Tools of the trade

• Good Linux machine or VM either via VMware, VirtualBox, or vagrant - would suggest Ubuntu 14.04 LTS
• Python (both 2.7 and 3)
• Hex Editor (ghex recommended)

• IDA (Demo, if not Pro)
• gdb
• PEDA - makes gdb far more usable
• qira - if you can get it to work & understand it
• checksec - peda can give the same info though
• pwntools - makes pwning easier
• radare2 - reverse engineering framework
• angr - a binary analysis framework with a great symbolic execution engine
• fupy - fast and dirty python decompiler
• JD-GUI - java decompiler
• Java Decompilers - Online decompiler for Java and Android APKs
• syms2elf - A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table

• Rumkin ciphers - multiple (ancient) crypto stuff
• quipqiup - solving cryptograms
• xortool - solving multi-byte xor cipher
• rsatool - to calculate rsa params
• featherduster - An automated, modular cryptanalysis tool
• attackrsa - An all-in-one tool including many common attacks against RSA problems in CTF
• RsaCTFtool - An automated tool to crack public keys of rsa using various standard techniques
• Untwister - A seed recovery tool for various PRNGs

• Foremost - recover hidden files
• Binwalk - find offsets of files which are concatenated contiguously
• Autopsy - find deleted files from harddisk dumps
• Wireshark - analyze network captures
• Stegsolve
• Cloudshark - Analyze network captures online
• John The Ripper - password cracking tool
• Stegosaurus - tool that allows embedding arbitrary payloads in Python bytecode (pyc or pyo) files

• GitTools - downloads exposed .git repo of vulnearable websites
• SQLMap - automated sql injection
• Hackbar - indispensible addon for web exploitation in firefox
• CookieManager - addon for firefox
• Postman - add on for chrome.
• requests - python library used for sending HTTP requests
• Wfuzz - to detect directories and pages on the server using common wordlists.
• XSS Payloads