Displaying 1 to 13 from 13 results

stego-toolkit - Collection of steganography tools - helps with CTF challenges

  •    Shell

This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes pre-installed with many popular tools (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for a JPG file). First make sure you have Docker installed (how to). Then you can use the shell scripts bin/buid.sh and bin/run.sh in this repo to build the image and run the container. You will be dropped into a bash shell inside the container. It will have the data folder mounted, into which you can put the files to analyze.

libc-database - Build a database of libc offsets to simplify exploitation

  •    Shell

You can also add a custom libc to your database. Find all the libc's in the database that have the given names at the given addresses. Only the last 12 bits are checked, because randomization usually works on page size level.

VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages

  •    Python

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.

zio - unified io lib for pwning development written in python

  •    Python

zio is an easy-to-use io library for pwning development, supporting an unified interface for local process pwning and TCP socket io. The primary goal of zio is to provide unified io interface between process stdin/stdout and TCP socket io. So when you have done local pwning development, you only need to change the io target to pwn the remote server.




blindsight - High-density, terminal-based binary viewer for visual pattern matching.

  •    C

High-density hex viewer focused on visual pattern matching on <1MB binaries. Binary Editor BZ has this covered on Windows. This is a Unix version you can quickly extend and hack on. Supports live code reload for smooth domain-specific prototyping.

tmpleak - Leak off used temporary workspaces for ctf and wargames!

  •    PAWN

Users and teams are crawled from ctftime.org and made into wordlist. Search temporary directory based on the wordlist.


knary - A simple HTTP(S) and DNS Canary Slackbot

  •    Go

knary is a canary token server that notifies a Slack channel when incoming HTTP(S) or DNS requests match a given domain or any of its subdomains. It also supports functionality useful in offensive engagements including subdomain blacklisting. Redteamers use canaries to be notified when someone (or something) attempts to interact with a server they control. Canaries help provide visibility over processes that were previously unknown. They can help find areas to probe for RFI or SSRF vulnerabilities, disclose previously unknown servers, provide evidence of a MitM device, or just announce someone interacting with your server.

mkctf - A CTF framework to create, build, deploy and test challenges

  •    Python

This tool might help your team to create challenges following a predefined format. This project was, initially, created for managing file for INS'hAck 2017 event. You can find challenges and writeups of the past editions of INS'hAck here.