Add missing tools: lsb-flag-finder, stegoveritas, ffuf, gobuster, TryHackMe & more#198
Add missing tools: lsb-flag-finder, stegoveritas, ffuf, gobuster, TryHackMe & more#198cazy8 wants to merge 1 commit intoapsdehal:masterfrom
Conversation
…HackMe, and more Added the following tools and resources: Steganography: - lsb-flag-finder — LSB extraction + multi-encoding CTF flag grep - Stegoveritas — Comprehensive stego analysis tool - OpenStego — Open source steganography solution Crypto: - dcode.fr — Online decoder for hundreds of ciphers - hashID — Hash type identification - SageMath — Math software for advanced crypto Web: - ffuf — Fast web fuzzer - Gobuster — Directory brute-forcing - Dirsearch — Web path discovery - Nuclei — YAML-based vulnerability scanner Wargames: - TryHackMe — Guided cybersecurity learning platform Tutorials: - John Hammond — CTF walkthrough videos - CyberDefenders — Blue team CTF challenges
There was a problem hiding this comment.
Pull request overview
This PR adds 13 commonly-used CTF tools and resources that were missing from the awesome-ctf list. The additions span steganography tools, cryptography utilities, web fuzzing/scanning tools, a wargames platform, and tutorial resources. Each entry follows the established format with links and descriptions, though there are alphabetical ordering issues that need to be addressed.
Changes:
- Added 3 crypto tools (dcode.fr, hashID, SageMath) for cipher decoding, hash identification, and advanced mathematics
- Added 3 steganography tools (Stegoveritas, lsb-flag-finder, OpenStego) for various stego analysis techniques
- Added 4 web tools (ffuf, Gobuster, Dirsearch, Nuclei) for web fuzzing, directory discovery, and vulnerability scanning
- Added 2 tutorial resources (John Hammond, CyberDefenders) for CTF learning and blue team challenges
- Added 1 wargames platform (TryHackMe) for guided cybersecurity learning
Comments suppressed due to low confidence (1)
README.md:282
- Inconsistent formatting for installation commands. The installation command here uses single backticks, but SQLMap at line 297 uses triple backticks. For consistency, installation commands should follow a uniform format throughout the document.
- `pip install Pillow`
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - [dcode.fr](https://www.dcode.fr) - Online decoder for hundreds of ciphers, encodings, and puzzles commonly used in CTFs. | ||
| - [hashID](https://github.com/psypanda/hashID) - Identify the different types of hashes used to encrypt data. | ||
| - [SageMath](https://www.sagemath.org/) - Open-source mathematics software system for advanced crypto challenges. |
There was a problem hiding this comment.
These three entries are not in alphabetical order. In the Crypto section, entries should be alphabetically sorted. The entry "dcode.fr" should come after "FeatherDuster" and before "Hash Extender", "hashID" should come after "Hash Extender" and before "padding-oracle-attacker", and "SageMath" should come after "RSATool" and before "XORTool".
| - [lsb-flag-finder](https://github.com/cazy8/lsb-flag-finder) - Extract LSB data from images and grep for CTF flags across ASCII, Base64, Base32, and ROT13 encodings. | ||
| - `pip install Pillow` | ||
| - [OpenStego](https://www.openstego.com/) - Open source steganography solution for data hiding and watermarking. |
There was a problem hiding this comment.
These three entries are not in alphabetical order. In the Steganography section, entries should be alphabetically sorted. The entry "lsb-flag-finder" should come after "Stegoveritas" and before "OpenStego", and "OpenStego" should come after "lsb-flag-finder" and before "Outguess" (which appears earlier in the section). Both should be moved to maintain alphabetical order.
| - [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go. | ||
| - [Gobuster](https://github.com/OJ/gobuster) - Directory/file, DNS and VHost brute-forcing tool. | ||
| - [Dirsearch](https://github.com/maurosoria/dirsearch) - Web path discovery tool. | ||
| - [Nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customizable vulnerability scanner based on YAML templates. |
There was a problem hiding this comment.
These four entries are not in alphabetical order. In the Web section, entries should be alphabetically sorted. The entries should be ordered as: "Dirsearch" should come after "Commix" and before "ffuf", "ffuf" should come after "Dirsearch" and before "Gobuster", "Gobuster" should come after "ffuf" and before "Hackbar", and "Nuclei" should come after "OWASP ZAP" and before "Postman".
| - [John Hammond](https://www.youtube.com/c/JohnHammond010) - Video walkthroughs of CTF challenges covering forensics, reversing, web, and crypto. | ||
| - [CyberDefenders](https://cyberdefenders.org/) - Blue team CTF challenges for SOC analysts and incident responders. |
There was a problem hiding this comment.
These two entries are not in alphabetical order. In the Tutorials section, entries should be alphabetically sorted. "CyberDefenders" should come after "CTF Resources" and before "How to Get Started in CTF", and "John Hammond" should come after "Intro. to CTF Course" and before "LiveOverFlow".
Added Tools & Resources
This PR adds 13 missing tools and resources across multiple categories that are widely used in CTF competitions but currently absent from the list.
Steganography
Crypto
Web
Wargames
Tutorials
All entries are alphabetically placed and follow the existing formatting conventions.