βββββββ βββββββ ββββββ βββββββ βββββββ ββββ βββ βββββββ βββ ββββββββββββββββββββ
ββββββββββββββββββββββββββββββββ ββββββββββββββ βββ ββββββββββββ βββββββββββββββββββββ
βββ ββββββββββββββββββββββ βββββββ βββββββββ βββ ββββββββ βββββββ βββ ββββββ
βββ ββββββββββββββββββββββ ββββββ βββββββββββββ ββββββββ βββββ βββ ββββββ
βββββββββββ ββββββ ββββββββββββββββββββββββ ββββββ ββββββββ βββ βββ ββββββββ
βββββββ βββ ββββββ βββ βββββββ βββββββ βββ βββββ βββββββ βββ βββ ββββββββ
The ultimate terminal-based toolkit for CTF players & cybersecurity learners
Crack hashes. Decode stego. Hunt subdomains. Analyze PCAPs. Capture every flag. All from one terminal command.
π Quick Start β’ π¦ Modules β’ π Usage β’ βοΈ Installation β’ π€ Author β’ π€ Contributing
Founder of DragonByte | Cybersecurity Enthusiast | CTF Player
"I create tools and resources to help beginners and enthusiasts learn ethical hacking and solve CTF challenges efficiently."
DragonByte is a community-driven cybersecurity initiative and terminal-based toolkit that integrates modules for cryptography, steganography, OSINT, web exploitation, forensics, and miscellaneous challenges β designed to simplify learning and CTF problem-solving for everyone.
DragonByte CTF Toolkit is a modular, open-source, terminal-based toolkit built for Capture The Flag competitions and cybersecurity learners on Kali Linux.
Instead of juggling 10+ separate tools across different terminals, DragonByte wraps them all into one clean, consistent command interface with automatic flag detection built in.
dragonbyte <module> <action> <target>Whether you're cracking a hash, extracting hidden data from an image, enumerating subdomains, or analysing a packet capture β DragonByte has you covered.
| Feature | Description | |
|---|---|---|
| 𧩠| 6 Specialist Modules | Crypto, Stego, OSINT, Web, Forensics, Misc |
| π© | Auto Flag Detection | Scans every output for flag{...}, HTB{...}, picoCTF{...} and more |
| π§ | 20+ Tool Integrations | Hashcat, John, Binwalk, SQLmap, tshark, Gobuster, Volatility & more |
| π | Hybrid Architecture | Bash CLI frontend + Python backend engine |
| π¦ | One-Command Install | sudo bash install.sh handles every dependency |
| π | Easily Extensible | Add new modules in minutes with a simple class interface |
| π¨ | Professional Output | Colour-coded, well-formatted terminal output every time |
| π‘οΈ | Graceful Degradation | Missing tools are reported cleanly β the rest still runs |
# 1. Clone the repo
git clone https://github.com/SANJAIRATHINAM-R/DragonByte-CTF-Toolkit-generation.git
# 2. Enter the directory
cd DragonByte-CTF-Toolkit-generation
# 3. Run the installer (installs all tools & dependencies)
sudo bash install.sh
# 4. You're ready!
dragonbyte --helpgit clone https://github.com/SANJAIRATHINAM-R/DragonByte-CTF-Toolkit-generation.git && cd DragonByte-CTF-Toolkit-generation && sudo bash install.shdragonbyte misc decode "ZmxhZ3t3ZWxjb21lX3RvX2RyYWdvbmJ5dGV9"Expected output:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Module: Misc | Action: decode
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[>] Encoding Detection & Decoding
Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·
Base64 flag{welcome_to_dragonbyte}
ββββββββββββββββββββββββββββββββββββββ
[π©] FLAG(S) DETECTED!
ββββββββββββββββββββββββββββββββββββββ
flag{welcome_to_dragonbyte}
ββββββββββββββββββββββββββββββββββββββ
Automatically detect hash algorithms and launch dictionary attacks.
# Identify a single hash
dragonbyte crypto identify 5f4dcc3b5aa765d61d8327deb882cf99
# Identify hashes from a file
dragonbyte crypto identify hashes.txt
# Crack hashes (John the Ripper + Hashcat + rockyou.txt)
dragonbyte crypto crack hashes.txtSupported hash formats:
| Hash | Length | Example |
|---|---|---|
| MD5 | 32 chars | 5f4dcc3b5aa765d61d8327deb882cf99 |
| SHA-1 | 40 chars | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
| SHA-256 | 64 chars | ... |
| SHA-512 | 128 chars | ... |
| bcrypt | starts $2b$ |
$2b$12$... |
| SHA-512 crypt | starts $6$ |
$6$salt$... |
Tools: john Β· hashcat
Reveal data hidden inside images and binary files.
# Full scan β metadata + embedded data + strings
dragonbyte stego scan challenge.png
# Extract hidden payloads and embedded archives
dragonbyte stego extract challenge.png
# Dump all printable strings
dragonbyte stego strings challenge.pngWhat the scan does:
[1] ExifTool β metadata (GPS, comments, author, software)
[2] Binwalk β embedded files, compressed archives, signatures
[3] Steghide β hidden payload check (no-password attempt)
[4] strings β printable character extraction
[5] Flag scan β auto-highlight any CTF flags found
Tools: exiftool Β· binwalk Β· steghide Β· strings
Gather open-source intelligence on domains and organisations.
# Full domain recon β DNS, WHOIS, emails, ports
dragonbyte osint domain example.com
# Email address harvesting
dragonbyte osint email example.com
# Subdomain enumeration
dragonbyte osint subdomains example.comDomain action pipeline:
[1] DNS Resolution β resolve IPs
[2] WHOIS β registrar, owner, dates
[3] theHarvester β emails, hosts, names
[4] Nmap β open ports (fast scan)
Subdomain pipeline:
[1] Amass β passive subdomain enumeration
[2] Gobuster β DNS brute-force with wordlist
Tools: whois Β· nmap Β· theHarvester Β· amass Β· gobuster
Find hidden directories, injection points, and security misconfigurations.
# Full scan β directories + Nikto
dragonbyte web scan http://target.htb
# SQL injection testing
dragonbyte web sqli "http://target.htb/login?id=1"
# HTTP header analysis + security audit
dragonbyte web headers http://target.htbSecurity headers audited:
| Header | Checks |
|---|---|
X-Frame-Options |
Clickjacking protection |
X-XSS-Protection |
XSS filter |
Strict-Transport-Security |
HSTS enforcement |
Content-Security-Policy |
CSP presence |
X-Content-Type-Options |
MIME sniffing |
Tools: gobuster Β· nikto Β· sqlmap
Analyse packet captures, disk images, memory dumps, and binary files.
# Auto-detect file type and analyse
dragonbyte forensic analyze capture.pcap
dragonbyte forensic analyze disk.img
dragonbyte forensic analyze memory.vmem
dragonbyte forensic analyze unknown.bin
# Carve embedded files
dragonbyte forensic extract challenge.bin
# Extract strings
dragonbyte forensic strings challenge.binAuto-routing by file extension:
| Extension | Engine | What it does |
|---|---|---|
.pcap .pcapng .cap |
tshark | Protocol stats, HTTP objects, DNS queries, conversations |
.img .dd .bin .raw |
Foremost | File carving from disk images |
.vmem .mem .dmp |
Volatility 3 | Process list, memory analysis |
| (anything else) | file + strings | Magic detection + string extraction |
Tools: tshark Β· foremost Β· binwalk Β· volatility3 Β· file
Stop guessing encodings manually. DragonByte tries them all at once.
# Auto-detect and decode any encoding
dragonbyte misc decode "aGVsbG8gY3Rm"
dragonbyte misc decode encoded.txt
# Decode QR codes and barcodes from images
dragonbyte misc qr qrcode.png
# Extract readable strings
dragonbyte misc strings file.binEncodings tried automatically:
| Encoding | Example Input |
|---|---|
| Base64 | aGVsbG8= |
| Base32 | NBSWY3DPEB3W64TMMQ====== |
| Hex | 68656c6c6f |
| ROT13 | uryyb |
| ROT47 | 96==@ |
| Binary | 01101000 01100101 01101100 |
| URL encoding | %68%65%6c%6c%6f |
| Morse code | .... . .-.. .-.. --- |
| Caesar brute-force | All 25 shifts scored |
Tools: zbarimg Β· pyzbar Β· strings
Every single module run is automatically scanned for CTF flags. When a flag is found, a highlighted banner is printed:
ββββββββββββββββββββββββββββββββββββββββββββββββββ
[π©] FLAG(S) DETECTED!
ββββββββββββββββββββββββββββββββββββββββββββββββββ
flag{hidden_in_plain_sight}
ββββββββββββββββββββββββββββββββββββββββββββββββββ
All supported flag formats:
flag{...} picoCTF{...} HTB{...}
CTF{...} THM{...} DUCTF{...}
rtcp{...} darkCTF{...} TBTL{...}
DawgCTF{...} WORD{...} β any ALL-CAPS prefix
| Requirement | Minimum |
|---|---|
| OS | Kali Linux 2022+ (or Debian-based) |
| Python | 3.8+ |
| Privileges | sudo / root |
| Disk space | ~500 MB (tools + wordlists) |
# Clone
git clone https://github.com/SANJAIRATHINAM-R/DragonByte-CTF-Toolkit-generation.git
cd DragonByte-CTF-Toolkit-generation
# Install
sudo bash install.sh
# Verify
dragonbyte --version
dragonbyte --help[1] Checks Python 3 and pip3
[2] Installs Python packages (requests, Pillow, pyzbar, colorama, volatility3)
[3] Installs system tools via apt:
exiftool binwalk steghide tshark foremost
nmap gobuster sqlmap nikto john
hashcat amass theharvester whois zbar-tools
[4] Decompresses rockyou.txt if gzipped
[5] Creates /usr/local/bin/dragonbyte symlink
[6] Creates all Python package __init__.py files
sudo ln -sf ~/DragonByte-CTF-Toolkit-generation/dragonbyte.sh /usr/local/bin/dragonbytecd DragonByte-CTF-Toolkit-generation
bash dragonbyte.sh --help
bash dragonbyte.sh misc decode "aGVsbG8="DragonByte-CTF-Toolkit-generation/
β
βββ π dragonbyte.sh β Bash CLI: parses args, calls Python
βββ π§ install.sh β Installs all tools & dependencies
βββ π README.md
β
βββ backend/
β βββ engine.py β Validates input, routes to modules
β βββ flag_detector.py β Regex scanner for CTF flag patterns
β βββ utils.py β print_info/warn/error, run_command,
β validate_file, tool_available, etc.
β
βββ modules/
β βββ crypto/
β β βββ crypto_engine.py β Hash ID + John/Hashcat cracking
β βββ stego/
β β βββ stego_engine.py β ExifTool + Binwalk + Steghide
β βββ osint/
β β βββ osint_engine.py β WHOIS + theHarvester + Amass
β βββ web/
β β βββ web_engine.py β Gobuster + Nikto + SQLmap
β βββ forensics/
β β βββ forensic_engine.py β tshark + Foremost + Volatility
β βββ misc/
β βββ misc_engine.py β Multi-encoding decoder + QR
β
βββ wordlists/ β Drop custom wordlists here
β βββ (rockyou.txt auto-detected)
β
βββ docs/
βββ installation.md
βββ usage.md
βββ modules.md
USAGE:
dragonbyte <module> <action> [target]
MODULES:
crypto identify <hash|file> Detect hash algorithm by pattern
crack <hashfile> Dictionary attack via John + Hashcat
stego scan <file> Full scan: meta + binwalk + steghide
extract <file> Extract hidden payloads
strings <file> Dump printable strings
osint domain <domain> DNS + WHOIS + harvest + nmap
email <domain> Harvest email addresses
subdomains <domain> Amass + Gobuster DNS enum
web scan <url> Gobuster dir scan + Nikto
sqli <url> SQLmap injection test
headers <url> HTTP headers + security audit
forensic analyze <file> Auto-detect & analyse
extract <file> Carve files (Foremost + Binwalk)
strings <file> Extract strings
misc decode <string|file> Auto-detect & decode encoding
qr <imagefile> Decode QR code / barcode
strings <file> Extract printable strings
GLOBAL FLAGS:
--help, -h Show help
--version, -v Show version
# ββ Challenge: suspicious PNG ββββββββββββββββββββββββββββββββββ
dragonbyte stego scan challenge.png
# ExifTool β Binwalk β Steghide β strings β flag scan
# ββ Challenge: crack this hash βββββββββββββββββββββββββββββββββ
echo "482c811da5d5b4bc6d497ffa98491e38" > hash.txt
dragonbyte crypto crack hash.txt
# MD5 identified β John + Hashcat β password123
# ββ Challenge: weird encoded string ββββββββββββββββββββββββββββ
dragonbyte misc decode ".... - -... . . . ---. ..... "
# Morse code detected β HTB{...}
# ββ Challenge: web login page ββββββββββββββββββββββββββββββββββ
dragonbyte web sqli "http://challenge.ctf.io/login?user=test"
# SQLmap β vulnerable parameter found β DB dumped
# ββ Challenge: pcap analysis βββββββββββββββββββββββββββββββββββ
dragonbyte forensic analyze traffic.pcapng
# tshark β HTTP objects β flag in plaintext
# ββ Challenge: CTF recon βββββββββββββββββββββββββββββββββββββββ
dragonbyte osint domain target.ctf.com
# DNS β WHOIS β subdomains β open portsDragonByte is designed to be extended. Adding a new module takes 4 steps:
1. Create the engine file:
# modules/pwn/pwn_engine.py
import os, sys
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..'))
from backend.utils import print_info, print_subsection
class PwnEngine:
def run(self, action: str, target: str) -> str:
if action == "checksec":
return self._checksec(target)
return ""
def _checksec(self, target: str) -> str:
print_subsection("checksec")
# your logic here
return "result"2. Add __init__.py:
touch modules/pwn/__init__.py3. Register in backend/engine.py:
MODULE_ACTIONS = {
...
"pwn": ["checksec", "rop"], # add this line
}
def load_module(module_name):
...
elif module_name == "pwn":
from modules.pwn.pwn_engine import PwnEngine
return PwnEngine()4. Use it:
dragonbyte pwn checksec ./binary| Problem | Cause | Fix |
|---|---|---|
dragonbyte: command not found |
Symlink missing | sudo ln -sf ~/DragonByte-CTF-Toolkit-generation/dragonbyte.sh /usr/local/bin/dragonbyte |
install.sh: No such file or directory |
Wrong directory | cd DragonByte-CTF-Toolkit-generation first |
python3 not found |
Python not installed | sudo apt install python3 |
ModuleNotFoundError |
Python package missing | sudo bash install.sh again |
Tool shows [!] not found |
Tool not installed | sudo apt install <toolname> |
Permission denied |
Script not executable | chmod +x dragonbyte.sh |
Hashcat --force errors |
VM / no GPU | Normal on VMs, results still work |
- PWN module (checksec, ROPgadget, pwntools integration)
- Reverse engineering module (Ghidra CLI, strings, ltrace/strace)
- Cloud OSINT (S3 buckets, Azure blobs, GCP storage)
- Password mutation engine in crypto module
- Output save to file (
--output report.txt) - Docker container for portable use
- CTF platform integration (HTB API, TryHackMe API)
- Web UI dashboard (optional)
All contributions are welcome β new modules, bug fixes, better wordlists, docs.
# Fork on GitHub, then:
git clone https://github.com/SANJAIRATHINAM-R/DragonByte-CTF-Toolkit-generation.git
cd DragonByte-CTF-Toolkit-generation
git checkout -b feature/your-feature-name
# Make changes, test them, then:
git add .
git commit -m "feat: describe your change"
git push origin feature/your-feature-name
# Open a Pull RequestContribution ideas:
- New encoding types in
misc - Additional OSINT sources
- Better hash identification patterns
- More CTF flag regex patterns
- Improve Volatility integration
- Add progress bars for long-running tools
MIT License
Copyright (c) 2026 Sanjairathinam
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
DragonByte CTF Toolkit is intended for LEGAL USE ONLY.
Use this toolkit only in:
- CTF competitions
- Authorised penetration testing engagements
- Your own lab / test environments
- Cybersecurity education and research
Do NOT use against any system you do not own or have explicit written permission to test. The authors accept no liability for misuse.
Created with β€οΈ by Sanjairathinam β Founder of DragonByte
If DragonByte helped you capture a flag, give it a β on GitHub!
Happy hacking β legally. π
