rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updating conversion, creating readmes

Browse Source
This commit is contained in:
Jonas Zeunert
2024-04-19 23:37:46 +02:00
parent 3619ac710a
commit 08e75b0f0a
635 changed files with 30878 additions and 37344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
terminal/pentestcheatsheets
View File

@@ -2,7 +2,7 @@
ALL OF ITS CONTENT HAS BEEN UPDATED AND MOVED TO awesome-pentest-cheat-sheets (https://github.com/ByteSnipers/awesome-pentest-cheat-sheets)
 Awesome Pentest Cheat Sheets !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
 Awesome Pentest Cheat Sheets !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
Collection of cheat sheets useful for pentesting
@@ -21,8 +21,7 @@
⟡ Mobile App Pentest Cheat Sheet (https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)
⟡ OSX Command Line Cheat Sheet (https://github.com/herrbischoff/awesome-osx-command-line)
⟡ PowerShell Cheat Sheet (https://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet) - SANS PowerShell Cheat Sheet from SEC560 Course (PDF version) (docs/PowerShellCheatSheet_v41.pdf)
⟡ Rawsec's CyberSecurity Inventory (https://inventory.raw.pm/) - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source 
(https://gitlab.com/rawsec/rawsec-cybersecurity-list))
⟡ Rawsec's CyberSecurity Inventory (https://inventory.raw.pm/) - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. (Source (https://gitlab.com/rawsec/rawsec-cybersecurity-list))
⟡ Regexp Security Cheat Sheet (https://github.com/attackercan/regexp-security-cheatsheet)
⟡ Security Cheat Sheets (https://github.com/teamghsoftware/security-cheatsheets) - A collection of security cheat sheets
⟡ Unix / Linux Cheat Sheet (http://cheatsheetworld.com/programming/unix-linux-cheat-sheet/)
@@ -58,8 +57,8 @@
Learn Privilege Escalation
⟡ Windows / Linux Local Privilege Escalation Workshop (https://github.com/sagishahar/lpeworkshop) - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege 
escalation on both Linux and Windows operating systems and includes slides, videos, test VMs.
⟡ Windows / Linux Local Privilege Escalation Workshop (https://github.com/sagishahar/lpeworkshop) - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and 
Windows operating systems and includes slides, videos, test VMs.
Linux Privilege Escalation
@@ -68,25 +67,24 @@
⟡ linux-exploit-suggester.sh (https://github.com/mzet-/linux-exploit-suggester) - Linux privilege escalation auditing tool written in bash (updated)
⟡ Linux_Exploit_Suggester.pl (https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester written in Perl (last update 3 years ago)
⟡ Linux_Exploit_Suggester.pl v2 (https://github.com/jondonas/linux-exploit-suggester-2) - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
⟡ Linux Soft Exploit Suggester (https://github.com/belane/linux-soft-exploit-suggester) - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege 
escalation. It focuses on software packages instead of Kernel vulnerabilities
⟡ Linux Soft Exploit Suggester (https://github.com/belane/linux-soft-exploit-suggester) - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software 
packages instead of Kernel vulnerabilities
⟡ checksec.sh (https://github.com/slimm609/checksec.sh) - bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
⟡ linuxprivchecker.py (http://www.securitysift.com/download/linuxprivchecker.py) - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege 
escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
⟡ LinEnum (https://github.com/rebootuser/LinEnum) - This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs
if visible, weak credentials etc.(@Rebootuser)
⟡ linPEAS (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local Linux Privilege Escalation 
checklist from book.hacktricks.xyz (https://book.hacktricks.xyz)
⟡ linuxprivchecker.py (http://www.securitysift.com/download/linuxprivchecker.py) - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as 
world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
⟡ LinEnum (https://github.com/rebootuser/LinEnum) - This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs if visible, weak 
credentials etc.(@Rebootuser)
⟡ linPEAS (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local Linux Privilege Escalation checklist from 
book.hacktricks.xyz (https://book.hacktricks.xyz)
⟡ MimiPenguin (https://github.com/huntergregal/mimipenguin) - A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. 
Windows Privilege Escalation
⟡ PowerUp (https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc) - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by harmj0y 
(https://twitter.com/harmj0y) (direct link) (https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)
⟡ PowerUp (https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc) - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by harmj0y (https://twitter.com/harmj0y) (direct link) 
(https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)
⟡ PowerUp Cheat Sheet (https://github.com/HarmJ0y/CheatSheets/blob/master/PowerUp.pdf)
⟡ Windows Exploit Suggester
 (https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
⟡ Windows Exploit Suggester (https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
⟡ Sherlock (https://github.com/rasta-mouse/Sherlock) - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
⟡ Watson (https://github.com/rasta-mouse/Watson) - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
⟡ Precompiled Windows Exploits (https://github.com/abatchy17/WindowsExploits) - Collection of precompiled Windows exploits
@@ -103,7 +101,7 @@
⟡ VIM Cheatsheet (https://i.imgur.com/YLInLlY.png)
⟡ Wireshark Display Filters (docs/Wireshark_Display_Filters.pdf) - Filters for the best sniffing tool
 Tools Online
 Tools Online
⟡ XSS'OR Encoder/Decoder (http://xssor.io/#ende) - Online Decoder/Encoder for testing purposes (@evilcos)
⟡ WebGun (https://brutelogic.com.br/webgun/) - WebGun, XSS Payload Creator (@brutelogic)
⟡ Hackvertor (https://hackvertor.co.uk) - Tool to convert various encodings and generate attack vectors (@garethheyes)
@@ -114,14 +112,14 @@
Genaral
⟡ Fuzzdb (https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application testing
Polyglot Challenge with submitted solutions
⟡ SecList (https://github.com/danielmiessler/SecLists) - A collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, 
fuzzing payloads, and many more
⟡ SecList
 (https://github.com/danielmiessler/SecLists) - A collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more
XSS
⟡ XSS Polyglot Payloads #1 (https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot) - Unleashing an Ultimate XSS Polyglot list by 0xsobky
⟡ XSS Polyglot Payloads #2 (http://polyglot.innerht.ml/) - @filedescriptor (https://twitter.com/filedescriptor)'s XSS 
⟡ Browser's-XSS-Filter-Bypass-Cheat-Sheet (https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet)- Excellent List of working XSS bypasses running on the latest version of 
Chrome / Safari, IE 11 / Edge created by Masato Kinugawa
⟡ Browser's-XSS-Filter-Bypass-Cheat-Sheet
 (https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet)- Excellent List of working XSS bypasses running on the latest version of Chrome / Safari, IE 11 / Edge created by Masato Kinugawa
Write-Ups
@@ -156,8 +154,7 @@
Defence Topics
⟡ Docker Security Cheat Sheet (https://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf) - The following tips should help you to secure a container based system (PDF version) 
(docs/DockerCheatSheet.pdf)
⟡ Docker Security Cheat Sheet (https://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf) - The following tips should help you to secure a container based system (PDF version) (docs/DockerCheatSheet.pdf)
⟡ Windows Domain Hardening (https://github.com/PaulSec/awesome-windows-domain-hardening) - A curated list of awesome Security Hardening techniques for Windows
Programming