Here is some of my personal favourites.
- A guide to Linux Privilege Escalation
- Attack and Defend: LinuxPrivilege Escalation Techniques of 2016: This paper will examine Linux privilege escalation techniques used throughout 2016 in detail, highlighting how these techniques work and how adversaries are using them.
- Back To The Future: Unix Wildcards Gone Wild: This article will cover one interesting old-school Unix hacking technique, that will still work in 2013.
- Basic Linux Privilege Escalation: by g0tmi1k
- Enumeration is the Key: by Marcos Tolosa
- Hackers Hut: Some random hacking hints, mainly from a Linux point of view.
- Hacking Linux Part I: Privilege Escalation
- How privileges work in operating systems?
- Linux elevation of privileges ToC
- Linux - Privilege Escalation: Methodology from PayloadsAllTheThings
- Linux Privilege Escalation: an introduction to Linux escalation techniques, mainly focusing on file/process permissions, but along with some other stuff too.
- Linux Privilege Escalation: Linux Privilege Escalation by lamontns.
- Linux Privilege Escalation: by HackTricks
- Linux Privilege Escalation via Dynamically Linked Shared Object Library: How RPATH and Weak File Permissions can lead to a system compromise.
- Local Linux Enumeration & Privilege Escalation Cheatsheet: a few Linux commands that may come in useful when trying to escalate privileges on a target system.
- Local Linux Enumeration & Privilege Escalation: a few Linux commands that may come in useful when trying to escalate privileges on a target system.
- Local Linux privilege escalation overview: This article will give an overview of the basic Linux privilege escalation techniques. It separates the local Linux privilege escalation in different scopes: kernel, process, mining credentials, sudo, cron, NFS, and file permission.
- Penetration-Testing-Grimoire/Privilege Escalation/linux.md
- PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
- Pentest Book - Privilege Escalation: common Linux privilege escalation techniques.
- POST CATEGORY : Privilege Escalation: Privilege escalation post category in Raj Chandel’s Blog.
- Privilege Escalation Cheatsheet (Vulnhub): This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
- Privilege escalation: Linux
- Privilege Escalation & Post-Exploitation
- Reach the root! How to gain privileges in Linux?
- TTY Input Pushback Privilege Escalation: When user working as root switches to another user with su and happens to execute the pushback program as that user, the tty input data pushed back is executed in the shell and context of user root.
- Understanding Privilege Escalation: Some techniques malicious users employ to escalate their privileges on a Linux system.
- Breaking out of rbash using scp
- Escaping from Restricted Shell and Gaining Root Access to SolarWinds Log & Event Manager (SIEM) Product
- Escaping Restricted Linux Shells: Resource for penetration testers to assist them when confronted with a restricted shell.
- Linux Restricted Shell Bypass
- Restricted Linux Shell Escaping Techniques: The focus of this article is on discussing and summarizing different techniques to escape common Linux restricted shells and also simple recommendations for administrators to protect against it.
- Abusing SUDO: Some of the binary which helps you to escalate privilege using the sudo command.
- Gaining a Root shell using MySQL User Defined Functions and SETUID Binaries: How a MySQL User Defined Function (UDF) and a SETUID binary can be used to elevate user privilege to a root shell.
- GTFOBins: GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
- How I got root with Sudo
- Sudo (LD_PRELOAD): Privilege Escalation from an LD_PRELOAD environment variable.
- An Interesting Privilege Escalation vector (getcap/setcap)
- Exploiting capabilities: Parcel root power, the dark side of capabilities
- getcap, setcap and file capabilities
- Spicing up your own access with capabilities
- AutoLocalPrivilegeEscalation: An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically.
- BeRoot: BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
- exploit-suggester: This tool reads the output of “showrev -p” on Solaris machines and outputs a list of exploits that you might want to try.
is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as word writable files, misconfigurations, clear-text password and applicable
- kernelpop: kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation.
- LES: LES: Linux privilege escalation auditing tool
- LinEnum: Scripted local Linux enumeration & privilege escalation checks
- LinPEAS: Linux Privilege Escalation Awesome Script
- Linux Exploit Suggester 2: Next-generation exploit suggester based on Linux_Exploit_Suggester
- Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number.
- Linuxprivchecker.py: This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits.
- Linux Privilege Escalation Check Script: Originally forked from the linuxprivchecker.py (Mike Czumak), this script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as word writable files, misconfigurations, clear-text password and applicable exploits.
- linux-smart-enumeration: Linux enumeration tools for pentesting and CTFs
- linux-soft-exploit-suggester: linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation.
- PrivEsc: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- pspy: unprivileged Linux process snooping
- traitor: Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!
- unix-privesc-check: Shell script to check for simple privilege escalation vectors on Unix systems
- Unix-Privilege-Escalation-Exploits-Pack: Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
- uptux: Specialized privilege escalation checks for Linux systems.
- active-cve-check: Checks a list of packages against the “active” (not yet patched) CVE’s as listed in the Ubuntu CVE Tracker.
- Arch-Audit: A tool to check vulnerable packages in Arch Linux.
- cve-check-tool: Original Automated CVE Checking Tool.
- LPVS: Linux Package Vulnerability Scanner for CentOS and Ubuntu.
- Local root exploit in Chkrootkit: Security researchers have found an local exploit for Chkrootkit 0.49 who allow to a simple user to make root’s commands.
- Exploiting a Mis-Configured NFS Share
- Linux Privilege Escalation using Misconfigured NFS: How to exploit a misconfigured NFS share to gain root access to a remote host machine.
- NFS weak permissions
- Linux Privilege Escalation using weak NFS permissions: t Linux Privilege Escalation using weak NFS permissions in “/etc/exports”. by Haider Mahmood
- Linux privilege escalation for fun, profit, and all around mischief: Examine opportunities for privilege escalation that can vault you from zero to hero in a few easy steps.
- Linux Privilege Escalation - Tradecraft Security Weekly #22: Methodology for performing various privilege escalation techniques against Linux-based systems.
- Privilege Escalation FTW: Demonstrate various privilege escalation techniques that are possible primarily due to misconfigurations.
- LOLBAS: Living Off The Land Binaries and Scripts (and also Libraries)
- OSCP Windows PrivEsc - Part 1
- Privilege Escalation: There are also various other (local) exploits that can be used to also escalate privileges.
- Privilege Escalation Windows
- Privilege escalation: Windows
- Windows elevation of privileges ToC
- Windows Local Privilege Escalation: by HackTricks
- Windows Post Gather Modules: Metasploit offers a number of post exploitation modules that allow for further information gathering on your target network.
- Windows Priv Esc
- Windows Privilege Escalation Fundamentals
- Windows Privilege Escalation Guide
- Windows-Privilege-Escalation: Step-by-step windows privlege escalation methodology.
- Windows-Privilege-Escalation-Resources: Compilation of Resources from TCM’s Windows Priv Esc Udemy Course. By Gr1mmie
- Windows - Privilege Escalation
- Windows Privilege Escalation
- Windows Privilege Escalation: Windows Privilege Escalation by lamontns.
- Windows Privilege Escalations
- DLL Hijacking: DLL Search Order Hijacking for privilege escalation, code execution, etc. by Red Teaming Experiments
- DLL Hijacking: by PentestLab
- DLL Search Order Hijacking: by MITRE
- PrivEsc: DLL Hijacking
- Windows Privilege Escalation via DLL Hijacking: Crystal-clear view on one of the most used techniques for privilege escalation by the Threat Actors. by HacknPentest
- Hot Potato: Hot potato is the code name of a Windows privilege escalation technique that was discovered by Stephen Breen. This technique is actually a combination of two known windows issues like NBNS spoofing and NTLM relay with the implementation of a fake WPAD proxy server which is running locally on the target host.
- Hot Potato: Windows 7, 8, 10, Server 2008, Server 2012 Privilege Escalation in Metasploit & PowerShell.
- Hot Potato – Windows Privilege Escalation: Privilege Escalation on Windows 7, 8, 10, Server 2008, Server 2012 … and a new network attack.
- Juicy Potato (abusing the golden privileges)
- No more JuicyPotato? Old story, welcome RoguePotato!: by decoder_it and splinter_code/antonioCoco
- Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM
- Practical Guide to exploiting the unquoted service path vulnerability in Windows
- PrivEsc: Unquoted Service Path
- Unquoted Service Path
- UNQUOTED SERVICE PATHS
- Windows Privilege Escalation — Part 1 (Unquoted Service Path)
- Windows Privilege Escalation – Unquoted Services
- Windows Privilege Escalation via Unquoted Service Paths
- Finding Passwords in SYSVOL & Exploiting Group Policy Preferences
- gpp-decrypt Package Description: A simple ruby script that will decrypt a given GPP encrypted string.
- JAWS - Just Another Windows (Enum) Script: JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so ‘should’ run on every Windows version since Windows 7.
- juicy-potato: A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
- Potato: Potato Privilege Escalation on Windows 7, 8, 10, Server 2008, Server 2012.
- PowerSploit: PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
- PrivescCheck: Enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation, by itm4n
- RoguePotato: Another Windows Local Privilege Escalation from Service Account to System by splinter_code/antonioCoco
- RottenPotato: RottenPotato local privilege escalation from service account to SYSTEM. (No longer maintained)
- RottenPotatoNG: New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
- Seatbelt: Project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives.
- SessionGopher: SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools.
- Sherlock: PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. (Deprecated)
- SweetPotato: Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019 by CCob
- Tater: Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.
- Watson: Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
- WindowsEnum: A Powershell Privilege Escalation Enumeration Script.
- Windows-Exploit-Suggester: This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. By AonCyberLabs
- Windows Exploit Suggester - Next Generation (WES-NG): WES-NG is a tool based on the output of Windows’ systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported. By bitsadmin
- windows-privesc-check: Standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
- winPEAS: Windows Privilege Escalation Awesome Scripts
- WinPwnage: UAC bypass, Elevate, Persistence and Execution methods. The goal of this repo is to study the Windows penetration techniques.
- Level Up! Practical Windows Privilege Escalation - Andrew Smith
- Level Up! - Practical Windows Privilege Escalation (Presentation Slides)
- SANS Webcast: Pen Testing with PowerShell - Local Privilege Escalation Techniques
- Windows Privilege Escalation Techniques (Local) - Tradecraft Security Weekly #2
- Windows Privilege Escalation Unquoted Service - Part 1
- Windows Privilege Escalation Unquoted Service - Part 2
- Windows Privilege Escalation Unquoted Service - Part 3
- Awesome-Hacking-Resources (Privilege escalation section): A collection of hacking / penetration testing resources to make you better!
- Metasploit Local Exploit Suggester: Do Less, Get More!
- My 5 Top Ways to Escalate Privileges: Bruno Oliveira’s top 5 favorite ways for accomplishing privilege escalation in the most practical ways possible.
- Privilege Escalation: Privilege Escalation category by pentestlab.blog
- Recipe for Root: Your Cookbook for Privilege Escalation
- Windows / Linux Local Privilege Escalation Workshop
- Container security notes
- Dirty COW - (CVE-2016-5195) - Docker Container Escape
- Docker security checklist
- Don’t expose the Docker socket (not even to a container)
- Escaping Containers to Execute Commands on Play with Docker Servers
- Escaping Docker container using waitid() – CVE-2017-5123
- Escaping the Whale: Things you probably shouldn’t do with Docker (Part 1)
- Hack Allows Escape of Play-with-Docker Containers
- Hacking Docker the Easy way
- CDK: CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency.
- Deepce: Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
- Dokcer-escape-tool: This tool will help identify if you’re in a Docker container and try some quick escape techniques to help assess the security of your containers.
- PrivilegedDockerEscape: A bash script to create an interactive shell from a privileged docker container to the container host
- AWS-IAM-Privilege-Escalation: A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
- Pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. By RhinoSecurityLabs.
- Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments: Very deep-dive into manual post-exploitation tactics and techniques for GCP.
- GCP-IAM-Privilege-Escalation: IAM Privilege Escalation in GCP by RhinoSecurity.
- GCPBucketBrute: A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. By RhinoSecurity.
Tools used for creating CTF challenges
- Kali Linux CTF Blueprints - Online book on building, testing, and customizing your own Capture the Flag challenges.
Tools used for creating Forensics challenges
- Dnscat2 - Hosts communication through DNS.
- Kroll Artifact Parser and Extractor (KAPE) - Triage program.
- Magnet AXIOM - Artifact-centric DFIR tool.
- Registry Dumper - Dump your registry.
Projects that can be used to host a CTF
- CTFd - Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.
- echoCTF.RED - Develop, deploy and maintain your own CTF infrastructure.
- FBCTF - Platform to host Capture the Flag competitions from Facebook.
- Haaukins- A Highly Accessible and Automated Virtualization Platform for Security Education.
- HackTheArch - CTF scoring platform.
- Mellivora - A CTF engine written in PHP.
- MotherFucking-CTF - Badass lightweight plaform to host CTFs. No JS involved.
- NightShade - A simple security CTF framework.
- OpenCTF - CTF in a box. Minimal setup required.
- PicoCTF - The platform used to run picoCTF. A great framework to host any CTF.
- PyChallFactory - Small framework to create/manage/package jeopardy CTF challenges.
- RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager).
- Scorebot - Platform for CTFs by Legitbs (Defcon).
- SecGen - Security Scenario Generator. Creates randomly vulnerable virtual machines.
Tools used to create stego challenges
Check solve section for steganography.
Tools used for creating Web challenges
Tools used for solving CTF challenges
Tools used for performing various kinds of attacks
- Bettercap - Framework to perform MITM (Man in the Middle) attacks.
- Yersinia - Attack various protocols on layer 2.
Tools used for solving Crypto challenges
- CyberChef - Web app for analysing and decoding data.
- FeatherDuster - An automated, modular cryptanalysis tool.
- Hash Extender - A utility tool for performing hash length extension attacks.
- padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
- PkCrack - A tool for Breaking PkZip-encryption.
- QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
- RSACTFTool - A tool for recovering RSA private key with various attack.
- RSATool - Generate private key with knowledge of p and q.
- XORTool - A tool to analyze multi-byte xor cipher.
Tools used for various kind of bruteforcing (passwords etc.)
- Hashcat - Password Cracker
- Hydra - A parallelized login cracker which supports numerous protocols to attack
- John The Jumbo - Community enhanced version of John the Ripper.
- John The Ripper - Password Cracker.
- Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Ophcrack - Windows password cracker based on rainbow tables.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design.
- Turbo Intruder - Burp Suite extension for sending large numbers of HTTP requests
Tools used for solving Exploits challenges
- DLLInjector - Inject dlls in processes.
- libformatstr - Simplify format string exploitation.
- Metasploit - Penetration testing software.
- one_gadget - A tool to find the one gadget
execve('/bin/sh', NULL, NULL)call.
gem install one_gadget
- Pwntools - CTF Framework for writing exploits.
- Qira - QEMU Interactive Runtime Analyser.
- ROP Gadget - Framework for ROP exploitation.
- V0lt - Security CTF Toolkit.
Tools used for solving Forensics challenges
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
apt-get install aircrack-ng
- Audacity - Analyze sound files (mp3, m4a, whatever).
apt-get install audacity
- Bkhive and Samdump2 - Dump SYSTEM and SAM files.
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor.
- Creddump - Dump windows credentials.
- DVCS Ripper - Rips web accessible (distributed) version control systems.
- Exif Tool - Read, write and edit file metadata.
- Extundelete - Used for recovering lost data from mountable images.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Foremost - Extract particular kind of files using headers.
apt-get install foremost
- Fsck.ext4 - Used to fix corrupt filesystems.
- Malzilla - Malware hunting tool.
- NetworkMiner - Network Forensic Analysis Tool.
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
apt-get install pngcheck
- ResourcesExtract - Extract various filetypes from exes.
- Shellbags - Investigate NT_USER.dat files.
- Snow - A Whitespace Steganography Tool.
- USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Volatility - To investigate memory dumps.
- Wireshark - Used to analyze pcap or pcapng files
- OfflineRegistryView - Simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format.
- Registry Viewer® - Used to view Windows registries.
Tools used for solving Networking challenges
- Masscan - Mass IP port scanner, TCP port scanner.
- Monit - A linux tool to check a host on the network (and other non-network activities).
- Nipe - Nipe is a script to make Tor Network your default gateway.
- Nmap - An open source utility for network discovery and security auditing.
- Wireshark - Analyze the network dumps.
apt-get install wireshark
- Zeek - An open-source network security monitor.
- Zmap - An open-source network scanner.
Tools used for solving Reversing challenges
- Androguard - Reverse engineer Android applications.
- Angr - platform-agnostic binary analysis framework.
- Apk2Gold - Yet another Android decompiler.
- ApkTool - Android Decompiler.
- Barf - Binary Analysis and Reverse engineering Framework.
- Binary Ninja - Binary analysis framework.
- BinUtils - Collection of binary tools.
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C.
- ctf_import – run basic functions from stripped binaries cross platform.
- cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
- demovfuscator - A work-in-progress deobfuscator for movfuscated binaries.
- Frida - Dynamic Code Injection.
- GDB - The GNU project debugger.
- GEF - GDB plugin.
- Ghidra - Open Source suite of reverse engineering tools. Similar to IDA Pro.
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux.
- IDA Pro - Most used Reversing software.
- Jadx - Decompile Android files.
- Java Decompilers - An online decompiler for Java and Android APKs.
- Krakatau - Java decompiler and disassembler.
- Objection - Runtime Mobile Exploration.
- PEDA - GDB plugin (only python2.7).
- Pin - A dynamic binary instrumentaion tool by Intel.
- PINCE - GDB front-end/reverse engineering tool, focused on game-hacking and automation.
- PinCTF - A tool which uses intel pin for Side Channel Analysis.
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- radare2 - A portable reversing framework.
- Triton - Dynamic Binary Analysis (DBA) framework.
- Uncompyle - Decompile Python 2.7 binaries (.pyc).
- WinDbg - Windows debugger distributed by Microsoft.
- Xocopy - Program that can copy executables with execute, but no read permission.
- Z3 - A theorem prover from Microsoft Research.
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Swftools - Collection of utilities to work with SWF files.
- Xxxswf - A Python script for analyzing Flash files.
Various kind of useful services available around the internet
- CSWSH - Cross-Site WebSocket Hijacking Tester.
- Request Bin - Lets you inspect http requests to a particular url.
Tools used for solving Steganography challenges
- AperiSolve - Aperi’Solve is a platform which performs layer analysis on image (open-source).
- Convert - Convert images b/w formats and apply filters.
- Exif - Shows EXIF information in JPEG files.
- Exiftool - Read and write meta information in files.
- Exiv2 - Image metadata manipulation tool.
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- ImageMagick - Tool for manipulating images.
- Outguess - Universal steganographic tool.
- Pngtools - For various analysis related to PNGs.
apt-get install pngtools
- SmartDeblur - Used to deblur and fix defocused images.
- Steganabara - Tool for stegano analysis written in Java.
- SteganographyOnline - Online steganography encoder and decoder.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- StegCracker - Steganography brute-force utility to uncover hidden data inside files.
- stegextract - Detect hidden files and text in images.
- Steghide - Hide data in various kind of images.
- StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
- Stegsolve - Apply various steganography techniques to images.
- Zsteg - PNG/BMP analysis.
Tools used for solving Web challenges
- BurpSuite - A graphical tool to testing website security.
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Hackbar - Firefox addon for easy web exploitation.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests.
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
- SQLMap - Automatic SQL injection and database takeover tool.
pip install sqlmap
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor.
Where to discover about CTF
Penetration testing and security lab Operating Systems
- Android Tamer - Based on Debian.
- BackBox - Based on Ubuntu.
- BlackArch Linux - Based on Arch Linux.
- Fedora Security Lab - Based on Fedora.
- Kali Linux - Based on Debian.
- Parrot Security OS - Based on Debian.
- Pentoo - Based on Gentoo.
- URIX OS - Based on openSUSE.
- Wifislax - Based on Slackware.
Malware analysts and reverse-engineering
Collections of installer scripts, useful tools
- CTF Tools - Collection of setup scripts to install various security research tools.
- LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
Tutorials to learn how to play CTFs
- CTF Field Guide - Field Guide by Trails of Bits.
- CTF Resources - Start Guide maintained by community.
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
- Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.
- IppSec - Video tutorials and walkthroughs of popular CTF platforms.
- LiveOverFlow - Video tutorials on Exploitation.
- MIPT CTF - A small course for beginners in CTFs (in Russian).
Always online CTFs
- Backdoor - Security Platform by SDSLabs.
- Crackmes - Reverse Engineering Challenges.
- CryptoHack - Fun cryptography challenges.
- echoCTF.RED - Online CTF with a variety of targets to attack.
- Exploit Exercises - Variety of VMs to learn variety of computer security issues.
- Exploit.Education - Variety of VMs to learn variety of computer security issues.
- Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
- Hack The Box - Weekly CTFs for all types of security enthusiasts.
- Hack This Site - Training ground for hackers.
- Hacker101 - CTF from HackerOne
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- IO - Wargame for binary challenges.
- Microcorruption - Embedded security CTF.
- Over The Wire - Wargame maintained by OvertheWire Community.
- PentesterLab - Variety of VM and online challenges (paid).
- PicoCTF - All year round ctf game. Questions from the yearly picoCTF competition.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Pwnable.xyz - Binary Exploitation Wargame.
- Reversin.kr - Reversing challenge.
- Ringzer0Team - Ringzer0 Team Online CTF.
- Root-Me - Hacking and Information Security learning platform.
- ROP Wargames - ROP Wargames.
- SANS HHC - Challenges with a holiday theme
released annually and maintained by SANS.
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
- VulnHub - VM-based for practical in digital security, computer application & network administration.
- W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
- WebHacking - Hacking challenges for web.
- Damn Vulnerable Web Application - PHP/MySQL web application that is damn vulnerable.
- Juice Shop CTF - Scripts and tools for hosting a CTF on OWASP Juice Shop easily.
Various general websites about and on CTF
- Awesome CTF Cheatsheet - CTF Cheatsheet.
- CTF Time - General information on CTF occuring around the worlds.
- Reddit Security CTF - Reddit CTF category.
Various Wikis available for learning about CTFs
- Bamboofox - Chinese resources to learn CTF.
- bi0s Wiki - Wiki from team bi0s.
- CTF Cheatsheet - CTF tips and tricks.
- ISIS Lab - CTF Wiki by Isis lab.
- OpenToAll - CTF tips by OTA CTF team members.
Collections of CTF write-ups
- 0e85dc6eaf - Write-ups for CTF challenges by 0e85dc6eaf
- Captf - Dumped CTF challenges and materials by psifertex.
- CTF write-ups (community) - CTF challenges + write-ups archive maintained by the community.
- CTFTime Scrapper - Scraps all writeup from CTF Time and organize which to read first.
- HackThisSite - CTF write-ups repo maintained by HackThisSite team.
- Mzfr - CTF competition write-ups by mzfr
- pwntools writeups - A collection of CTF write-ups all using pwntools.
- SababaSec - A collection of CTF write-ups by the SababaSec team
- Shell Storm - CTF challenge archive maintained by Jonathan Salwan.
- Smoke Leet Everyday - CTF write-ups repo maintained by SmokeLeetEveryday team.