation
CrackStation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash. If the hash is present in the database, the password can be recovered in a fraction of a second.
CyberChef
CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
Dirstalk
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb.
Docker Tor Hidden Service
Establish a onion website with docker.
FeroxBuster
Feroxbuster uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, etc…
GTFObins
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Nishang
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming.
PEASS-ng
Privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.
Offensive Docker
Offensive Docker is an image with the more used tools to create an pentest environment easily and quickly.
Pwncat
Pwncat is a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target.
Reconftw
reconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
RevShells
Reverse Shell Generator.
Snoopy
Snoopy is a small library that logs all program executions on your Linux/BSD system.
TORdock
Containerized Tor SOCKS5.
The PenTesters Framework
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine.
Try It Online
TIO is a family of online interpreters for an evergrowing list of practical and recreational programming languages.
UDP Reverse Shells
UDP reverse shells for *nix systems written in C.
Wordlists
SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.