rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
awesome-awesomeness/html/pentestcheatsheets.html
rhetenor 652812eed0 update
2025-07-18 23:13:11 +02:00

349 lines
16 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<p><strong>THIS REPOSITORY IS DEPRECATED.</strong></p>
<p><strong>ALL OF ITS CONTENT HAS BEEN UPDATED AND MOVED TO <a
href="https://github.com/ByteSnipers/awesome-pentest-cheat-sheets">awesome-pentest-cheat-sheets</a></strong></p>
<h1 id="awesome-pentest-cheat-sheets-awesome">Awesome Pentest Cheat
Sheets <a href="https://github.com/sindresorhus/awesome"><img
src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"
alt="Awesome" /></a></h1>
<p>Collection of cheat sheets useful for pentesting</p>
<h3 id="contribution">Contribution</h3>
<p>Your contributions and suggestions are heartily welcome. Please check
the <a href=".github/CONTRIBUTING.md">Contributing Guidelines</a> for
more details.</p>
<h2 id="security-talks-and-videos">Security Talks and Videos</h2>
<ul>
<li><a href="https://infocon.org/cons/">InfoCon - Hacking Conference
Archive</a></li>
<li><a href="https://github.com/PaulSec/awesome-sec-talks">Curated list
of Security Talks and Videos</a></li>
</ul>
<h2 id="general">General</h2>
<ul>
<li><a href="https://github.com/wsargent/docker-cheat-sheet">Docker
Cheat Sheet</a></li>
<li><a
href="https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet">Mobile
App Pentest Cheat Sheet</a></li>
<li><a
href="https://github.com/herrbischoff/awesome-osx-command-line">OSX
Command Line Cheat Sheet</a></li>
<li><a
href="https://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet">PowerShell
Cheat Sheet</a> - SANS PowerShell Cheat Sheet from SEC560 Course <a
href="docs/PowerShellCheatSheet_v41.pdf">(PDF version)</a></li>
<li><a href="https://inventory.raw.pm/">Rawsecs CyberSecurity
Inventory</a> - An open-source inventory of tools, resources, CTF
platforms and Operating Systems about CyberSecurity. (<a
href="https://gitlab.com/rawsec/rawsec-cybersecurity-list">Source</a>)</li>
<li><a
href="https://github.com/attackercan/regexp-security-cheatsheet">Regexp
Security Cheat Sheet</a></li>
<li><a
href="https://github.com/teamghsoftware/security-cheatsheets">Security
Cheat Sheets</a> - A collection of security cheat sheets</li>
<li><a
href="http://cheatsheetworld.com/programming/unix-linux-cheat-sheet/">Unix
/ Linux Cheat Sheet</a></li>
</ul>
<h2 id="discovery">Discovery</h2>
<ul>
<li><a href="https://www.exploit-db.com/google-hacking-database">Google
Dorks</a> - Google Dorks Hacking Database (Exploit-DB)</li>
<li><a href="docs/shodan.md">Shodan</a> - Shodan is a search engine for
finding specific devices, and device types, that exist online</li>
<li><a href="http://zoomeye.org">ZoomEye</a> - Zoomeye is a Cyberspace
Search Engine recording information of devices, websites, services and
components etc.</li>
<li><a href="https://github.com/OWASP/Amass">Amass</a> - OWASP Network
mapping of attack surfaces and external asset discovery using open
source information</li>
</ul>
<h2 id="enumeration">Enumeration</h2>
<ul>
<li><a href="https://github.com/cddmp/enum4linux-ng">enum4linux-ng</a> -
Python tool for enumerating information from Windows/Samba systems</li>
</ul>
<h2 id="exploitation">Exploitation</h2>
<ul>
<li><a
href="https://github.com/HarmJ0y/CheatSheets/blob/master/Empire.pdf">Empire
Cheat Sheet</a> - <a href="http://www.powershellempire.com">Empire</a>
is a PowerShell and Python post-exploitation framework</li>
<li><a href="docs/pentest-exploit-dev-cheatsheet.jpg">Exploit
Development Cheat Sheet</a> - <a href="https://twitter.com/ovid"><span
class="citation" data-cites="ovid">@ovid</span></a>s exploit
development in one picture</li>
<li><a
href="https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet">Java
Deserialization Cheat Sheet</a> - A cheat sheet for pentesters about
Java Native Binary Deserialization vulnerabilities</li>
<li><a href="https://highon.coffee/blog/lfi-cheat-sheet/">Local File
Inclusion (LFI) Cheat Sheet #1</a> - Arr0ways LFI Cheat Sheet</li>
<li><a
href="https://www.aptive.co.uk/blog/local-file-inclusion-lfi-testing/">Local
File Inclusion (LFI) Cheat Sheet #2</a> - Aptives LFI Cheat Sheet</li>
<li><a
href="https://www.offensive-security.com/metasploit-unleashed/">Metasploit
Unleashed</a> - The ultimate guide to the Metasploit Framework</li>
<li><a
href="https://www.tunnelsup.com/metasploit-cheat-sheet/">Metasploit
Cheat Sheet</a> - A quick reference guide <a
href="docs/Metasploit-CheatSheet.png">(PNG version)</a><a
href="docs/Metasploit-CheatSheet.pdf">(PDF version)</a></li>
<li><a
href="https://github.com/HarmJ0y/CheatSheets/blob/master/PowerSploit.pdf">PowerSploit
Cheat Sheet</a> - <a
href="https://github.com/PowerShellMafia/PowerSploit">PowerSploit</a> is
a powershell post-exploitation framework</li>
<li><a
href="https://gist.github.com/HarmJ0y/3328d954607d71362e3c">PowerView
2.0 Tricks</a></li>
<li><a
href="https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993">PowerView
3.0 Tricks</a></li>
<li><a
href="https://github.com/sektioneins/pcc/wiki/PHP-htaccess-injection-cheat-sheet">PHP
htaccess Injection Cheat Sheet</a> - htaccess Injection Cheat Sheet by
PHP Secure Configuration Checker</li>
<li><a
href="http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet">Reverse
Shell Cheat Sheet #1</a> - Pentestmonkey Reverse Shell Cheat Sheet</li>
<li><a
href="https://highon.coffee/blog/reverse-shell-cheat-sheet">Reverse
Shell Cheat Sheet #2</a> - Arr0ways Reverse Shell Cheat Sheet</li>
<li><a
href="https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet">SQL
Injection Cheat Sheet</a> - Netsparkers SQL Injection Cheat Sheet</li>
<li><a
href="http://atta.cked.me/home/sqlite3injectioncheatsheet">SQLite3
Injection Cheat Sheet</a></li>
</ul>
<h2 id="privilege-escalation">Privilege Escalation</h2>
<h3 id="learn-privilege-escalation">Learn Privilege Escalation</h3>
<ul>
<li><a href="https://github.com/sagishahar/lpeworkshop">Windows / Linux
Local Privilege Escalation Workshop</a> - The Privilege Escalation
Workshop covers all known (at the time) attack vectors of local user
privilege escalation on both Linux and Windows operating systems and
includes slides, videos, test VMs.
<img src="https://pbs.twimg.com/media/DAZsE2VUQAA_bpZ.jpg"></li>
</ul>
<h3 id="linux-privilege-escalation">Linux Privilege Escalation</h3>
<ul>
<li><a
href="https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/">Basic
Linux Privilege Escalation</a> - Linux Privilege Escalation by <a
href="https://twitter.com/g0tmi1k"><span class="citation"
data-cites="g0tmi1k">@g0tmi1k</span></a></li>
<li><a
href="https://github.com/mzet-/linux-exploit-suggester">linux-exploit-suggester.sh</a>
- Linux privilege escalation auditing tool written in bash
(updated)</li>
<li><a
href="https://github.com/PenturaLabs/Linux_Exploit_Suggester">Linux_Exploit_Suggester.pl</a>
- Linux Exploit Suggester written in Perl (last update 3 years ago)</li>
<li><a
href="https://github.com/jondonas/linux-exploit-suggester-2">Linux_Exploit_Suggester.pl
v2</a> - Next-generation exploit suggester based on
Linux_Exploit_Suggester (updated)</li>
<li><a
href="https://github.com/belane/linux-soft-exploit-suggester">Linux Soft
Exploit Suggester</a> - linux-soft-exploit-suggester finds exploits for
all vulnerable software in a system helping with the privilege
escalation. It focuses on software packages instead of Kernel
vulnerabilities</li>
<li><a href="https://github.com/slimm609/checksec.sh">checksec.sh</a> -
bash script to check the properties of executables (like PIE, RELRO,
PaX, Canaries, ASLR, Fortify Source)</li>
<li><a
href="http://www.securitysift.com/download/linuxprivchecker.py">linuxprivchecker.py</a>
- This script is intended to be executed locally on a Linux box to
enumerate basic system info and search for common privilege escalation
vectors such as world writable files, misconfigurations, clear-text
passwords and applicable exploits (<span class="citation"
data-cites="SecuritySift">@SecuritySift</span>)</li>
<li><a href="https://github.com/rebootuser/LinEnum">LinEnum</a> - This
tool is great at running through a heap of things you should check on a
Linux system in the post exploit process. This include file permissions,
cron jobs if visible, weak credentials etc.(<span class="citation"
data-cites="Rebootuser">@Rebootuser</span>)</li>
<li><a
href="https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS">linPEAS</a>
- LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local
Linux Privilege Escalation checklist from <a
href="https://book.hacktricks.xyz">book.hacktricks.xyz</a></li>
<li><a
href="https://github.com/huntergregal/mimipenguin">MimiPenguin</a> - A
tool to dump the login password from the current linux desktop user.
Adapted from the idea behind the popular Windows tool mimikatz.</li>
</ul>
<h3 id="windows-privilege-escalation">Windows Privilege Escalation</h3>
<ul>
<li><a
href="https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc">PowerUp</a>
- Excellent powershell script for checking of common Windows privilege
escalation vectors. Written by <a
href="https://twitter.com/harmj0y">harmj0y</a> <a
href="https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1">(direct
link)</a></li>
<li><a
href="https://github.com/HarmJ0y/CheatSheets/blob/master/PowerUp.pdf">PowerUp
Cheat Sheet</a></li>
<li><a
href="https://github.com/GDSSecurity/Windows-Exploit-Suggester">Windows
Exploit Suggester</a> - Tool for detection of missing security patches
on the windows operating system and mapping with the public available
exploits</li>
<li><a href="https://github.com/rasta-mouse/Sherlock">Sherlock</a> -
PowerShell script to quickly find missing software patches for local
privilege escalation vulnerabilities</li>
<li><a href="https://github.com/rasta-mouse/Watson">Watson</a> -
Enumerate missing KBs and suggest exploits for useful Privilege
Escalation vulnerabilities</li>
<li><a href="https://github.com/abatchy17/WindowsExploits">Precompiled
Windows Exploits</a> - Collection of precompiled Windows exploits</li>
<li><a href="https://github.com/rapid7/metasploit-framework">Metasploit
Modules</a>
<ul>
<li>post/multi/recon/local_exploit_suggester - suggests local
meterpreter exploits that can be used</li>
<li>post/windows/gather/enum_patches - helps to identify any missing
patches</li>
</ul></li>
</ul>
<h2 id="tools">Tools</h2>
<ul>
<li><a href="docs/nmap.md">Nmap Cheat Sheet</a></li>
<li><a href="docs/sqlmap-cheatsheet-1.0-SDB.pdf">SQLmap Cheat
Sheet</a></li>
<li><a
href="https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423">SQLmap
Tamper Scripts</a> - SQLmap Tamper Scripts General/MSSQL/MySQL</li>
<li><a href="https://i.imgur.com/YLInLlY.png">VIM Cheatsheet</a></li>
<li><a href="docs/Wireshark_Display_Filters.pdf">Wireshark Display
Filters</a> - Filters for the best sniffing tool</li>
</ul>
<h1 id="tools-online">Tools Online</h1>
<ul>
<li><a href="http://xssor.io/#ende">XSSOR Encoder/Decoder</a> - Online
Decoder/Encoder for testing purposes (<span class="citation"
data-cites="evilcos">@evilcos</span>)</li>
<li><a href="https://brutelogic.com.br/webgun/">WebGun</a> - WebGun, XSS
Payload Creator (<span class="citation"
data-cites="brutelogic">@brutelogic</span>)</li>
<li><a href="https://hackvertor.co.uk">Hackvertor</a> - Tool to convert
various encodings and generate attack vectors (<span class="citation"
data-cites="garethheyes">@garethheyes</span>)</li>
<li><a href="https://jsfiddle.net">JSFiddle</a> - Test and share XSS
payloads, <a href="https://jsfiddle.net/xqjpsh65/">Example PoC</a></li>
</ul>
<h2 id="payloads">Payloads</h2>
<h3 id="genaral">Genaral</h3>
<ul>
<li><a href="https://github.com/fuzzdb-project/fuzzdb">Fuzzdb</a> -
Dictionary of attack patterns and primitives for black-box application
testing Polyglot Challenge with submitted solutions</li>
<li><a href="https://github.com/danielmiessler/SecLists">SecList</a> - A
collection of multiple types of lists used during security assessments.
List types include usernames, passwords, URLs, sensitive data grep
strings, fuzzing payloads, and many more</li>
</ul>
<h3 id="xss">XSS</h3>
<ul>
<li><a
href="https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot">XSS
Polyglot Payloads #1</a> - Unleashing an Ultimate XSS Polyglot list by
0xsobky</li>
<li><a href="http://polyglot.innerht.ml/">XSS Polyglot Payloads #2</a> -
<a href="https://twitter.com/filedescriptor"><span class="citation"
data-cites="filedescriptor">@filedescriptor</span></a>s XSS</li>
<li><a
href="https://github.com/masatokinugawa/filterbypass/wiki/Browser&#39;s-XSS-Filter-Bypass-Cheat-Sheet">Browsers-XSS-Filter-Bypass-Cheat-Sheet</a>-
Excellent List of working XSS bypasses running on the latest version of
Chrome / Safari, IE 11 / Edge created by Masato Kinugawa</li>
</ul>
<h2 id="write-ups">Write-Ups</h2>
<ul>
<li><a href="https://github.com/ngalongc/bug-bounty-reference">Bug
Bounty Reference</a> - huge list of bug bounty write-up that is
categorized by the bug type (SQLi, XSS, IDOR, etc.)</li>
<li><a href="https://ctftime.org/writeups">Write-Ups for CTF
challenges</a></li>
<li><a
href="https://www.facebook.com/notes/phwd/facebook-bug-bounties/707217202701640">Facebook
Bug Bounties</a> - Categorized Facebook Bug Bounties write-ups</li>
</ul>
<h2 id="learning-platforms">Learning Platforms</h2>
<h3 id="online">Online</h3>
<ul>
<li><a href="https://www.hackthebox.eu">Hack The Box :: Penetration
Testing Labs</a></li>
<li><a
href="https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps">OWASP
Vulnerable Web Applications Directory Project (Online)</a> - List of
online available vulnerable applications for learning purposes</li>
<li><a href="https://lab.pentestit.ru">Pentestit labs</a> - Hands-on
Pentesting Labs (OSCP style)</li>
<li><a href="https://www.root-me.org">Root-me.org</a> - Hundreds of
challenges are available to train yourself in different and not
simulated environments</li>
<li><a href="https://www.vulnhub.com">Vulnhub.com</a> - Vulnerable By
Design VMs for practical hands-on experience in digital security</li>
</ul>
<h3 id="off-line">Off-Line</h3>
<ul>
<li><a href="https://github.com/davevs/dvxte">Damn Vulnerable Xebia
Training Environment</a> - Docker Container including several vurnerable
web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop,
Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)</li>
<li><a
href="https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps">OWASP
Vulnerable Web Applications Directory Project (Offline)</a> - List of
offline available vulnerable applications for learning purposes</li>
<li><a
href="https://github.com/anil-yelken/Vulnerable-Soap-Service">Vulnerable
SOAP Web Service</a> - a vulnerable SOAP web service lab
environment</li>
<li><a
href="https://github.com/anil-yelken/Vulnerable-Flask-App">Vulnerable
Flask Web App</a> - vulnerable Flask Web App lab environment</li>
</ul>
<h2 id="wireless-hacking">Wireless Hacking</h2>
<h3 id="tools-1">Tools</h3>
<ul>
<li><a href="https://github.com/coreb1t/wifite2">wifite2</a> - Full
automated WiFi security testing script</li>
</ul>
<h2 id="defence-topics">Defence Topics</h2>
<ul>
<li><a
href="https://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf">Docker
Security Cheat Sheet</a> - The following tips should help you to secure
a container based system <a href="docs/DockerCheatSheet.pdf">(PDF
version)</a></li>
<li><a
href="https://github.com/PaulSec/awesome-windows-domain-hardening">Windows
Domain Hardening</a> - A curated list of awesome Security Hardening
techniques for Windows</li>
</ul>
<h2 id="programming">Programming</h2>
<ul>
<li><a
href="https://github.com/coodict/javascript-in-one-pic">JavaScript Cheat
Sheet</a> - Learn javascript in one picture <a
href="https://git.io/Js-pic">(Online version)</a> <a
href="docs/js-in-one-pic.png">(PNG version)</a></li>
<li><a href="https://github.com/siyuanzhao/python3-in-one-pic">Python
Cheat Sheet #1</a> - Learn python3 in one picture <a
href="docs/python-3-in-one-pic.png">(PNG version)</a></li>
<li><a href="https://github.com/coodict/python3-in-one-pic">Python Cheat
Sheet #2</a> - Learn python3 in one picture <a
href="https://git.io/Coo-py3">(Online version)</a> <a
href="docs/py3-in-one-pic.png">(PNG version)</a></li>
<li><a href="docs/python-snippets.md">Python Snippets Cheat Sheet</a> -
List of helpful re-usable code snippets in Python</li>
</ul>
<p><a
href="https://github.com/coreb1t/awesome-pentest-cheat-sheets">pentestcheatsheets.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink