A reference list of tools in my CTF and pentesting workflow, organised by category.
Reconnaissance & Scanning
| Tool |
Use |
Install |
| RustScan |
Fast port scanner |
cargo install rustscan |
| nmap |
Service/version/script scanning |
apt install nmap |
| gobuster |
Directory/subdomain fuzzing |
apt install gobuster |
| ffuf |
Web fuzzing |
apt install ffuf |
| wfuzz |
Web fuzzing with complex payloads |
pip install wfuzz |
nmap -p- --min-rate 10000 -sCV -oN nmap_full.txt $TARGET
Web Exploitation
Binary Exploitation (Pwn)
| Tool |
Use |
Install |
| pwntools |
Exploit scripting |
pip install pwntools |
| pwndbg |
GDB plugin for pwn |
See GitHub |
| Ghidra |
Decompiler / reverse engineering |
Download from NSA |
| checksec |
Check binary mitigations |
apt install checksec |
| ROPgadget |
Find ROP gadgets |
pip install ropgadget |
file binary && checksec binary && strings binary | grep -i flag
Cryptography
| Tool |
Use |
| CyberChef |
Browser crypto swiss-army knife |
| hashcat |
GPU password cracking |
| john |
CPU password cracking |
Python pycryptodome |
Crypto primitives |
hashcat -m 0
hashcat -m 1000
hashcat -m 1800
hashcat -m 16500
hashcat -m 124
Post-Exploitation & Priv Esc
sudo -l
find / -perm -4000 2>/dev/null
crontab -l && cat /etc/crontab
Wordlists
- SecLists โ the essential collection
rockyou.txt โ /opt/SecLists/Passwords/Leaked-Databases/rockyou.txt
I have a few I have created myself for certain targets.
My Setup
- OS: Kali Linux (VM daily) + Ubuntu WSL (Laptop daily) + Debian ( VM daily) + Windows (Gaming Desktop daily)
- Terminal: terminator
- Editor: nano
- Note-taking: These HonKit pages + VSCode with WSL Ubuntu autodeploying with a
git push Oh and usually also Obsidian locally