Here you can find my usual “go-to” toolkit for CTFs, Reverse Engineering, Modding or other fun stuff.

For obvious reasons, I do not condone the usage of these tools in malicious or illegal contexts. Please don’t aim them at random infrastructure unless you enjoy emails from legal departments.

Recon & Enumeration

  • RustScan - Blazing Fast Port Scanner

    Rust-based scanner built to complement Nmap. Can scan all 65k ports in seconds before handing results to deeper scanners.

  • MassScan - High-Speed SYN Scanner

    Asynchronous scanner capable of millions of packets per second. Extremely fast. Extremely noisy.

  • Naabu - Bug Bounty Friendly Port Scanner

    Fast and stable port scanner commonly used in automated bounty pipelines.

  • Feroxbuster - Recursive Content Discovery

    Bruteforces directories and files with recursion support for endpoint discovery.

  • KiteRunner - Recursive Web Permutation Tool

    Performs large-scale recursive wordlist permutations for web discovery.

  • Arjun - HTTP Parameter Discovery

    Automates parameter fuzzing across multiple HTTP methods to discover hidden parameters.

  • crt.sh - Certificate Transparency Search

    Useful for discovering subdomains via CT logs.

  • Subfinder - Passive Subdomain Enumeration

    Gathers subdomains from passive online sources.

  • httpx-toolkit - Mass HTTP Probing

    Validates large domain lists and checks which targets are alive.

Access & Shells

  • RevShells - Reverse Shell Generator

    Flexible reverse shell generator covering multiple languages and techniques.

  • Hoaxshell - Windows Reverse Shell Generator

    Previously low-detection Windows reverse shell generator. Reliability may vary depending on modern defenses.

  • p0wny-shell - Minimal PHP Web Shell

    Lightweight in-browser PHP shell deployed via file upload vulnerabilities.

  • wwwolf PHP Webshell - Cross-Platform PHP Shell

    Works on UNIX and Windows systems without modification.

Exploitation & Priv Esc

  • PayloadsAllTheThings - Payload Encyclopedia

    Large curated list of payloads for web and infrastructure exploitation.

  • Responder - Credential Poisoner

    Captures credentials via LLMNR/NBT-NS/MDNS poisoning in Windows networks.

  • Chisel - HTTP/SSH Tunneling Tool

    Lightweight pivoting and firewall bypass tool.

  • RunasCs - Alternate Credential Execution

    Runs Windows processes under different user contexts.

  • SweetPotato - Windows Privilege Escalation Toolkit

    Consolidates multiple Windows privilege escalation techniques.

  • PEASS-ng - Privilege Escalation Scripts Suite

    Comprehensive Windows and Linux scripts highlighting misconfigurations and escalation paths.

  • GTFOBins - UNIX Binary Abuse Reference

    Catalog of UNIX binaries that can be abused for privilege escalation or breakout.

  • LOLBAS - Windows Binary Abuse Reference

    Windows counterpart to GTFOBins for “living off the land” techniques.

Cryptography & Data Analysis

  • CyberChef - Data Transformation Toolkit

    Web-based tool for encoding, decoding, encryption, compression, and analysis workflows.

  • Ares - Automatic Cipher Solver

    Attempts to identify and decrypt unknown encodings or ciphers.

  • RsaCtfTool - RSA Attack Toolkit

    Multi-attack RSA analysis tool for weak configurations and CTF challenges.

  • Dcode - Cipher & Encoding Reference

    Large collection of classical cipher solvers and encoding utilities.

  • NTLM.pw - NTLM Hash Lookup Database

    Massive NTLM hash database useful for comparison during cracking attempts.

Hardware & Embedded Exploitation

  • PRET - Printer Exploitation Toolkit

    Interacts with printer services to execute commands and perform network recon.

  • RouterSploit - Embedded Device Exploitation Framework

    Framework for exploiting routers, IP cameras, and embedded devices.

OSINT

  • Google - Search Engine

    Advanced search operators and dorking remain foundational OSINT techniques.

  • TinEye - Reverse Image Search

    Strong for tracking image reuse across the web.

  • Yandex - Alternative Reverse Image Search

    Often better at surfacing older or less indexed images.

  • FastPeopleSearch - US Public Index

    Aggregated public records search. May require US VPN access.

  • CyberBackgroundChecks - US Records Index

    Similar public data aggregation service.

  • Sherlock - Username Enumeration Tool

    Checks username presence across many social platforms.

  • Maigret - Expanded Username Hunter

    Fork of Sherlock with broader site coverage and Tor support.

  • Holehe - Email Account Discovery Tool

    Checks if an email is linked to various social media services without alerting the target.

  • Toutatis - Instagram Information Tool

    Extracts publicly accessible Instagram account data.

  • PhoneInfoGa - Phone Recon Framework

    Generates Google Dork schemes and integrates with APIs for phone number intelligence.

  • Ignorant - Phone Number Social Check Tool

    Checks whether a phone number is associated with major platforms.

Disassemblers / Decompilers

  • IDA Pro - Industry Standard Disassembler

    Industry standard for a good reason. Hex-Rays decompiler and a massive plugin ecosystem make it hard to replace, despite it being sliiightly pricey..

  • Binary Ninja - The Cooler Disassembler

    Cleaner than IDA and much nicer to script and automate with. The IL lifting pipeline is genuinely great for writing custom analysis passes.

  • Binwalk - Firmware & Binary Analyser

    A big favourite here. Binwalk is amazing at extracting data embedded in binaries, as well as scoping out essential info like headers, compression blocks, RSA keys and more.

  • Detect It Easy (DIE) - Binary Identifier

    First thing I run on any kind of unknown file. It’ll tell you what you’re dealing with before you spend 3 minutes booting IDA.

Process Manipulation

  • System Informer - Process & System Monitor

    Process Hacker’s successor. Deep visibility into everything on the system — handles, threads, network connections, kernel activity. Also nice for injecting DLLs on the fly.

  • Process Monitor - Process Logging

    A Sysinternals classic. Watch exactly what a binary touches in real time — filesystem, registry, etc.

  • Frida - Dynamic Instrumentation Toolkit

    Injects a JS engine into live processes. Hook functions, intercept calls, patch memory on the fly. Works across pretty much every platform. Really nice when combined with IDA to poke at functions or dynamically read data in certain chunks of memory.

  • x64dbg - 64-bit Windows Debugger

    My go-to debugger for Windows RE. It’s a must-have when combined with the ScyllaHide plugin.

  • Charles - Network Request Proxy

    A neat little HTTP/HTTPS Proxy similar to Burp Suite, but for processes too. (Since Burp can’t intercept processes to my knowledge?..)

Binary Utilities

  • Offzip - Archive Extraction

    Pulls zlib/gzip/deflate-compressed data out of binaries that skip a proper container format or have chunks located at different offsets. Saves a lot of manual hex diving.

  • CyberChef - Data Transformation

    Browser-based but too useful not to include. Decoding, encoding, encryption, compression — CyberChef handles the transformation of all of that. Good for quick transforms without scripting anything.

Extras

BinaryNinja Plugins

  • Cryptoscan - Cryptography Scanner

    A recreation of IDA’s FindCrypt plugin. Helps identify constants for different encryption, compression and hashing algorithms.

x64Dbg Plugins

  • ScyllaHide - Anti-Debugger for x64Dbg

    An x64Dbg Plugin that automatically bumps off any anti-debug shenanigans so you can actually get work done without the crashes.

  • SwissArmyKnife - General Utility for x64Dbg

    An x64Dbg Plugin that implements loading of binary patches, code signatures, and my favourite, cipher key/constraint detection via Findcrypt.

  • ClawSearch - Cheat Engine Alternative for x64Dbg

    An x64Dbg Plugin that essentially replicates Cheat Engine’s scanning in a simpler form. I don’t like having Kernel Anti-Cheats on my system alongside Cheat Engine, so I use this. (I’ve known people to be banned simply for having it on your system.)

Unreal Engine

  • FModel - Asset Exploration

    A general purpose Asset Viewer and Extractor with great functionality. One of my favourites.

  • UModel - Asset Exploration

    A “legacy” tool for viewing and exporting meshes, textures and sounds. I rarely use this, but it’s a nice fallback and allows the creation of game “presets” through .BAT files.

  • UE4SS - Scripting Framework

    A great LUA/C++ scripting framework for UE4/5 with the ability to dump a huge variety of UE data.

  • Dumper-7 - SDK Generator

    An injectable designed to dump various class pointers and create SDKs for further modding/extraction.

  • UAssetGUI - Data Modification

    A simple GUI Editor for manipulating data within .uasset files.

Unity

  • AssetRipper - Asset Exploration

    A powerful asset extractor with the added ability to “rebuild” projects from pre-existing game files, essentially replicating a developer’s project file.

  • uTinyRipper - Asset Exploration

    A lightweight version of some other asset explorers available. Great for quick browsing or extraction of game files.

  • dnSpy - C# Decompiler

    An essential tool for decompiling and editing DLLs within Mono Unity games, or confusing yourself if you’re dealing with IL2Cpp.

  • Il2CppInspector - C++ Scaffolding

    An amazing toolsuite used to extract pointers, generate scaffolding for injection, create disassembler scripts, and defeat annoying types of obfuscation.