This repository is a place where I want to keep all the useful resources/websites/tools to solve CTF challenges. All the tools will be divided by category, in order to have a better organization.
This repo is for me but also for my CTF team, and why not for whoever will get to this page.
It will contain even some "obvious" links, like the ASCII table and so on, because it is a page indended to be kept open during CTFs: you never know what will come in handy!
A list of useful websites to train our skills and knowledge.
- John Hammond - Katana: huge repo of very useful CTF tools, thank you John, my repo now looks useless
- Cyberchef: huge tool to perform every type of calculation of any category
- Hex Editor: online hex editor for files
- Online Converter: ASCII/Hex/Dec/Bin/b64 converter tool online
- XOR Calculator
- Resource Saver: Chrome extension to download all the res of a website
- Github Secrets: search for dangling or force-pushed commits in a Github repo
- Zip Password Cracker: a realy useful and free online zip password finder
- Regex Check: check regular expressions online
- dCode: crypto heaven
- QuipQuip: online substitution cipher solver with frequency analysis, also allows to insert frequency hints
- Big Numbers Calculator 1: an online calculator for huge integers
- Big Numbers Calculator 2: an online calculator for huge integers, worse UI but maybe better performance
- RSA Calculator: online RSA parameters calculator with encryption/decryption, works also with big numbers
- Inverse mod N Calculator: compute the modular inverse of a number, even with big numbers
- RsaCtfTool: Python tool to perform RSA attacks
- FactorDB: find well-known integer factorization
- CrackStation: online hash cracker (md5, sha, ...)
- Vigenere Solver: very good online Vigenere Cipher solver with bruteforce
- Substitution Solver: very good online Substitution Cipher solver with bruteforce
- Sage Math: online Sage environment to perform Crypto calculations
- Crunch: Linux tool to create custom dictionaries for attacks (hash, pd, ..)
- Online Hash Crack: big website to perform hash/pwd cracking and identification on various files
- Hash Identifier: Linux tool to perform hash identification
- Morse Code Translator
- Dual Tone Decoder: find DTMF tones within audio clips
- gmpy2: Python library for multiple-precision arithmetic
- Weird Ciphers: a list of some strange cryptography algorithms
- Symbolic Ciphers: another list of strange cryptography algorithms
- Aperi'Solve: one of the best online tools, with static analysis and also running zsteg, steghide, exiftool, binwalk, foremost, ..
- StegOnline: big stego tool, upload image and modify/extract data
- Stegsolve: JAR file to view hidden text in images
- Steg 1: online encoder/decoder of files in images
- Steg 2: online encoder/decoder of files in images, maybe more powerful
- Images Color picker: get colors from websites/images in Hex/RGB
- Stegseek: lightning fast steghide cracker that can be used to extract hidden data from files.
- CSP Evaluator: Google CSP evaluator with bypass possibilities
- Subdomain Finder: website to find subdomains of URLs, even hidden ones
- Google Certificates: search certificates of a website by domain
- Traversal Archives: samples of archive files in various formats that attempt to exploit (hypothetical) directory travesal bugs
- CSP Cheatsheet: list of CSPs and relative bypass possibilities
- JSONP Endpoints: list of well-known JSONP Endpoints
- Web Payloads: list of Web Payloads of various techniques
- Syscall Reference: x86 / x64 syscalls manual with registers value
- Asm/Disasm: online x86 / x64 assembler and disassembler
- LibC Check: find all the possible libc versions with symbol name and entry address
- BinaryNinja: online binary file decompiler
- DogBolt: online binary file decompiler with different options like Ghidra and BinaryNinja
- Forensically: online forensic analysis tool to extract cool data from images, ..
- Autopsy: file recovery tool with data carving, ..
- Foremost: file recovery tool based on their magic bytes, headers, ..
- Mail from LinkedIn: Chrome extension to find email addresses from Linkedin page
- Wayback Machine: webpage archive at a certain time
- Sherlock: hunt down social media accounts by username
- Email lookup: tool to retrieve information linked to an email address
- Online Decompiler: online tool to decompile Java classes, APKs,...
- MobSF: tool to decompile and reverse APK files
- JADX: tools for producing Java source code from Android Dex and APK files
- NB: strings is useful also on APK files