Reference notes, commands, and ready-to-use snippets for Capture the Flag competitions. Keep it locally, search fast, and copy what you need mid-challenge.
| Category | Description | Scripts | Status |
|---|---|---|---|
| crypto/ | Ciphers, RSA attacks, encoding schemes | 13 | Complete |
| pwn/ | Binary exploitation, ROP, format strings | 22 | Complete |
| web/ | SQLi, XSS, SSTI, SSRF, XXE, CSRF | 8 | Complete |
| reverse/ | Angr, Z3, GDB scripts, Frida hooks | 12 | Complete |
| forensics/ | Disk, memory, PCAP analysis | 4 | Complete |
| network/ | ARP spoofing, MITM, Scapy | 1 | Complete |
| mobile/ | APK reversing, Frida, SSL pinning bypass | - | Complete |
| crack/ | Hashcat, John, password cracking | - | Complete |
| cloud/ | AWS S3, Firebase exploitation | - | Complete |
| osint/ | Username hunting, EXIF, Google dorking | - | Complete |
| web3/ | Smart contract vulnerabilities | - | Complete |
| steganography/ | Image/audio steg tools | - | Complete |
| esolangs/ | Brainfuck, Malbolge, Whitespace | - | Complete |
| misc/ | QR recovery, DTMF, Git extraction | - | Complete |
| machine/ | Linux privesc, enumeration | - | Complete |
| jailbreak/ | Sandbox escapes, restricted shells | - | Complete |
# Clone the repository
git clone https://github.com/ByamB4/Common-CTF-Challenges.git
cd Common-CTF-Challenges
# Search for keywords
grep -r "pickle" .
grep -r "sql" web/
# Or use ripgrep (faster)
rg -n "pickle"
rg -n "sql" web/- Identify the category - Jump into the matching folder
- Scan for payloads - Check README.md for quick references
- Search for specific techniques - Use
greporrg - Run scripts if needed - Most are standalone Python
# Find RSA attack scripts
rg "wiener" crypto/
# Find format string payloads
rg "fmtstr" pwn/
# Find SQL injection techniques
rg "union" web/sqli/
# Find all Python scripts
find . -name "*.py" -type f# Example: RSA attack
python crypto/asymmetric-cipher/src/wiener_attack.py
# Example: Blind SQLi
python web/sqli/src/mysql_blind_get_version.py
# Example: MITM attack (requires root)
sudo python network/mitm.pyCommon-CTF-Challenges/
├── crypto/
│ ├── README.md # Cipher references
│ ├── asymmetric-cipher/ # RSA attacks
│ │ └── src/ # Python scripts
│ └── img/ # Cipher images
├── pwn/
│ ├── README.md # Exploitation techniques
│ └── src/
│ ├── x32/ # 32-bit exploits
│ └── x64/ # 64-bit exploits
├── web/
│ ├── README.md # Web exploitation
│ ├── sqli/ # SQL injection
│ ├── ssrf/ # SSRF attacks
│ └── ...
├── reverse/
│ ├── README.md # Reversing tools
│ └── src/ # Angr, Z3, GDB scripts
├── forensics/
│ ├── README.md # Forensics techniques
│ └── src/ # Analysis scripts
├── network/
│ ├── README.md # Network attacks
│ └── mitm.py # ARP spoofing script
└── CONTRIBUTING.md # Contribution guide
See CONTRIBUTING.md for guidelines on:
- Adding new scripts and documentation
- Code style and docstring requirements
- Pull request process
- Use these materials ethically and only in competitions or authorized environments
- Links are provided for convenience; mirror important payloads locally for offline use
- All Python scripts include docstrings explaining usage and dependencies
- Test scripts before relying on them in live competitions