Clone of . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

11 KiB

CTFs & Wargames

Table of Contents


  • General
  • 101
  • Beginner Focused CTFs
    • PicoCTF
    • CSAW
  • Challenge Archives
  • Challenges (one-offs)
  • Challenge Sites
  • Educational
  • Handy Tools
    • pngcheck
      • pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
    • pwntools
    • CTF Scripts and PyInstaller (.py > .exe)
    • RSACtfTool
      • RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key
  • Making Your Own CTF
    • AppJailLauncher
      • CTF Challenge Framework for Windows 8 and above
    • CTFd
      • CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
    • FBCTF
      • The Facebook CTF is a platform to host Jeopardy and "King of the Hill" style Capture the Flag competitions.
    • hack-the-arch
      • This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license (see LICENSE file). The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event. While it's not recommended, this server can be hosted with your challenges but we do recommend sand-boxing your challenges so they do not affect the scoring server.
    • iCTF Framwork
      • This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at The framework creates several VMs: one for the organizers and one for every team.
    • NightShade
      • NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
    • Mellivora
      • Mellivora is a CTF engine written in PHP
    • picoCTF-Platform-2
      • The picoCTF Platform 2 is the infrastructure on which picoCTF runs. The platform is designed to be easily adapted to other CTF or programming competitions. picoCTF Platform 2 targets Ubuntu 14.04 LTS but should work on just about any "standard" Linux distribution. It would probably even work on Windows. MongoDB must be installed; all default configurations should work.
    • py_chall_factory
      • Small framework to create/manage/package jeopardy CTF challenges
    • Root the Box
      • Root the Box is a real-time scoring engine for a computer wargames where hackers can practice and learn. The application can be easily modified for any hacker CTF game. Root the Box attempts to engage novice and experienced hackers alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to real-world penetration testing. Just as in traditional CTF games, each team attacks targets of varying difficulty and sophistication, attempting to collect flags. However in Root the Box, teams can also create "Botnets" by uploading a small bot program to target machines. Teams are periodically rewarded with (in-game) money for each bot in their botnet; the larger the botnet the larger the reward.
    • scorebot
    • SecGen
      • SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
    • Flawed Fortress
      • Flawed Fortress is a front end platform for hosting Capture the Flag Event (CTF), it is programmed with PHP, JQuery, JavaScript and phpMyAdmin. Currently, It is designed to import SecGen CTF challenges using marker.xml file (which is generated in the project folder when creating a CTF Challenge)
    • Remediate the Flag
      • RTF is an open source Practical Application Security Training platform that hosts application security focused exercises.
      • Candidates manually find, exploit, and manually remediate the code of a vulnerable application running in a disposable development environment accessed using a web browser. 100% hands-on training, no multiple choice questions involved.
  • Vulnerable Virtual Machines
  • Wargames
  • Writeups