CTF Tools — pwntools, GEF, angr
Exploit dev, ROP, decoders, scripting glue for capture-the-flag.
CTFs are a forcing function for hands-on skill. The CTF toolbox overlaps with real exploit dev — pwntools is the language, GEF/pwndbg is the debugger, angr is the symbolic-exec hammer. For binary RE see Reverse Engineering (Ghidra). For binary fuzzing see Binary Fuzzing. For training platforms see Security Training Platforms. For cheat sheets and payloads see Exploit DB & Cheatsheets.
Pwn / exploit dev framework
- ★ ★ pwntools — Python; the reference exploit dev framework.
remote() / process() / ssh() / asm() / ROP() / shellcraft / flat() / cyclic(). Free. - pwntools-tube cookbook — community examples; canonical patterns.
- pwntools-rust — Rust port; less mature.
- pwn-deploy / pwntools-docker images — quick CTF infra.
gdb extensions (pick one)
- ★ pwndbg — most actively maintained; clean output; ROP / heap / context views. Free.
- GEF (
hugsy/gef) — closest sibling; very popular; written in pure Python. Free. - PEDA — older; less active.
- gdb-dashboard — modular gdb UI.
ROP / shellcode
- ROPgadget — gadget search.
- Ropper — alternative gadget finder; sometimes better gadget classes.
- one_gadget — locate
execve("/bin/sh")one-shot in glibc; the lazy man's libc-leak. - ropr — Rust ropper; fast.
- shellcraft (pwntools) — pre-canned shellcode.
- msfvenom — payload gen; see Exploitation Frameworks.
Symbolic / concolic
- ★ angr — Python symbolic execution; binary auto-analysis; CFG, value-set, exploit-gen. Free.
- Manticore (Trail of Bits) — symbolic exec for x86 / ARM / EVM.
- KLEE — academic; LLVM bitcode.
- z3 / pysmt — SMT solvers underneath.
Heap / glibc-aware
- pwndbg heap commands —
heap,bins,arenas,vis_heap_chunks. - how2heap (shellphish) — illustrated heap exploit techniques.
- glibc-all-in-one — every glibc version preloaded for matching CTF targets.
- patchelf / pwninit — patch a challenge binary to use a specific libc.
- libc-database / libc.rip — find a libc from a leak.
Reversing helpers
- See Reverse Engineering (Ghidra) — Ghidra, IDA, Binary Ninja, Cutter, Frida.
- decomp.io / dogbolt.org — quick online decompile.
- r2 / rizin / Cutter, Ghidra headless mode.
Crypto / classical
- ★ CyberChef — universal decode/decrypt.
- dCode.fr — cipher / classic crypto cheatsheet pages; great for "what cipher is this."
- RsaCtfTool — common RSA attacks (Wiener, Fermat, common-modulus, low-public-exponent).
- featherduster — automated classical crypto.
- PyCryptodome — Python; reference crypto.
- sage — symbolic math / number-theory; finishing the algebra in CTF crypto.
- gmpy2 — bignum.
Web
- See Web App Testing (Burp/ZAP/Caido), Web Fuzzing, Vulnerability Scanners (Nuclei).
- PayloadsAllTheThings — payload reference; see Exploit DB & Cheatsheets.
- JWT.io / jwt_tool — JWT inspect / brute.
Forensics / stego
- See DFIR (Velociraptor), Steganography (binwalk), Memory Forensics.
- Volatility 3 + plugins — every memory CTF basically.
- Wireshark + NetworkMiner — every pcap CTF basically.
Misc essentials
- checksec.sh — quick "is NX/PIE/relro/canary on" — the very first thing for a binary challenge.
- strings / file / xxd / objdump / nm / ltrace / strace — UNIX classics; always start here.
- cyclic (pwntools) — De Bruijn sequence pattern offsets.
- patchelf — change the interpreter / RPATH of a binary.
- netcat / ncat / socat — hand-crank a connection.
Practice / where to play
- picoCTF (CMU) — free; the entry-level reference.
- PwnCollege (ASU) — free; structured pwn / RE education.
- HackTheBox / TryHackMe — see Security Training Platforms.
- CTFtime.org — calendar / writeups / archive.
- Vulnhub — VM-based offline CTFs.
- OverTheWire — wargames; classic ladders.
Pick this if…
- Default exploit dev language: pwntools.
- Default debugger: GDB + pwndbg or GEF.
- Symbolic exec / auto-solver: angr.
- Quick decoder swiss-army: CyberChef.
- RSA puzzle: RsaCtfTool.
- Heap challenge: pwndbg heap commands + how2heap reference.
- Web CTF: Burp / Caido + ffuf + sqlmap.