Tools used frequently for challenges such as the National Cyber League/CTFs in general. Nonexhaustive.

Operating System

• Kali Linux: A Debian-based Linux distribution designed for digital forensics and penetration testing. Kali Linux
• ParrotOS: A GNU/Linux distribution based on Debian focused on security, privacy, and development. ParrotOS

Other

• VirtualBox: A powerful x86 and AMD64/Intel64 virtualization product for enterprise and home use. VirtualBox
• Parallels (macOS VM): Provides hardware virtualization for Macintosh computers with Intel processors. Parallels
• Replit: A cloud-based development environment for programming in various languages. Replit
• Sublime Text Editor: An advanced text editor designed for coding and markup, capable of handling large files. Sublime Text Editor
• CyberChef: A web tool for data manipulation operations such as encrypting, decoding, analyzing, compressing, and transforming data. CyberChef
• AnyRun: An interactive sandbox for analyzing malicious software. AnyRun
• HackTricks: A collection of resources ranging from pentesting, forensics, crypto, reversing / binary exploitation, cloud security, etc. HackTricks
• PenTest Template: A PenTest template from tjnull that can easily be used and followed. TJ-OPT
• Rules of Engagement Template: Sample RoE document. RoE Template
• Red Team Template: A checklist for Red Team engagements. Red Team Checklist
• M365 Licensing Information: A website that provides useful information about M365 and licensing M365 Maps
• Nmap Result Interface: A nice looking interface for your nmap results nmap-bootstrap-xsl

Open Source Intelligence

• OSINT Framework: A tool for open-source intelligence and reconnaissance. OSINT Framework
• Wayback Machine: Captures and archives web pages as they appear over time. Wayback Machine
• Whitespace Language: A programming language that uses only whitespace characters for coding. Whitespace Language
• .ws file (Windows Script File): Information on Windows Script Files used for scripting on Microsoft platforms. .ws file
• Copepal: Detects programming languages used in code snippets. Copepal
• xeuledoc: Find out public information like the owner about a Google Doc. xeuledoc

Cryptography

• GnuPG (gpg): Encrypt and sign data and communications with a free implementation of the OpenPGP standard. GnuPG
• dcode.fr: Tools for cryptography, ciphers, codes, alphabets, calculators, and mathematics. dcode.fr

Password Cracking

• PDF Cracking (pdf2john -> hashcat & pdfcrack): Utilizes John the Ripper and hashcat to crack PDF passwords; pdfcrack is not highly recommended.
• ophcrack: Cracks Windows passwords using LM/NT hashes with rainbow tables. ophcrack
• CrackStation: An online tool for cracking various hash passwords. CrackStation
• Hashes: A service for cracking password hashes, featuring NTLM rainbow tables. Hashes
• WEAKPASS: Provides wordlists optimized for different hashing algorithms. WEAKPASS
• office2john: Extracts hashes from encrypted Microsoft Office files for cracking. office2john
• Hashcat Parameters: Provides examples of various hashing algorithms for use with Hashcat. Hashcat Parameters
• combinator.bin (hashcat_utils): A utility from hashcat for combining wordlists for password cracking. combinator.bin

Forensics

• Aperisolve: A tool for steganography analysis and image forensics. Aperisolve
• PIL (Python Imaging Library): Manipulates different image file formats, useful in analog forensics. PIL
• Chainsaw: Windows Forensic ArteFacts / Windows Event Logs / Log parse. Chainsaw
• Android Tools: Android device tool kit, useful forensic commands. Android Tools

Log Analysis

• SEMRUSH: Website Log File Analyzer. SEMRUSH
• Logwatch: log parser and analyzer. Logwatch
• Chainsaw: Windows Forensic ArteFacts / Windows Event Logs / Log parse. Chainsaw

Network Traffic Analysis

• Wireshark: Network protocol analyzer (.pcap). Wireshark

Scanning & Reconnaissance

• Nmap: Network scanner. Nmap
• Zenmap: Nmap with GUI. Zenmap
• Wireshark: Network protocol analyzer (.pcap). Wireshark
• Nikto: Open source vulnerability scanner. Nikto
• HostRecon: Used for a reconnaissance phase of an engagement, not using any of the common commands to avoid detection. HostRecon
• https://securitytrails.com/blog/nmap-vulnerability-scan
• Nuclei: Fast and customizable vulnerability scanner based on simple YAML-based DSL. Nuclei
• Censys: Censys.io is a search engine that indexes internet-connected devices, enabling users to discover and analyze exposed services, vulnerabilities, and network configurations across the internet.sd Censys.io
• DNSDumpster: "a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process" DNSDumpster

Enumeration & Exploitation

• GTFOBins: A curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. GTFOBins
• LOLBAS: Similar to GTFOBins, but Window Focused. Windows Binaries and Scripts. LOLBAS
• dotPeek: A .NET decompiler and assembly browser that recovers lost source code from binaries. dotPeek
• ILSpy: An open-source .NET assembly browser and decompiler. ILSpy
• Remnux: A Linux toolkit for reverse-engineering and analyzing malicious software. Remnux
• Ghidra: A software reverse engineering (SRE) framework developed by NSA's Research Directorate. Ghidra
• GEF: Enhanced Features for GDB, Dynamic Analysis and Exploit Development. GEF
• Reverse Shell Generator: Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs. RevShells

Web Application Exploitation

• Burp Suite - Application Security Testing. Burp Suite
• Burp Suite Extensions, Param Miner, Logger++: Extensions for Burp Suite, enhancing functionality for probing and exploiting web applications. (Pro version required)
• RequestBin: Create, view, analyze, and receive HTTP requests in real-time. RequestBin
• Zed Attack Proxy (ZAP): An open-source web application security scanner. ZAP
• Wappalyzer: Identifies technologies used on websites, such as CMS, web frameworks, server software, and analytics. Wappalyzer
• Postman: API Tools. Postman
• dirbuster: A multi-threaded Java application to brute-force directories and file names on web/application servers. dirbuster
• Nikto: Open source vulnerability scanner. Nikto
• BeautifulSoup4: Web scraping Python library BeautifulSoup4
• PowerMeta: Search for publicly available files hosted on websites. PowerMeta

Specific Commands

• arp -a (Windows) or arp -n / ip neigh (Linux) - Used for host discovery.
• sqlmap -u "url" --risk=3 --level=5 --batch - Automates the detection and exploitation of SQL injection flaws.
• unzip - Can extract contents from .docx files.
• iptables - Command-line utility for configuring Linux kernel firewall.
• SQL Injection Example:
  • Step 1: Identify usage of SQL in a web application.
    • GET /search?q=" HTTP/1.1
  • Step 2: Attempt to extract database schema information using SQL injection.
    • q="; SELECT name, sql from sqlite_master where type="table";
  • Step 3: Execute SQL query to retrieve sensitive information.
    • "; SELECT name, type, cost from products where 1=1;

IPv4 IP Address/CIDR Calculator

Enter CIDR Notation (e.g., /24): Calculate

Subnet Calculator

Enter IP Address/CIDR (e.g., 192.168.1.1/24): Calculate

URL Encoder/Decoder

Encode Decode
Output: