All about Tools


angr arXiv LaTeX Cleaner Arxiv Vanity badssl Better Pagers BGPlay BGPStream (CAIDA) BinDiff (zynamics) binwalk cdecl: C gibberish ↔ English colorbrewer CPP Insights CyberChef Debin: Predicting Debug Information in Stripped Binaries Detexify DMAP Domain Mapper by SIDN Labs DNS Quality/Overview Tools DNS Replay Tool (drool) DNSCAP dnsperf and resperf DNSTOP Driftnet Dublin Traceroute Easy File Sharing without Accounts Evcxr: Rust Interpreter and Jupyter Kernel explainshell Ghidra Godbolt Compiler Explorer IDA - Interative Disassembler IPv6 Security/Network Tools John the Ripper List of JSON to Struct Converters List of Malware Analysis Websites Lists of DNS Blacklists mitmproxy - an interactive HTTPS proxy Mozilla Observatory Mozilla TLS Configuration Generator Multilevel MDA-Lite Paris **Traceroute** NAT64 Testers Netlab 360 OpenData Project NetworkScan Mon NextDNS One Gadget Online Dis-Assembler OpenIPmap RIPE osquery Over The Wire: Wargames OWASP Amass Paris Traceroute pdfpc: PDF Presenter Console PEERING: The BGP Testbed Pi-hole Play with Docker preeny Programming Playgrounds pwntools Qualys SSL Labs regexr respdiff RetDec - Retargetable Decompiler Root Servers Routing Information Service (RIS) RPKI Browsers RPKI Tester RsaCtfTool Run Foreign-Achitecture Docker Containers Rust Macro Railroad Rustexp Shapecatcher Sherlock: Find usernames across social networks snidump Snowman Decompiler Solve Crypto with Force! SSLsplit - transparent SSL/TLS interception Tcpdump advanced filters traIXroute Unicode Text Converter vizAS Wildcard DNS for IP Addresses Ziggy: the RPKI Wayback Machine ZMap Project


CTF | Python | Reverse Engineering

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.

arXiv LaTeX Cleaner


This tool allows you to easily clean the LaTeX code of your paper to submit to arXiv. For example, it removes comments and optimizes images.

Arxiv Vanity


Watch Arxiv-papers on as a website.


Certificates | TLS

Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Sites which fail but do not on the browser viewing are a risiko.

Better Pagers

There are various pagers which are more suitable or user friendly than the basic pagers like more or less.

bat – A cat(1) clone with wings

bat is an advanced pager, supporting usability features. It comes with syntax highlighting out of the box. It also integrates with git and shows the lines added and removed for a file.

pspg – Postgres Pager

pspg is an advanced pager for usage with psql. It shows the data in table form, allows scrolling through the columns and rows. You can pin header or initial columns, such that they do not move while scrolling around. It supports many different color schemes.


BGP | Datasets | Networks

BGPlay shows a graph of the observed BGP routes. It allows to replay historical BGP announcements and displays route changes.



BGP | Datasets | Networks

An open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis.

BGP streams are freely accesible and provided by Route View, RIPE, and BGPmon.

BinDiff (zynamics)

Reverse Engineering

IDA plugin for comparing binaries. Allows to label unkown binaries with annotations from a different IDA database.



Binwalk is a binary file analysis tool. It works by traversing a file and looking for potentially embedded files. These embedded files can also be extraced.

cdecl: C gibberish ↔ English

Convert the gibberish of C declarations into English and back. The website uses the Clockwise/Spiral Rule to convert between them.


The websites helps in selecting a colorscheme for a map. It provides different presets and shows live how they would look on different maps.

CPP Insights

Desugar C++ code and show how modern C++ features are implemented. This helps in understanding the details of C++ and how modern compilers implement the language standard.



The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together like processing encoded text.

Debin: Predicting Debug Information in Stripped Binaries

CTF | Reverse Engineering

Debin is a tool to predict the debug information of stripped binaries. It only works relyable with C programs, as this is the only dataset it was trained on. It might be useful to use the website for jeopardy CTFs.



Detexify helps in writing complex LaTeX symbols, similar to Shapecatcher for Unicode. It searches for the correct LaTeX macros based on a drawing of the shape the users wants. It is a better way to search for symbols instead of going through the symbols-a4.pdf manually.

DMAP Domain Mapper by SIDN Labs

Datasets | DNS | Networks

DMAP is a scalable web scanning suit which supports DNS, HTTPS, TLS, and SMTP. It works based on domain names and crawls the domain for all supported protocols. The advantage over other tools is the unified SQL data model with 166 features and the easy scalability over many crawling machines.

DNS Quality/Overview Tools

Datasets | DNS | DNSSEC | Networks

Check My DNS

Browser-based DNS resolver quality measurement tool. Uses the browser to generate many resolver queries and tests for features they should have, such as EDNS support, IPv6, QNAME Minimisation, etc.

This test is also available as a CLI tool:

DNSSEC Debugger

Analyze DNSSEC deployment for a zone and show errors in the configuration.


Gives an overview over DNSSEC delegations, response sizes, and name servers.



The website has an online test, which performs DNS lookups. These DNS lookups test if certain resource records are overwritten in the cache. The tool can then determine what DNS software is used, where the server is located, how many caches there are, etc.

EDNS Compliance Tester

Test name server of zones for correct EDNS support.

The Transitive Trust and DNS Dependency Graph Portal

Shows the trust dependencies in DNS. Given a domain name it can show how zones delegate to each other and why. The delegation is done between IP addresses and zones.

Root Canary Project

The project monitors the KSK rollover.

It provides statistics about support for DNSSEC algorithms. It has a web based test to test your own resolver and provides a live monitoring using the RIPA Atlas.

DNS Replay Tool (drool)

DNS | IP | Networks | PCAPs

Tool to replay DNS queries captured in a pcap file with accurate timing between queries. Allows modifying the replay like changing IP addresses, speed up or slow down the queries.


DNS | IP | Networks | PCAPs

DNS network capture utility. Similar in concept to tcpdump, but with specialized options for DNS.

dnsperf and resperf

DNS | IP | Networks | PCAPs

DNS performance measurement tools.


DNS | Networks

Top-like utility showing information about captured DNS requests. It shows information about the domains queries, the types, and responses.


CTF | Networks

Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.

Dublin Traceroute

IP | Networks

This is an improvement on Paris traceroute and the classical traceroute. It can detect changing routes and detect NATs along the path.

Easy File Sharing without Accounts

  • provides temporary file shares of up to 24 hours. It supports files of up to 1 GB. It allows limiting the number of downloads and setting a password.
  • allows uploading from the command line and the browser. Files can be up to 10 GB and be stored up to 14 days. It allows limiting the number of downloads.


    Upload using cURL

    $ curl --upload-file ./hello.txt

    $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./hello.txt ```

Evcxr: Rust Interpreter and Jupyter Kernel


Evcxr is a Rust interpreter and also provides a Jupyter kernel. This is a helpfull addition to the online playground as it allows installing and using any crate.



explainshell does what the name suggest: it explains shell commands. It allows to write a shell command and it expains what the program is doing, the meaning of the command line flags, and how the pipeing between different programs works.


CTF | Reverse Engineering

Ghidra software reverse engineering (SRE) framework and IDA Pro alternative.

Godbolt Compiler Explorer

x86 | CTF

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. It can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.

IDA - Interative Disassembler

Reverse Engineering

THE reverse engineering tool.

IPv6 Security/Network Tools


John the Ripper

CTF | Hashes | Passwords

John the Ripper the THE tool to brute force passwords and password hashes. It is very fast in calculating hashes with support of GPU acceleration and supports a wide range of different hash formats.

List of JSON to Struct Converters

JSON | Rust

These websites provide tools which convert JSON data to structs in different programming languages.

List of Malware Analysis Websites

These websites provide different features to analyse binaries and especially malware. They provide searching by file hashes or by uploading the binary.

Some of the services provide more detailed analyses, such as as which files were access or snapshots of any windows opened.

Lists of DNS Blacklists

Datasets | DNS | IP | Networks | Spam

These projects either operate DNS based Real-time Blackhole Lists (RBL) or allow checking if an IP is contained. The Multi-RBL websites are helpful in finding a large quantaty of RBLs.

mitmproxy - an interactive HTTPS proxy

Proxys | TLS

Proxy framework for performing MitM attacks/transformations. Provides a Python APi for scriptability

Mozilla Observatory

Certificates | TLS

Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third party tools.

Mozilla TLS Configuration Generator


Create variable TLS configurations for all major webservers. It is specialized for each webserver and server version. The configurations supports different TLS configurations, depending on the needed support for old clients.

Multilevel MDA-Lite Paris **Traceroute**

IP | Networks

Multi-level MDA-Lite Paris Traceroute is a traceroute tool, which understands and learns more complex network topologies. Often times the network is not just a line, but multiple paths are possible and chosen at random.

A good description of the tool can be found in the RIPE Labs post or in the IMC 2018 paper.

NAT64 Testers

DNS | Networks

These websites measure support for NAT64 in other websites.

Netlab 360 OpenData Project

Amplification | Datasets | Networks

The Netlab of provides some open data streams.

One dataset concerns the number of abused reflectors per protocol.

NetworkScan Mon

Amplification | Datasets | Networks

Overview over IP addresses scanning the internet and which ports are scanned.



A free and configurable DNS resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

A similar self-hosted variant is Pi-hole.

One Gadget

Reverse Engineering

A tool to find the one gadget in libc. It list all gadgets leading to execve('/bin/sh', NULL, NULL) including their preconditions.

Online Dis-Assembler

CTF | x86

Website allowing assembly and disassembly of x86 and x64 code.

OpenIPmap RIPE

BGP | Datasets | Networks

IP geolocation services feeding itself from geolocation databases, user provided locations, and most importantly active RTT measurements based on the RIPE Atlas system. It also provides a nice API to query the location. It provides a breakdown on where the results stem from and how much they contribute to the overall result.


osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Over The Wire: Wargames

CTF | Datasets

Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level the user has to retrieve a flag to procede to the next level.



The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.

Paris Traceroute

IP | Networks

This is an improvement on the traditional traceroute program. It is able to detect multiple distinct routes and display them accordingly. The classical traceroute would produce weird results on changing network routes.

Another similar program is Dublin traceroute.

pdfpc: PDF Presenter Console

pdfpc is a tool enabling a presenter mode for presenting PDF files. The presenter mode contains the usual features known from Powerpoint/Libreoffice:

  • Slide previews
  • Notes
  • Timer

pdfpc is especially adapted to present LaTeX presentations, which otherwise do not have a presenter mode.

PEERING: The BGP Testbed

BGP | Networks

PEERING is an environment where researchers and educators can play with BGP announcements in a real but sandboxed environment.

Description from the website:

The long-term goal of the PEERING system is to enable on-demand, safe, and controlled access to the Internet routing ecosystem for researchers and educators:

  • PEERING for researchers. Today, it is hard for researchers to conduct Internet routing experiments. To perform a routing experiment, a research institution has to obtain Internet resources (IP addresses and ASNs) and establish relations with upstream networks. PEERING eliminates these obstacles and provides researchers controlled on-demand access to the routing ecosystem.
  • PEERING for educators. Educators can use the PEERING infrastructure in teaching students the Internet routing architecture. The students access to live BGP sessions to multiple ISPs.



A free and configurable DNS stub-resolver. It provides customizable blocking, such as for ads, trackers, or malicious websites. Additionally, statistics can be shown, such as for most blocked website.

It can also function as a DHCP server for clients on the same network.

A similar service is NextDNS.

Play with Docker


Play with Docker is a Docker playground which allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs. In addition to the playground, PWD also includes a training site composed of a large set of Docker labs and quizzes from beginner to advanced level available at



preeny helps pwning binaries by disabling many annoying functions such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.

Programming Playgrounds

Python | Rust



pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program and simplifying I/O. Addtionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.

Qualys SSL Labs

Certificates | TLS

Test the quality of a server's or a client's SSL/TLS stack. Very useful to test a server. Provides a A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.



regexr helps in understanding and writing regular expressions (RegEx). It takes a RegEx and explains the different parts of it. It also shows how the RegEx applies to a sample text.

Additionally, it contains a RegEx reference as well as a user supplied library of different RegExs.


DNS | Networks

DNS responses gathering and differences analysis toolchain.

RetDec - Retargetable Decompiler

Reverse Engineering

A standalone decompiler build and managed by Avast. Works as a standalone program, has a trial version on the website, and there is an IDA Plugin.

Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code. Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Root Servers

Datasets | DNS

Overview page for the DNS root servers. It contains links to general news and all the supporting organizations.

The website features a map with all geographic locations. It contains information about locations, IPv4/IPv6 reachability and IP addresses.

Each root server has its own subdomain in the form of It contains access to historical performance data like:

  • Size and time of zone updates
  • RCODE volume
  • query and response sizes for UDP and TCP
  • traffic volume (packets per time)
  • Unique sources

Routing Information Service (RIS)

BGP | Datasets | DNS | Networks

Different information regarding reachability and connectiveness of ASs.

RPKI Browsers

Datasets | Networks | RPKI

These websites allow you to browser the valid RPKI announcements. They show which address ranges are covered by RPKI and who the issuing authority is.

RPKI Tester

Networks | RPKI

Website which tests, if your provider filters invalid annoucements using RPKI.


Certificates | CTF

The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.

Run Foreign-Achitecture Docker Containers

CTF | Docker

Sometimes it is necessary to run Docker containers for a different CPU architecture. This Docker containers makes it possible to run other Docker containers with a different architecture. It works by using binfmt_misc, a Linux kernel feature to run files with interpreters, and installs qemu binaries for different architectures.

Rust Macro Railroad

Cheatsheet | Rust

Helps in understanding macro_rules macros by automatically generating syntax diagrams for them.



Rust regulat expression editor and tester.



Shapecatcher looks up Unicode symbols based on a drawing of the symbol. It is conceptually similar to Detexify, but returns Unicode symbols instead of macros.

Sherlock: Find usernames across social networks

This tool searches through many services if they have a user with a given username. This can either be used to find usernames, which are still available on the important websites or to check for conflicting accounts.


CTF | Networks

This is a tcpdump-like program for printing TLS SNI and HTTP/1.1 Host fields in live or captured traffic.

Snowman Decompiler

Reverse Engineering

A standalone C decompiler. Also has an IDA plugin.

Supports ARM, x86, and x86-64 architectures. Reads ELF, Mach-O, and PE file formats.

Solve Crypto with Force!


The website offers a large variety of crypto implementations which can be tested. It is helpful to solve unknown crypto challenges during CTFs. It is similar in concept to the CyberChef, but only for crypto.

SSLsplit - transparent SSL/TLS interception

Proxys | TLS

Simple TLS proxy.

Tcpdump advanced filters

Cheatsheet | Networks | Tutorials

The website contains different tcpdump filters. It starts with basic filters and then builds up ever more complex ones. This is a good source for looking up complicated filters, if one does not want to write them themself.


IP | Networks

A traceroute like tool, that detects where a path crosses an IXP.

Unicode Text Converter


The tool converts an input string into different and sometimes obscure Unicode characters. It is usefull to generate funny looking text or to generate a new username, if the desired on is taken.

For example, the tool supports ⓒⓘⓡⓒⓛⓔⓓ, 𝖋𝖗𝖆𝖐𝖙𝖚𝖗, 🆂🆀🆄🅰🆁🅴🅳, ꜱᴍᴀʟʟ ᴄᴀᴩꜱ, ɐup 𝕠𝕥𝕙𝕖𝕣 wɘiᴙb options.


BGP | Networks | Datasets

vizAS by APNIC shows the connectiveness between different ASs split by countries. It is usefull to find the ASs which are most central in the graph.

Wildcard DNS for IP Addresses

DNS | IP | Networks

These services allow you to create a domain name for any IP address. The IP address is encoded into the domain name. An overview over different services can be found here.

Online Services

  • provides IPv4 only

    • resolves to
    • resolves to
    • resolves to
  • provides IPv4 only

    • Supports both . and - separators.
    • resolves to
    • resolves to
    • resolves to
    • resolves to
  • provides IPv4 and IPv6

    • Supports both . and - separators.
    • Provides the ability to use the service with a your own branding.
    • resolves to
    • resolves to
    • resolves to
    • – resolves to ::1
    • resolves to 2a01:4f8:c17:b8f::2
  • provides IPv6 only

    • A x replaces the :: in the IPv6 address.
    • resolves to 2001:db8:8000::1
    • resolves to 2001:db8:8000::1
    • resolves to ::1

Self-hosted Options

  • hipio is a Haskell service for IPv4.

Ziggy: the RPKI Wayback Machine

Networks | RPKI

Ziggy is a tool to inspect the RPKI ecosystem at arbitrary points in the past. It is developed by NlNetLabs. More details abouut the ziggy tool can be found in the announcement blogpost.

ZMap Project

DNS | IP | Networks

Different utilities for network scanning. Most imporantly the zmap component, which is a packet scanner for different protocols. It also contains other tools like ways to iterate over the IPv4 address space and blacklist/whitelist management.