Personal CTF and security-research workspace with two distinct parts:

• script/ contains local helper scripts, exploit templates, and notes.
• the rest of the repo is mostly vendored reference material and submodules.

This is not a single packaged application. Treat it as a toolbox repo.

Clone with submodules if you want the full reference set:

git clone --recurse-submodules <repo-url>
cd tool

If the repo is already cloned:

git submodule update --init --recursive

Set up the local Python environment for script/:

python3 -m venv script/.venv
source script/.venv/bin/activate
pip install -r script/requirements.txt

Most custom scripts are then run directly:

python3 script/<category>/<name>.py

Examples:

python3 script/crypto/xor_cipher_tool.py
python3 script/net/scapy/scapy_pcap_analyzer.py
python3 script/pwn/templates/pwntools_example.py

The repo tracks a large number of third-party resources as submodules, including:

• dict/SecLists
• web/PayloadsAllTheThings
• web/PEASS-ng
• web/hacktricks
• web/GTFOBins.github.io
• reverse/dnSpyEx
• forensis/ImHex-Patterns

Do not assume those directories are maintained locally. Check git submodule status before editing them.

• script/requirements.txt is the closest thing to a project dependency manifest.
• script/.venv/ may exist locally, but it is ignored by git and should be treated as disposable.
• Some scripts contain hard-coded local paths, challenge-specific payloads, or one-off exploit logic. Verify inputs before reuse.
• The top-level repo can be dirty even when your local script changes are clean because submodules track their own state independently.

Useful local notes in this repo:

• script/cheat_sheets/pwntools_cheatsheet.md
• script/cheat_sheets/note.md
• script/cheat_sheets/ansi.md