NCTF NeuroCTF
Open Source Security Tooling in .NET

Build, break, decode, and extract with NeuroCTF.

NeuroCTF is a modular CTF automation framework for intelligent input analysis, recursive decoding, artifact carving, reverse-engineering helpers, pwn workflows, network inspection, steganography, and OSINT-style recon. Built for contributors who want a real codebase to extend.

View Repository Start Contributing 
$ neuroctf analyze --input eyJhbGciOiJub25lIn0.eyJmbGFnIjoiZmxhZ3tqd3R9In0.
Source: inline
Top candidate: [jwt]
Preview: {"flag":"flag{jwt}"}
Flags:
  flag{jwt}

$ neuroctf modules
base32   [decode]
jwt      [decode]
pcap     [network]
elf-sec  [pwn]
url-recon[osint]
25+ Built-in modules across crypto, reverse, pwn, forensics, web, network, stego, and OSINT.
Plugin Ready External DLL discovery with descriptor-based module catalog support.
Fuzzed Includes a robustness harness for malformed and binary-heavy input flows.
Benchmarked Hot-path benchmark harness included for regression tracking and optimization work.

Why People Will Want To Use It

A good security tool should feel useful on day one and exciting enough that people want to keep it in their toolkit.

From Raw Bytes to Real Leads

Throw unknown data at NeuroCTF and it starts doing the boring, repetitive work for you: decode, inspect, extract, rank, and surface the outputs most likely to matter.

Built For Security Tinkerers

It is designed for CTF players, reverse engineers, and curious builders who want one extensible CLI instead of juggling a dozen throwaway scripts.

Made To Grow With The Community

Each module is a clear extension point, so contributors can ship meaningful features without wrestling the entire codebase first.

Tool Domains

NeuroCTF is structured so each contributor can improve one domain without destabilizing the rest of the framework.

Crypto

Base32, Base64, hex, XOR, Caesar, JWT-aware decoding, archive password hints, recursive transform chaining.

base32 xor jwt

Reverse Engineering

Strings extraction, PE/ELF clues, .NET indicators, disassembly-lite, and lightweight control-flow inspection.

pe elf cfg-lite

Pwn Helpers

Cyclic pattern generation, offset finding, ELF security checks, and basic ROP gadget discovery.

pattern elf-sec rop-lite

Forensics

Binary carving, recursive archive traversal, artifact export, hidden data inspection, and entropy-driven heuristics.

extract archive entropy

Web & Network

HTTP request replay parsing, parameter discovery, PCAP-lite inspection, and suspicious protocol indicators.

http pcap params

Stego & OSINT

LSB extraction, URL/domain recon, and signal extraction helpers that can feed the broader analysis pipeline.

lsb url-recon domain-recon

Imagine CyberChef, a plugin-ready offensive CLI, and a contributor-friendly security playground meeting in one repository.

That is the direction behind NeuroCTF: a codebase that feels practical enough for real challenge-solving and inviting enough for open source collaboration.
Fast First Win New users can get value immediately with `analyze`, `extract`, and `recon`, even before learning the deeper module system.
Serious Upgrade Path As the framework grows, it can become a shared workstation for crypto, pwn, reverse, forensics, stego, network, and web workflows.
Open Source Friendly Clear folders, plugin hooks, tests, fuzzing, and benchmarks make it easier for contributors to improve the project with confidence.

CLI Surface

Top-level commands are designed for both hands-on use and future automation workflows.

analyze decode exploit scan extract bruteforce recon modules shell export strings xor base64 hexdump filetype hash entropy

Architecture

Cleanly layered so contributors can extend one slice at a time.

Core

Contracts, immutable models, options, and plugin abstractions that define the framework boundary.

Application

Detection, scoring, orchestration, pipeline traversal, and shared module execution services.

Infrastructure

Streaming I/O, plugin loading, report writing, config binding, and session persistence.

Modules

Built-in feature units that keep domain behavior out of the CLI and directly analyzable by the engine.

CLI

Command routing, shell state, export flow, and human-facing execution paths.

Tests

Unit-style runner, fuzz harness, and benchmark harness for reliability and performance regression tracking.

Open Source Collaboration

The repository is organized so contributors can pick up a single module, parser, or infrastructure improvement and ship meaningful progress quickly.

Good First Areas

Improved parsers, better heuristics, richer protocol support, plugin modules, fuzz cases, benchmark coverage, and documentation.

Validation Flow

Run the solution build, test runner, fuzz harness, and benchmarks before opening a pull request.

Contributor Docs

The repository includes `CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`, `SECURITY.md`, and GitHub issue and PR templates.

dotnet build .\NeuroCTF.slnx dotnet run --project .\tests\NeuroCTF.Tests\NeuroCTF.Tests.csproj dotnet run --project .\tests\NeuroCTF.Fuzz\NeuroCTF.Fuzz.csproj dotnet run --project .\tests\NeuroCTF.Benchmarks\NeuroCTF.Benchmarks.csproj

Ship a tool people want to fork, extend, and show off.

NeuroCTF is positioned to be more than a utility repo. With stronger marketing language, clear contributor flow, and a polished landing page, it can feel like a serious security toolkit people want to try, star, and build on.

Fork NeuroCTF See Contributor Path