Open-Source Cybersecurity Tools: CTF & Training

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 83 documented tools. It focuses on capabilities used for baseline hardening, monitoring integration, and defense-in-depth validation. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

• Coverage depth against your highest-priority threats and compliance obligations.
• Operational overhead for deployment, tuning, and long-term maintenance.
• Signal quality versus analyst workload and false-positive pressure.
• Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
• Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

# | A | B | C | D | E | F | G | H | I | J | L | M | N | O | P | Q | R | S | T | U | W | X | Y | Z

Letter

This letter section contains 1 tools.

Parrot Security OS

• Website: https://www.parrotsec.org
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome Cyber Security Tools, Awesome CTF

What it does: Parrot Security OS is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Security-oriented Linux distribution designed for security experts and developers.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

Letter A

This letter section contains 1 tools.

AperiSolve

• Website: https://aperisolve.fr/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: AperiSolve is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Aperi'Solve is a platform which performs layer analysis on image (open-source).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Letter B

This letter section contains 6 tools.

BackBox

• Website: https://backbox.org/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: BackBox is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Based on Ubuntu.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

Backdoor

• Website: https://backdoor.sdslabs.co/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Backdoor is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Security Platform by SDSLabs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Bettercap

• Website: https://github.com/bettercap/bettercap
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Bettercap is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Framework to perform MITM (Man in the Middle) attacks.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Attacks.

Back to Name Jump

bi0s Wiki

• Website: https://teambi0s.gitlab.io/bi0s-wiki/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: bi0s Wiki is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Wiki from team bi0s.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wikis.

Back to Name Jump

BinUtils

• Website: http://www.gnu.org/software/binutils/binutils.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: BinUtils is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Collection of binary tools.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Boomerang

• Website: https://github.com/BoomerangDecompiler/boomerang
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Boomerang is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Decompile x86/SPARC/PowerPC/ST-20 binaries to C.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter C

This letter section contains 6 tools.

Convert

• Website: http://www.imagemagick.org/script/convert.php
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Convert is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Convert images b/w formats and apply filters.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

CryptoHack

• Website: https://cryptohack.org/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: CryptoHack is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Fun cryptography challenges.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

CSWSH

• Website: http://cow.cat/cswsh.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: CSWSH is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Cross-Site WebSocket Hijacking Tester.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Services.

Back to Name Jump

ctf_import

• Website: https://github.com/docileninja/ctf_import
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: ctf_import is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: run basic functions from stripped binaries cross platform.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

CTFd

• Website: https://github.com/isislab/CTFd
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: CTFd is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Platform to host jeopardy style CTFs from ISISLab, NYU Tandon.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Create > Platforms.

Back to Name Jump

CyberChef

• Website: https://gchq.github.io/CyberChef
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: CyberChef is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Web app for analysing and decoding data.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Letter D

This letter section contains 3 tools.

Damn Vulnerable Web Application

• Website: http://www.dvwa.co.uk/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Damn Vulnerable Web Application is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: PHP/MySQL web application that is damn vulnerable.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

demovfuscator

• Website: https://github.com/kirschju/demovfuscator
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: demovfuscator is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A work-in-progress deobfuscator for movfuscated binaries.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

DLLInjector

• Website: https://github.com/OpenSecurityResearch/dllinjector
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: DLLInjector is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Inject dlls in processes.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Exploits.

Back to Name Jump

Letter E

This letter section contains 3 tools.

Exif

• Website: http://manpages.ubuntu.com/manpages/trusty/man1/exif.1.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Exif is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Shows EXIF information in JPEG files.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Exiftool

• Website: https://linux.die.net/man/1/exiftool
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Exiftool is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Read and write meta information in files.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Exiv2

• Website: http://www.exiv2.org/manpage.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Exiv2 is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Image metadata manipulation tool.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Letter F

This letter section contains 3 tools.

FeatherDuster

• Website: https://github.com/nccgroup/featherduster
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: FeatherDuster is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: An automated, modular cryptanalysis tool.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Fedora Security Lab

• Website: https://labs.fedoraproject.org/security/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Fedora Security Lab is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Based on Fedora.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

Frida

• Website: https://github.com/frida/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Frida is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Dynamic Code Injection.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter G

This letter section contains 2 tools.

GDB

• Website: https://www.gnu.org/software/gdb/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: GDB is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: The GNU project debugger.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Gracker

• Website: https://github.com/Samuirai/gracker
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Gracker is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Binary challenges having a slow learning curve, and write-ups for each level.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Letter H

This letter section contains 4 tools.

Hackbar

• Website: https://addons.mozilla.org/en-US/firefox/addon/hackbartool/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Hackbar is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Firefox addon for easy web exploitation.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Web.

Back to Name Jump

Hash Extender

• Website: https://github.com/iagox86/hash_extender
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Hash Extender is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A utility tool for performing hash length extension attacks.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Hone Your Ninja Skills

• Website: https://honeyourskills.ninja/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Hone Your Ninja Skills is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Web challenges starting from basic ones.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Hydra

• Website: https://tools.kali.org/password-attacks/hydra
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Hydra is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A parallelized login cracker which supports numerous protocols to attack.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Bruteforcers.

Back to Name Jump

Letter I

This letter section contains 4 tools.

Image Steganography

• Website: https://sourceforge.net/projects/image-steg/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Image Steganography is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Embeds text and files in images with optional encryption. Easy-to-use UI.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Image Steganography Online

• Website: https://incoherency.co.uk/image-steganography
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Image Steganography Online is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

ImageMagick

• Website: http://www.imagemagick.org/script/index.php
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: ImageMagick is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Tool for manipulating images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

IO

• Website: http://io.netgarage.org/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: IO is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Wargame for binary challenges.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Letter J

This letter section contains 1 tools.

John The Jumbo

• Website: https://github.com/magnumripper/JohnTheRipper
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: John The Jumbo is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Community enhanced version of John the Ripper.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Bruteforcers.

Back to Name Jump

Letter L

This letter section contains 2 tools.

LazyKali

• Website: https://github.com/jlevitsk/lazykali
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: LazyKali is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Starter Packs.

Back to Name Jump

libformatstr

• Website: https://github.com/hellman/libformatstr
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: libformatstr is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Simplify format string exploitation.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Exploits.

Back to Name Jump

Letter M

This letter section contains 1 tools.

Metasploit JavaScript Obfuscator

• Website: https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Metasploit JavaScript Obfuscator is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Create > Web.

Back to Name Jump

Letter N

This letter section contains 1 tools.

Nozzlr

• Website: https://github.com/intrd/nozzlr
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Nozzlr is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Nozzlr is a bruteforce framework, trully modular and script-friendly.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Bruteforcers.

Back to Name Jump

Letter O

This letter section contains 3 tools.

one_gadget

• Website: https://github.com/david942j/one_gadget
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: one_gadget is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A tool to find the one gadget execve('/bin/sh', NULL, NULL) call.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Exploits.

Back to Name Jump

Outguess

• Website: https://www.freebsd.org/cgi/man.cgi?query=outguess+&apropos=0&sektion=0&manpath=FreeBSD+Ports+5.1-RELEASE&format=html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Outguess is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Universal steganographic tool.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Over The Wire

• Website: http://overthewire.org/wargames/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Over The Wire is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Wargame maintained by OvertheWire Community.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Letter P

This letter section contains 10 tools.

Patator

• Website: https://github.com/lanjelot/patator
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Patator is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Patator is a multi-purpose brute-forcer, with a modular design.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Bruteforcers.

Back to Name Jump

PentesterLab

• Website: https://pentesterlab.com/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: PentesterLab is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Variety of VM and online challenges (paid).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Pentoo

• Website: http://www.pentoo.ch/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Pentoo is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Based on Gentoo.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

Pin

• Website: https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Pin is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A dynamic binary instrumentaion tool by Intel.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

PinCTF

• Website: https://github.com/ChrisTheCoolHut/PinCTF
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: PinCTF is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A tool which uses intel pin for Side Channel Analysis.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

PkCrack

• Website: https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: PkCrack is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A tool for Breaking PkZip-encryption.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Pngtools

• Website: https://packages.debian.org/sid/pngtools
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Pngtools is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: For various analysis related to PNGs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

PWN Challenge

• Website: http://pwn.eonew.cn/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: PWN Challenge is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Binary Exploitation Wargame.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Pwnable.tw

• Website: https://pwnable.tw/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Pwnable.tw is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Binary wargame.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Pwnable.xyz

• Website: https://pwnable.xyz/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Pwnable.xyz is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Binary Exploitation Wargame.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Letter Q

This letter section contains 2 tools.

Qira

• Website: https://github.com/BinaryAnalysisPlatform/qira
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Qira is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: QEMU Interactive Runtime Analyser.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Exploits.

Back to Name Jump

QuipQuip

• Website: https://quipqiup.com
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: QuipQuip is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: An online tool for breaking substitution ciphers or vigenere ciphers (without key).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Letter R

This letter section contains 6 tools.

Request Bin

• Website: https://requestbin.com/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Request Bin is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Lets you inspect http requests to a particular url.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Services.

Back to Name Jump

Revelo

• Website: http://www.kahusecurity.com/posts/revelo_javascript_deobfuscator.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Revelo is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Analyze obfuscated Javascript code.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Reversin.kr

• Website: http://reversing.kr/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Reversin.kr is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Reversing challenge.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

ROP Gadget

• Website: https://github.com/JonathanSalwan/ROPgadget
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: ROP Gadget is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Framework for ROP exploitation.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Exploits.

Back to Name Jump

ROP Wargames

• Website: https://github.com/xelenonz/game
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: ROP Wargames is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: ROP Wargames.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

RSATool

• Website: https://github.com/ius/rsatool
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: RSATool is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Generate private key with knowledge of p and q.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Crypto.

Back to Name Jump

Letter S

This letter section contains 11 tools.

SANS HHC

• Website: https://holidayhackchallenge.com/past-challenges/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: SANS HHC is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Challenges with a holiday theme.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Wargames.

Back to Name Jump

Scorebot

• Website: https://github.com/legitbs/scorebot
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Scorebot is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Platform for CTFs by Legitbs (Defcon).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Create > Platforms.

Back to Name Jump

SecGen

• Website: https://github.com/cliffe/SecGen
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: SecGen is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Security Scenario Generator. Creates randomly vulnerable virtual machines.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Create > Platforms.

Back to Name Jump

SmartDeblur

• Website: https://github.com/Y-Vladimir/SmartDeblur
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: SmartDeblur is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Used to deblur and fix defocused images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Steganabara

• Website: https://www.openhub.net/p/steganabara
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Steganabara is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Tool for stegano analysis written in Java.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

SteganographyOnline

• Website: https://stylesuxx.github.io/steganography/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: SteganographyOnline is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Online steganography encoder and decoder.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Stegbreak

• Website: https://linux.die.net/man/1/stegbreak
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Stegbreak is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Launches brute-force dictionary attacks on JPG image.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

stegextract

• Website: https://github.com/evyatarmeged/stegextract
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: stegextract is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Detect hidden files and text in images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Steghide

• Website: http://steghide.sourceforge.net/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Steghide is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Hide data in various kind of images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

StegOnline

• Website: https://georgeom.net/StegOnline/upload
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: StegOnline is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Stegsolve

• Website: http://www.caesum.com/handbook/Stegsolve.jar
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Stegsolve is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Apply various steganography techniques to images.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Steganography.

Back to Name Jump

Letter T

This letter section contains 2 tools.

Triton

• Website: https://github.com/JonathanSalwan/Triton/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Triton is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Dynamic Binary Analysis (DBA) framework.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Turbo Intruder

• Website: https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Turbo Intruder is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Burp Suite extension for sending large numbers of HTTP requests.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Bruteforcers.

Back to Name Jump

Letter U

This letter section contains 3 tools.

Uglify

• Website: https://github.com/mishoo/UglifyJS
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Uglify is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Create > Web.

Back to Name Jump

Uncompyle

• Website: https://github.com/gstarnberger/uncompyle
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Uncompyle is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Decompile Python 2.7 binaries (.pyc).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

URIX OS

• Website: http://urix.us/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: URIX OS is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Based on openSUSE.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

Letter W

This letter section contains 2 tools.

Wifislax

• Website: http://www.wifislax.com/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Wifislax is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Based on Slackware.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Resources > Operating Systems.

Back to Name Jump

WinDbg

• Website: http://www.windbg.org/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: WinDbg is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Windows debugger distributed by Microsoft.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter X

This letter section contains 3 tools.

Xocopy

• Website: http://reverse.lostrealm.com/tools/xocopy.html
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Xocopy is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Program that can copy executables with execute, but no read permission.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

XSSer

• Website: http://xsser.sourceforge.net/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: XSSer is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Automated XSS testor.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Web.

Back to Name Jump

Xxxswf

• Website: https://bitbucket.org/Alexander_Hanel/xxxswf
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Xxxswf is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A Python script for analyzing Flash files.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter Y

This letter section contains 1 tools.

Yersinia

• Website: https://github.com/tomac/yersinia
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Yersinia is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: Attack various protocols on layer 2.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Attacks.

Back to Name Jump

Letter Z

This letter section contains 2 tools.

Z3

• Website: https://github.com/Z3Prover/z3
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF

What it does: Z3 is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A theorem prover from Microsoft Research.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Zsteg

• Website: https://github.com/zed-0xff/zsteg/
• Model: Open Source
• Category: CTF & Training
• Source Lists: Awesome CTF, Awesome Forensics

What it does: Zsteg is used in ctf & training programs to support baseline hardening, monitoring integration, and defense-in-depth validation. Source summaries describe it as: A steganographic coder for WAV files.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Forensics > Tools > Steganography.

Back to Name Jump