Tooling

CTF Tools — pwntools, GEF, angr

Exploit dev, ROP, decoders, scripting glue for capture-the-flag.

CTFs are a forcing function for hands-on skill. The CTF toolbox overlaps with real exploit dev — pwntools is the language, GEF/pwndbg is the debugger, angr is the symbolic-exec hammer. For binary RE see Reverse Engineering (Ghidra). For binary fuzzing see Binary Fuzzing. For training platforms see Security Training Platforms. For cheat sheets and payloads see Exploit DB & Cheatsheets.

Pwn / exploit dev framework

  • ★ ★ pwntools — Python; the reference exploit dev framework. remote() / process() / ssh() / asm() / ROP() / shellcraft / flat() / cyclic(). Free.
  • pwntools-tube cookbook — community examples; canonical patterns.
  • pwntools-rust — Rust port; less mature.
  • pwn-deploy / pwntools-docker images — quick CTF infra.

gdb extensions (pick one)

  • pwndbg — most actively maintained; clean output; ROP / heap / context views. Free.
  • GEF (hugsy/gef) — closest sibling; very popular; written in pure Python. Free.
  • PEDA — older; less active.
  • gdb-dashboard — modular gdb UI.

ROP / shellcode

  • ROPgadget — gadget search.
  • Ropper — alternative gadget finder; sometimes better gadget classes.
  • one_gadget — locate execve("/bin/sh") one-shot in glibc; the lazy man's libc-leak.
  • ropr — Rust ropper; fast.
  • shellcraft (pwntools) — pre-canned shellcode.
  • msfvenom — payload gen; see Exploitation Frameworks.

Symbolic / concolic

  • angr — Python symbolic execution; binary auto-analysis; CFG, value-set, exploit-gen. Free.
  • Manticore (Trail of Bits) — symbolic exec for x86 / ARM / EVM.
  • KLEE — academic; LLVM bitcode.
  • z3 / pysmt — SMT solvers underneath.

Heap / glibc-aware

  • pwndbg heap commandsheap, bins, arenas, vis_heap_chunks.
  • how2heap (shellphish) — illustrated heap exploit techniques.
  • glibc-all-in-one — every glibc version preloaded for matching CTF targets.
  • patchelf / pwninit — patch a challenge binary to use a specific libc.
  • libc-database / libc.rip — find a libc from a leak.

Reversing helpers

  • See Reverse Engineering (Ghidra) — Ghidra, IDA, Binary Ninja, Cutter, Frida.
  • decomp.io / dogbolt.org — quick online decompile.
  • r2 / rizin / Cutter, Ghidra headless mode.

Crypto / classical

  • CyberChef — universal decode/decrypt.
  • dCode.fr — cipher / classic crypto cheatsheet pages; great for "what cipher is this."
  • RsaCtfTool — common RSA attacks (Wiener, Fermat, common-modulus, low-public-exponent).
  • featherduster — automated classical crypto.
  • PyCryptodome — Python; reference crypto.
  • sage — symbolic math / number-theory; finishing the algebra in CTF crypto.
  • gmpy2 — bignum.

Web

Forensics / stego

Misc essentials

  • checksec.sh — quick "is NX/PIE/relro/canary on" — the very first thing for a binary challenge.
  • strings / file / xxd / objdump / nm / ltrace / strace — UNIX classics; always start here.
  • cyclic (pwntools) — De Bruijn sequence pattern offsets.
  • patchelf — change the interpreter / RPATH of a binary.
  • netcat / ncat / socat — hand-crank a connection.

Practice / where to play

  • picoCTF (CMU) — free; the entry-level reference.
  • PwnCollege (ASU) — free; structured pwn / RE education.
  • HackTheBox / TryHackMe — see Security Training Platforms.
  • CTFtime.org — calendar / writeups / archive.
  • Vulnhub — VM-based offline CTFs.
  • OverTheWire — wargames; classic ladders.

Pick this if…

  • Default exploit dev language: pwntools.
  • Default debugger: GDB + pwndbg or GEF.
  • Symbolic exec / auto-solver: angr.
  • Quick decoder swiss-army: CyberChef.
  • RSA puzzle: RsaCtfTool.
  • Heap challenge: pwndbg heap commands + how2heap reference.
  • Web CTF: Burp / Caido + ffuf + sqlmap.

On this page