CTF: Critical CTF Tools



Generally when you tackle a new machine in a CTF challenge you are going to be tackling it using a refined process.  If you are just getting started then you are still figuring out your process and the tools that you work well with.  As with all things in security getting to know your tools and practicing with them is important.

Typically you are going to be following this process and tweaking it as it suits your need.

Keep coming back as I will be adding more tools to this list.  This list is geared as a starting point for you.  Take this information and do some studying!

1.Reconnaissance

nmaphttps://nmap.org/
Take a look at some basic nmap usage here.
This is a critical tool to be familiar with.  It is the best portscanning tool out there and it is insanely powerful.
Things to consider.  nmap comes with some powerful utilities that go beyond just portscanning.  
-NSE (nmap scripting engine): nmap's built in scripting capability.  there so much here to use in a CTF competition.  Take a look here to see my growing database of NSE
-Vulnscan: nmap has the ability to check versions of services on targets and compare to a known database of vulnerabilities (insanely useful)
netcatWidely considered the swiss army knife of the internet.  Check out this link for more information.
other tools:
-unicornscan
-fierce
-OpenVAS
-Nikto
-Wireshark: Check out this YouTube playlist for interesting Wireshark training.
-Metasploit Framework
-zenmap (gui version of nmap, get good at regular nmap first)

2.Enumeration

-Metasploit Framework
-ZAP (ZED Attack Proxy)
-Nikto
-CMSMap
-Wireshark
-John the Ripper
-THC Hydra
-findmyhash
-RainbowCrack

3.Vulnerability Discovery

-Metasploit Framework
-OpenVAS
-ZAP (ZED Attack Proxy)
-Nikto
-WPScan
-Fluxion
-BeEF
-FunkLoad

4.Exploitation

-(There are a number of tools in enumeration that can also be used during exploitation)
-Metasploit Framework (This is going to be your main tool)
-BeEF
-Yersinia
-DHCPig
-FunkLoad
-Hashcat
-DLLInjector
-Libformatstr
-one_gadget
-pwntools
-qira
-ROP Gadget
-V0lt


Resources:

[1] https://securitytrails.com/blog/kali-linux-penetration-testing-tools

[2] https://int0x33.medium.com/day-18-essential-ctf-tools-1f9af1552214

Comments

Popular Posts