We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
fbctf - Platform to host Capture the Flag competitions
The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.The FBCTF platform was designed with flexibility in mind, allowing for different types of installations depending on the needs of the end user. The FBCTF platform can be installed either in Development Mode, or Production Mode.
ctf ctf-frameworkawesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.
ctf awesome security penetrationgef - GEF - GDB Enhanced Features for exploit devs & reversers
GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).
exploit gdb reverse-engineering ctf ida-pro binary-ninja pwn exploit-development malware malware-research debuggingMBE - Course materials for Modern Binary Exploitation by RPISEC
This repository contains the materials as developed and used by RPISEC to teach Modern Binary Exploitation at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation. Vulnerability research & exploit development is something totally outside the bounds of what you see in a normal computer science curriculum, but central to a lot of what we RPISEC members find ourselves doing in our free time. We also find that subjects in offensive security tend to have a stigma around them in university that we would like to help shake off. These are practical, applied skills that we're excited to share with those interested in learning.
exploitation wargame ctfwrite-ups-2017 - Wiki-like CTF write-ups repository, maintained by the community. 2017
This repository aims to solve those problems. It’s a collection of CTF source files and write-ups that anyone can contribute to. Did you just publish a CTF write-up? Let us know, and we’ll add a link to your post — or just add the link yourself and submit a pull request. Spot an issue with a solution? Correct it, and send a pull request.
ctfpwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
Exploit Development and Reverse Engineering with GDB Made Easy
gdb peda gdbinit pwndbg reverse-engineering debugging ctf gef hack disassembler ida-pro binary-ninja defcon capture-the-flag malware malware-analysis pwnablepwntools - CTF framework and exploit development library
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.
ctf exploit pwntools ctf-framework shellcode rop pwnable defcon capture-the-flag wargameOWASP Juice Shop - Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.
owasp vulnerable hacking application-security pentesting vulnapp appsec ctf web-security web-application-security webappsec pentest securityshellen - :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.
keystone capstone shellcode interactive assembler dissassembler pwn shellcoding disassembly syscalls architecture dsm asm shell syscall-table common-shellcodes exploitation ctf exploitone_gadget - The best tool for finding one gadget RCE in libc.so.6
When playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve('/bin/sh', NULL, NULL). Note: require ruby version >= 2.1.0, you can use ruby --version to check.
ctf pwnable pwn glibc one-gadget-rce shelllibc-database - Build a database of libc offsets to simplify exploitation
You can also add a custom libc to your database. Find all the libc's in the database that have the given names at the given addresses. Only the last 12 bits are checked, because randomization usually works on page size level.
pwn libc offsets ctf ctf-toolsarmpwn - Repository to train/learn memory corruption on the ARM platform.
Repository to train/learn memory corruption exploitation on the ARM platform. This is the material of a workshop I prepared for my CTF Team. Either upload the binary to some ARM device (I used a Raspberry Pi) or use qemu locally as described here. Also copy the webroot/ folder and the led script to the device. The binary expects both to be in the current working directory.
ctf exploitpspy - Monitor linux processes without root permissions
pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it's info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
ctf pentesting privesc enumerationRootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
Root the Box is a real-time scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for any CTF game. Root the Box attempts to engage novice and experienced players alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to the real-world, such as penetration testing, incident response, digital forensics and threat hunting. Just as in traditional CTF games, each team or player targets challenges of varying difficulty and sophistication, attempting to collect flags. Root the Box brings additional options to the game. It can be configured to allow the creation of "Botnets" by uploading a small bot program to target machines, which grant periodic rewards with (in-game) money for each bot in the botnet; the larger the botnet the larger the reward. Money can be used to unlock new levels, buy hints to flags, download a target's source code, or even "SWAT" other players by bribing the (in-game) police. Player's "bank account passwords" can also be publically displayed by the scoring engine, allowing players to crack each other's passwords and steal each other's money.
security scoring-engine ctfctfscoreboard - Scoreboard for Capture The Flag competitions, used by the Google CTF event
This is a basic CTF Scoreboard, with support for teams or individual competitors, and a handful of other features.Copyright 2016 Google, Inc. This is not an official Google product.
scoreboard ctf-scoreboard ctfDocker-War - Docker based Wargame Platform - To practice your CTF skills
Sometimes you may confront services looping forever, and this link might helps you. Besides, if you wanna re-add the host, just delete the files in /var/lib/rancher/state.Before using docker in Docker-War, setup.sh will change group of the docker.sock from docker(998) to app(9999) in order to let app user call docker in this image.
docker wargame ctf railsctf.tf - A database of collected CTFs and their solutions.
A database of collected CTFs and their solutions. Fork and send pull requests.
ctf ctf-challenges ctf-competitionsgoogle-ctf - Google CTF challenges
This repository lists most of the challenges used in the Google CTF 2017. The missing challenges are not ready to be open-sourced, or contain third-party code. IMPORTANT - All code in this repository has security vulnerabilities. These are there on purpose, and running these on real production infrastructure is not safe.
security ctf ctf-challenges google
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
