Common CTF Challenges
Common CTF Challenges is a collection of tools and resources to help individuals improve their Capture the Flag (CTF) skills. Cover a wide range of challenges, from cryptography to reverse engineering.
Reference notes, commands, and ready-to-use snippets for Capture the Flag competitions. Keep it locally, search fast, and copy what you need mid-challenge. The project is written primarily in Python, first published in 2019. Key topics include: byamb4, common-ctf-challenges, ctf, ctf-challenges, ctf-competitions.
Common CTF Challenges
Reference notes, commands, and ready-to-use snippets for Capture the Flag competitions. Keep it locally, search fast, and copy what you need mid-challenge.
Table of Contents
Categories
| Category | Description | Scripts | Status |
|---|---|---|---|
| crypto/ | Ciphers, RSA attacks, encoding schemes | 13 | Complete |
| pwn/ | Binary exploitation, ROP, format strings | 22 | Complete |
| web/ | SQLi, XSS, SSTI, SSRF, XXE, CSRF | 8 | Complete |
| reverse/ | Angr, Z3, GDB scripts, Frida hooks | 12 | Complete |
| forensics/ | Disk, memory, PCAP analysis | 4 | Complete |
| network/ | ARP spoofing, MITM, Scapy | 1 | Complete |
| mobile/ | APK reversing, Frida, SSL pinning bypass | - | Complete |
| crack/ | Hashcat, John, password cracking | - | Complete |
| cloud/ | AWS S3, Firebase exploitation | - | Complete |
| osint/ | Username hunting, EXIF, Google dorking | - | Complete |
| web3/ | Smart contract vulnerabilities | - | Complete |
| steganography/ | Image/audio steg tools | - | Complete |
| esolangs/ | Brainfuck, Malbolge, Whitespace | - | Complete |
| misc/ | QR recovery, DTMF, Git extraction | - | Complete |
| machine/ | Linux privesc, enumeration | - | Complete |
| jailbreak/ | Sandbox escapes, restricted shells | - | Complete |
Quick Start
bash# Clone the repository git clone https://github.com/ByamB4/Common-CTF-Challenges.git cd Common-CTF-Challenges # Search for keywords grep -r "pickle" . grep -r "sql" web/ # Or use ripgrep (faster) rg -n "pickle" rg -n "sql" web/
Usage
During a CTF
- Identify the category - Jump into the matching folder
- Scan for payloads - Check README.md for quick references
- Search for specific techniques - Use
greporrg - Run scripts if needed - Most are standalone Python
Search Examples
bash# Find RSA attack scripts rg "wiener" crypto/ # Find format string payloads rg "fmtstr" pwn/ # Find SQL injection techniques rg "union" web/sqli/ # Find all Python scripts find . -name "*.py" -type f
Running Scripts
bash# Example: RSA attack python crypto/asymmetric-cipher/src/wiener_attack.py # Example: Blind SQLi python web/sqli/src/mysql_blind_get_version.py # Example: MITM attack (requires root) sudo python network/mitm.py
Directory Structure
Common-CTF-Challenges/
├── crypto/
│ ├── README.md # Cipher references
│ ├── asymmetric-cipher/ # RSA attacks
│ │ └── src/ # Python scripts
│ └── img/ # Cipher images
├── pwn/
│ ├── README.md # Exploitation techniques
│ └── src/
│ ├── x32/ # 32-bit exploits
│ └── x64/ # 64-bit exploits
├── web/
│ ├── README.md # Web exploitation
│ ├── sqli/ # SQL injection
│ ├── ssrf/ # SSRF attacks
│ └── ...
├── reverse/
│ ├── README.md # Reversing tools
│ └── src/ # Angr, Z3, GDB scripts
├── forensics/
│ ├── README.md # Forensics techniques
│ └── src/ # Analysis scripts
├── network/
│ ├── README.md # Network attacks
│ └── mitm.py # ARP spoofing script
└── CONTRIBUTING.md # Contribution guide
Contributing
See CONTRIBUTING.md for guidelines on:
- Adding new scripts and documentation
- Code style and docstring requirements
- Pull request process
Notes
- Use these materials ethically and only in competitions or authorized environments
- Links are provided for convenience; mirror important payloads locally for offline use
- All Python scripts include docstrings explaining usage and dependencies
- Test scripts before relying on them in live competitions
Contributors
Showing top 1 contributor by commit count.
This article is auto-generated from ByamB4/Common-CTF-Challenges via the GitHub API.Last fetched: 6/28/2026