Tools in picoCTF catagory tool format  link(s) if anything below format is empty / incomplete its probs coz i havent used it enough or forgot about how to use it when i wrote this, and or its self explanitory description if applicable sub notes end with a RTFM for any more info coz if you need any more info it could be outdated this is just to quick remember things exist / how to download it General Exploit tools pwntools Python, CLI  https://docs.pwntools.com/en/stable/ pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. if you do import pwn or from pwn import * , you will have access to everything you need to write an exploit. Pwntools is best supported on 64-bit Ubuntu LTS releases (14.04, 16.04, 18.04, and 20.04). Most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.).  so get ready to use wsl or a linux machine :D   if you must use python 2 u need a specific version of pip $ apt-get update $ apt-get install python python-pip python-dev git libssl-dev libffi-dev build-essential $ python2 -m pip install --upgrade pip==20.3.4 $ python2 -m pip install --upgrade pwntools otherwise python 3 works as normal $ apt-get update $ apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential $ python3 -m pip install --upgrade pip $ python3 -m pip install --upgrade pwntools When installed with sudo the above commands will install Pwntools’ command-line tools to somewhere like /usr/bin . An error will occur, so add ~/.local/bin to your $PATH environment variable.  heres a link to the tutuorial  https://docs.pwntools.com/en/stable/intro.html#tutorials Disk Analasys Autopsy GUI Sleuthkit CLI fls cli $ fls -o 360448 disk.flag.img 3981 r/r * 2082(realloc): flag.txt r/r 2371: flag.uni.txt icat cli read sector data $ icat -o 360448 disk.flag.img 2371 picoCTF{flag_you_arnt_allowed_to_get_for_free} Gunzip CLI man gunzip  works on .gz files using  ```gunzip disk.flag.img.gz``` basically spits out the copressed file then deletes file from  the few times ive used it but idk Dump the partition table of the disk image. We want to find the offset to the main partition: $ mmls disk.flag.img DOS Partition Table Offset Sector: 0 Units are in 512-byte sectors Slot Start End Length Description 000: Meta 0000000000 0000000000 0000000001 Primary Table (#0) 001: ------- 0000000000 0000002047 0000002048 Unallocated 002: 000:000 0000002048 0000206847 0000204800 Linux (0x83) 003: 000:001 0000206848 0000360447 0000153600 Linux Swap / Solaris x86 (0x82) 004: 000:002 0000360448 0000614399 0000253952 Linux (0x83) Packet Sniffer? wireshark gui tshark cli files? find cli find / -type f -name "*flag*" -print general linux commands that i keep forgetting uname -a general system informatiojn lshw hardware info lscpu cpu info free -m memory info df -h disk usage lsusb usb devices ip addr network config ifconfig  other network config htop cli task manager ps aux lists pid/tasks lshw ???