This repository makes your Mac OSX system ready for ctfs. It contains a collection of the most popular tools in the pentesting space.
The install.sh script turns your macos into a kali-like hackstation. Besides the tools of the kali-tools-top10 metapackage many other tools are installed, which are used in conventional CTFs on platforms like HackTheBox or TryHackMe.
In addition, the repo combines many scripts in the area of priveledge escalation and enumeration in one central place, so that you do not have to search for all the scripts individually.
I wrote an article on medium about the repository in which everything is explained in detail: https://medium.com/@seitzmanuel/how-to-get-your-mac-osx-ready-for-playing-ctfs-hacking-6b6801250d1e
This installation requires wget, homebrew, pipx, pip and python >= 3.8 (recommended & tested on 3.8). Install the requirements in the same order as listed here.
xcode-select --install
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew update
For safe install download installer via https://www.python.org/downloads/release/python-380/ alternatively (not tested):
brew install [email protected]
wget https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py
export <home_directory>/.local/bin to your path if its missing
python3 -m pip install pipx
ln -s <path_to_your_python_versions>/3.8/bin/pipx /usr/local/bin/pipx # for example /Library/Frameworks/Python.framework/Versions/3.8/bin/pipx
Reboot after installation !important!
brew install wget
Steghide require a manual installation steps due to the installation of mac ports
1. Download and install mac ports https://guide.macports.org/chunked/installing.macports.html
2. add /opt/local/bin to your path if its missing
sudo port install steghide
git clone https://github.com/chikko80/OSX-CTF-Ready.git
cd OSX-CTF-Ready
chmod +x install.sh
./install.sh
Most of the binaries should be directly available since they are installed via brew.
The others:
Script | Location |
---|---|
tokenbreaker | jwt |
jwt-cracker | jwt/jwt-cracker |
linkfinder | misc/linkfinder |
hash-id | misc |
basic-scanner.py | misc |
string_finder | misc |
hydra_builder | misc |
john (John The Ripper): by default john is installed via homebrew. Therefore only the john binary is installed and not the jumbo pack. So tools like zip2john or ssh2john are missing. Furthermore the "brew-john" binary does not support multithreading via OpenMP. To install John with OpenMP support, read my blog post: https://medium.com/@seitzmanuel/how-to-compile-john-the-ripper-on-mac-osx-with-openmp-support-multicore-big-sur-a60cad850b7d Dont forget to comment john out in the sh file if you are going to install it from source.
- burp-suite community edition
- owasp-zap
- ghidra
- whireshark
- git
- nmap
- gobuster
- nikto
- wpscan
- metasploit-framework
- exploitdb
- john (!Read Installation Info above!)
- hashcat
- samba (smbget,smbclient)
- binwalk
- exiftool
- hydra
- aircrack-ng
- smbmap
- enum4linux
- crackmapexec
- pwncat
- tokenbreaker
- c-jwt-cracker
- hash-identifier
- linkfinder
- steghide
- sqlmap
- kali linux wordlists
- kali linux seclists
- chisel (osx, amd64, i386)
- linpeas.sh (PEASS-ng)
- linenum.sh
- linux_smart_enumeration.sh
- linux_exploit_suggester.sh
- pspy64
- pspy32
- winpeas.bat (PEASS-ng)
- winpeasany.exe (PEASS-ng)
- winpeasany_obfuscated.exe (PEASS-ng)
- powerup.ps1
- jaws-enum.ps1
- printspoof.exe
- invoke-powershelltcp.ps1
- php-rev-shell.php
- basic_scanner.py - Does a basic scan on ctf target - nmap, gobuser, extracting comments of found urls, analyzing with wappalyzer api
- hydra_buider.py - build hydra commands
- string_finder.py - finds recursively all files containing string
Install wappalyzer to easily identify technologies on websites https://www.wappalyzer.com/
Feel free to make new suggestions or recommendations which scripts should be added to the repo, alternatively you can also create a pull request right away