This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly, the results can be found on the build status page.
Installers for the following tools are included:
| Category | Source | Tool | Description |
|---|---|---|---|
| stego | apt | pngtools | PNG's analysis tool. |
| stego | Directory | sound-visualizer | Audio file visualization. |
| stego | Directory | steganabara | Another image stenography solver. |
| stego | Directory | stegdetect | Stenography detection/breaking tool. |
| stego | Docker | stego-toolkit | A docker image with dozens of steg tools. |
| stego | Directory | stegsolve | Image stenography solver. |
| stego | Directory | stegosaurus | A steganography tool for embedding arbitrary payloads in Python bytecode (pyc or pyo) files. |
| stego | Directory | zsteg | detect stegano-hidden data in PNG & BMP. |
This repository contains a fork of the original ctf-tools. It was made a long time ago, and contains a lot of tools that do not reflect the current state of the art.
This fork is based on The Flat Network Society's experience with modern CTF. It contains only tools that are used to solve challenges in 2020.
To use, do:
# set up the path
/path/to/ctf-tools/bin/manage-tools setup
source ~/.bashrc
# list the available tools
manage-tools list
# install gdb, allowing it to try to sudo install dependencies
manage-tools -s install gdb
# install pwntools, but don't let it sudo install dependencies
manage-tools install pwntools
# install qemu, but use "nice" to avoid degrading performance during compilation
manage-tools -n install qemu
# uninstall gdb
manage-tools uninstall gdb
# uninstall all tools
manage-tools uninstall all
# search for a tool
manage-tools search preloadWhere possible, the tools keep the installs very self-contained (i.e., in to tool/ directory), and most uninstalls are just calls to git clean (NOTE, this is NOT careful; everything under the tool directory, including whatever you were working on, is blown away during an uninstall).
One exception to this are python tools, which are installed using the pip
package manager if possible. A ctftools virtualenv is created during the
manage-tools setup command and can be accessed using the command
workon ctftools.
Something not working? I didn't write (almost) any of these tools, but hit up #ctf-tools on freenode if you're desperate. Maybe some kind soul will help!
By popular demand, a Dockerfile has been included. You can build a docker image with:
git clone https://github.com/zardus/ctf-tools
cd ctf-tools
docker build -t ctf-tools .And run it with:
docker run -it ctf-toolsThe built image will have ctf-tools cloned and ready to go, but you will still need to install the tools themselves (see above).
Alternatively, you can also pull ctf-tools (with some tools preinstalled) from dockerhub:
docker run -it zardus/ctf-toolsYou can build a Vagrant VM with:
wget https://raw.githubusercontent.com/zardus/ctf-tools/master/Vagrantfile
vagrant plugin install vagrant-vbguest
vagrant upAnd connect to it via:
vagrant sshKali Linux (Sana and Rolling), due to manually setting certain libraries to not use the latest version available (sometimes being out of date by years) causes some tools to not install at all, or fail in strange ways. AFL and Panda comes to mind, in fact any tool that uses QEMU 2.30 will probably fail during compilation under Kali. Overriding these libraries breaks other tools included in Kali so your only solution is to either live with some of Kali's tools being broken, or running another distribution separately such as Ubuntu.
Most tools aren't affected though.
To add a tool (say, named toolname), do the following:
- Create a
toolnamedirectory. - Create an
installscript. - (optional) if special uninstall steps are required, create an
uninstallscript.
The install script will be run with $PWD being toolname. It should install the tool into this directory, in as contained a manner as possible.
Ideally, full uninstallation should be possible with a git clean.
The install script should create a bin directory and put its executables there.
These executables will be automatically linked into the main bin directory for the repo.
They could be launched from any directory, so don't make assumptions about the location of $0!
The individual tools are all licensed under their own licenses. As for ctf-tools itself, it is licensed under BSD 2-Clause License. If you find it useful, star it on github (https://github.com/zardus/ctf-tools).
Good luck!
There's a curated list of CTF tools, but without installers, here: https://github.com/apsdehal/aWEsoMe-cTf.
There's a Vagrant config with a lot of the bigger frameworks here: https://github.com/thebarbershopper/epictreasure.