Personal repository for CTF challenges, tools, and resources.
ctf-toolkit/
├── challenges/ # CTF writeups and solutions
│ └── HTB/ # HackTheBox machines
├── cheatsheets/ # Quick reference commands
│ ├── 1-recon/ # Reconnaissance phase
│ ├── 2-exploitation/ # Exploitation techniques
│ ├── 3-escalade/ # Privilege escalation
│ └── 4-post-exploit/ # Post-exploitation
├── payloads/ # Attack payloads by category
│ ├── xss/
│ ├── sqli/
│ ├── lfi/
│ ├── ssti/
│ ├── xxe/
│ ├── ssrf/
│ ├── cmdi/
│ ├── upload/
│ └── deserialization/
├── tools/ # Downloaded tools (gitignored)
└── wordlists/ # Wordlists (gitignored)
# Download all tools and wordlists
./setup.sh full
# Force update existing tools
./setup.sh full -f- SecLists - Collection of security lists
- rockyou.txt - Password wordlist
- PayloadsAllTheThings - Payload repository
- PEASS-ng - Privilege escalation scripts (linpeas, winpeas)
- Webshells - PHP/ASP/JSP shells
- Static binaries - Precompiled tools for Linux
See resources.md for useful external links.
- Run
./setup.sh fullto download tools - Browse
cheatsheets/for quick commands - Use
payloads/for attack strings - Document your CTF solutions in
challenges/