This is a friendly fork of Thomas' ctf-vagrant, based on the Ubuntu 18.04 base image.
Change to the docker directory, then:
Build the image
$ ./build
Connect to the vm
$ ./run
- Binjitsu
- Pwndbg
- Radare2
- Firmware tools (fmk / qemu)
- angr
- ROPGadget
- decompile - Add API key to
host-share/decompile-api - qira
- binwalk
- apktool
| Category | Tool | Description |
|---|---|---|
| binary | checksec | Check binary hardening settings. |
| binary | elfkickers | A set of utilities for working with ELF files. |
| binary | evilize | Tool to create MD5 colliding binaries |
| binary | xrop | Gadget finder. |
| forensics | exetractor | Unpacker for packed Python executables. Supports PyInstaller and py2exe. |
| forensics | pdf-parser | Tool for digging in PDF files |
| forensics | peepdf | Powerful Python tool to analyze PDF documents. |
| forensics | scrdec18 | A decoder for encoded Windows Scripts. |
| forensics | testdisk | Testdisk and photorec for file recovery. |
| crypto | cribdrag | Interactive crib dragging tool (for crypto). |
| crypto | foresight | A tool for predicting the output of random number generators. To run, launch "foresee". |
| crypto | featherduster | An automated, modular cryptanalysis tool. |
| crypto | hashpump-partialhash | Hashpump, supporting partially-unknown hashes. |
| crypto | hash-identifier | Simple hash algorithm identifier. |
| crypto | littleblackbox | Database of private SSL/SSH keys for embedded devices. |
| crypto | msieve | Msieve is a C library implementing a suite of algorithms to factor large integers. |
| crypto | pemcrack | SSL PEM file cracker. |
| crypto | pkcrack | PkZip encryption cracker. |
| crypto | python-paddingoracle | Padding oracle attack automation. |
| crypto | reveng | CRC finder. |
| crypto | sslsplit | SSL/TLS MITM. |
| crypto | xortool | XOR analysis tool. |
| crypto | yafu | Automated integer factorization. |
| web | burpsuite | Web proxy to do naughty web stuff. |
| web | commix | Command injection and exploitation tool. |
| web | dirb | Web path scanner. |
| web | dirsearch | Web path scanner. |
| web | mitmproxy | CLI Web proxy and python library. |
| web | sqlmap | SQL injection automation engine. |
| web | subbrute | A DNS meta-query spider that enumerates DNS records, and subdomains. |
| Category | Tool | Description |
|---|---|---|
| bruteforcers | John The Jumbo | Community enhanced version of John the Ripper |
| bruteforcers | Ophcrack | Windows password cracker based on rainbow tables. |
| forensics | Aircrack-Ng | Crack 802.11 WEP and WPA-PSK keys |
| forensics | Bkhive and Samdump2 | Dump SYSTEM and SAM files |
| networking | Masscan | Mass IP port scanner, TCP port scanner |
| networking | Nmap | open source utility for network discovery and security auditing |
| networking | Zmap | an open-source network scanner |
| reversing | Uncompyle | Decompile Python 2.7 binaries (.pyc) |
| steganography | Exif | Shows EXIF information in JPEG files |
| steganography | Exiv2 | Image metadata manipulation tool |
| steganography | ImageMagick | Tool for manipulating images |
| steganography | Outguess | Universal steganographic tool |
| steganography | Pngtools | For various analysis related to PNGs |
| steganography | Stegbreak | Launches brute-force dictionary attacks on JPG image |
| steganography | Steghide | Hide data in various kind of images |
| web | XSSer | Automated XSS testor |