Network Scanning

Netcat - Read/Write to network connections by hand

NMap - Port Scanner

Wireshark - Graphical Packet Sniffer

TcpDump - Command line sniffer and packet analyzer

TcpFlow - Extracts files from packet recordings


HexEdit - Hex editor (OSX)

GHex - Hex editor (Linux), check your package manager

HxD - Hex editor (Windows)

ExifTool - Reads / Edits metadata for many filetypes

Sleuthkit - Pulls files from disk images

Scalpel - File carving tool

BinWalk - Carves files from firmware

GIMP - Image editor and analyzer

Audacity - Audio editor and analyzer

Web hacking

Cookies Manager+ - Cookie editor (Firefox)

EditThisCookie - Cookie editor (Chrome)

Firebug - Versatile html/JS editing and debugging tool (Firefox)

BurpSuite - HTTP request mucking tool

Personal security

Tor - Online Anonymity

GnuPG - Public/Private Keypair Encryption

NoScript - Prevent website tracking and security holes


Ricochet - Secure Anonymous Messaging

XChat - IRC Client (Linux/Windows)

Colloquy - IRC Client (OSX)

For how to set up IRC, see RPISEC’s guide here.


John The Ripper - Hash Cracking

Aircrack-ng - Wifi Cracking

Virtual Machines

VirtualBox - Run other systems inside your own

UPwn - Linux VM with security tools

Malware VM - Has free version of IDA and other RE tools

Additional Tools

RPISEC’s tool list

Spellcraft Reference

Magic Online


Wargames are a series of challenges focused on a particular topic. For example, Natas is a wargame focused on web exploitation.

Enigmagroup - Has a wide selection of wargames. Notable are the multi-stage “realistic scenarios”.

HackThisSite - Another wide selection. The ‘Basic’ and ‘ExtBasic’ challenges are good introductory material.

OverTheWire - Has several very focused wargames, including:

  • Bandit - A fun intro to the command line

  • Natas - Web exploitation

  • Krypton - Intro to cryptography

  • Semtex - Programming and networking challenges

SmashTheStack - Binary exploitation, buffer overflows, disassembly and fun

MicroCorruption - Assembly and binary exploitation

CryptoPals - Introduction to breaking cryptography - Reverse Enginnering samples

Pwnable - More Reverse Engineering samples


Capture the Flag games are usually hosted by universities, but are sometimes hosted by companies, or groups like the Chaos Computer Club and Defcon. Most CTFs are on CTFTime so you can see what’s coming up soon.

Major CTFs every year include:

  • CSAW - The most introductory but quite fun and challenging CTF by NYUPoly

  • PlaidCTF - Hosted by our rival team at CMU, the Plaid Parliament of Pwning

  • DefconCTF - Prestigious CTF by invitation only, at Defcon over summer