CTF Tools
This is a collection of tools and installation instructions of tools we commonly use in CTFs. This is not a complete list and any instructions are only suggestions.
Feel free to adapt anything to your needs, if you prefer a different way, and submit feedback. Also use this as a starting point to learn about any of the tools that are new to you.
Note
macOS Users: Start with the macOS section.
Required Tools
Docker
In Docker we can run Containers, which are isolated Linux environments.
For example, many CTF challenges contain Dockerfiles that allow us to recreate the environment in which the challenge was created, so we can avoid any compatibility issues.
Docker Desktop is fine if your host is Windows or macOS.
On Linux, look up how to install Docker for your distribution.
Alternative: Podman.
Decompilers
Ghidra is a powerful disassembling tool made by the NSA (Yes, that NSA).
Binary Ninja is a more easy-to-use alternative. Does some things better than Ghidra and a few more things worse.
Python and virtual environments
We use Python often to write small scripts that automate tasks for exploits.
Install Python 3.10 or higher using your package manager, if possible with the venv
extension.
sudo apt install python3 python3-pip python3-venv
There are many useful Python packages, that help us with common taks, but installing them can interfere with other Python projects you might do later. Virtual environments are a way to isolate Python projects from each other.
I like to have one virtual environment per CTF, but you can also have one global virtual environment.
cd ~/ctf # Example path
python3 -m venv .venv
source .venv/bin/activate
# Example packages
pip install pwntools
pip install requests
In any new terminal, run source .venv/bin/activate
to activate the virtual environment from the directory in which you created your venv. This will be indicated by the (.venv)
prefix in your terminal prompt.
You can also use deactivate
to leave the virtual environment.
In modern versions of Python, using pip install
without being in a virtual environment will result in an error.
IDEs like PyCharm and VSCode can also create and manage virtual environments for you.
Other CLI Tools
Note
Everything in this section is already available in the Docker image, but you can also install them in your Linux environment, if you prefer.
Main Tools
There are probably way more useful tools, but here's a list to get started.
sudo apt install -y xxd gdb gdb-multiarch gdbserver binutils binutils-multiarch \
tmux wget curl socat strace ltrace git git-lfs \
pwndbg
This is a GDB plugin that adds a lot of useful features to GDB.
The preferred installation method is now nix
but this also works:
cd ~
git clone https://github.com/pwndbg/pwndbg .pwndbg
cd .pwndbg
./setup.sh
pwntools
This is a Python library that makes it easier to write exploits.
This should be installed in any virtual enviroment you use for CTFs.
pip install --upgrade pwntools
Pwnenv Docker Image
This is a Docker image based on Ubuntu that already has the CLI tools we need installed.
docker pull registry.git-ce.rwth-aachen.de/pwn-la-chapelle/ctf-tools:latest
## Create container
docker run -it --name pwnenv --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v $(pwd):/workdir registry.git-ce.rwth-aachen.de/pwn-la-chapelle/ctf-tools:latest
## Attach second terminal
docker exec -it pwnenv bash
## Stop container
docker stop pwnenv
## Reset container
docker rm pwnenv
macOS
Usually, when dealing with binaries, it will be x64 binaries that need to run in a VM on Apple Silicon Macs.
Xcode Command Line Tools
xcode-select --install
You may have already done this.
Homebrew
Package manager for macOS. Install it with the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Protip:
- Most common CLI applications are available via Homebrew.
- Homebrew also lets you manage your regular Desktop apps, so no more .dmg files.
Install Tools
brew install --cask docker
brew install colima
Docker Desktop emulates x64 with the flag docker run --platform linux/amd64
with significantly higher performance. It's missing capabilities like ptrace
needed to debug binaries.
Colima creates a full Virtual Machine with QEMU and has all capabilities we need.
Create Colima VM
colima start -a x86_64 -c2 -m4 --vm-type qemu
colima ssh # SSH into the VM, User folder is mounted at /Users
colima stop # Stop the VM
colima delete # Reset the VM
# More than 1 VM possible with -p <name> flag´
Creates a 2 CPU, 4GB RAM VM with QEMU. Has Ubuntu and Docker preinstalled. While the VM is running, the Docker CLI on macOS controls Docker inside the VM. So don't have Docker Desktop running at the same time.
From here, you can choose to either use the Docker image or install the tools directly in your VM.
Windows
WSL2 is the easiest way to start.
wsl --install
wsl --set-default-version 2
wsl --install -d Ubuntu-24.04
# Launch the Ubuntu app from the start menu to set a password