Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-pentest-cheat-sheets
Collection of the cheat sheets useful for pentesting
https://github.com/coreb1t/awesome-pentest-cheat-sheets
Last synced: about 2 hours ago
JSON representation
-
Write-Ups
-
XSS
- Facebook Bug Bounties - Categorized Facebook Bug Bounties write-ups
- Write-Ups for CTF challenges
-
-
Security Talks and Videos
-
General
- OSX Command Line Cheat Sheet
- PowerShell Cheat Sheet - SANS PowerShell Cheat Sheet from SEC560 Course [(PDF version)](docs/PowerShellCheatSheet_v41.pdf)
- Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([Source](https://gitlab.com/rawsec/rawsec-cybersecurity-list))
- Docker Cheat Sheet
- Mobile App Pentest Cheat Sheet
- Regexp Security Cheat Sheet
- Security Cheat Sheets - A collection of security cheat sheets
- Unix / Linux Cheat Sheet
- OSX Command Line Cheat Sheet
- Unix / Linux Cheat Sheet
-
Discovery
- Google Dorks - Google Dorks Hacking Database (Exploit-DB)
- ZoomEye - Zoomeye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.
- Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information
- Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information
-
Exploitation
- Empire Cheat Sheet - [Empire](http://www.powershellempire.com) is a PowerShell and Python post-exploitation framework
- Local File Inclusion (LFI) Cheat Sheet #1 - Arr0way's LFI Cheat Sheet
- Local File Inclusion (LFI) Cheat Sheet #2 - Aptive's LFI Cheat Sheet
- Metasploit Unleashed - The ultimate guide to the Metasploit Framework
- Metasploit Cheat Sheet - A quick reference guide [(PNG version)](docs/Metasploit-CheatSheet.png)[(PDF version)](docs/Metasploit-CheatSheet.pdf)
- PowerSploit Cheat Sheet - [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) is a powershell post-exploitation framework
- PowerView 2.0 Tricks
- PowerView 3.0 Tricks
- PHP htaccess Injection Cheat Sheet - htaccess Injection Cheat Sheet by PHP Secure Configuration Checker
- Reverse Shell Cheat Sheet #1 - Pentestmonkey Reverse Shell Cheat Sheet
- Reverse Shell Cheat Sheet #2 - Arr0way's Reverse Shell Cheat Sheet
- SQL Injection Cheat Sheet - Netsparker's SQL Injection Cheat Sheet
- SQLite3 Injection Cheat Sheet
- Java Deserialization Cheat Sheet - A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities
-
Learning Platforms
-
Online
- Hack The Box :: Penetration Testing Labs
- Pentestit labs - Hands-on Pentesting Labs (OSCP style)
- Root-me.org - Hundreds of challenges are available to train yourself in different and not simulated environments
- Vulnhub.com - Vulnerable By Design VMs for practical 'hands-on' experience in digital security
-
Off-Line
- OWASP Vulnerable Web Applications Directory Project (Offline) - List of offline available vulnerable applications for learning purposes
-
-
Privilege Escalation
-
Linux Privilege Escalation
- Basic Linux Privilege Escalation - Linux Privilege Escalation by [@g0tmi1k](https://twitter.com/g0tmi1k)
- Linux_Exploit_Suggester.pl - Linux Exploit Suggester written in Perl (last update 3 years ago)
- linuxprivchecker.py - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
- Linux_Exploit_Suggester.pl v2 - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
- Linux Soft Exploit Suggester - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities
- checksec.sh - bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
-
Windows Privilege Escalation
- PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by [harmj0y](https://twitter.com/harmj0y) [(direct link)](https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)
- PowerUp Cheat Sheet
- Windows Exploit Suggester - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
-
Learn Privilege Escalation
- Windows / Linux Local Privilege Escalation Workshop - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems and includes slides, videos, test VMs.
-
-
Tools
-
Windows Privilege Escalation
- SQLmap Tamper Scripts - SQLmap Tamper Scripts General/MSSQL/MySQL
- VIM Cheatsheet
- XSS'OR Encoder/Decoder - Online Decoder/Encoder for testing purposes (@evilcos)
- WebGun - WebGun, XSS Payload Creator (@brutelogic)
- Hackvertor - Tool to convert various encodings and generate attack vectors (@garethheyes)
- JSFiddle - Test and share XSS payloads, [Example PoC](https://jsfiddle.net/xqjpsh65/)
-
-
Payloads
-
XSS
- XSS Polyglot Payloads #1 - Unleashing an Ultimate XSS Polyglot list by 0xsobky
- XSS Polyglot Payloads #2 - [@filedescriptor](https://twitter.com/filedescriptor)'s XSS
- Browser's-XSS-Filter-Bypass-Cheat-Sheet - Excellent List of working XSS bypasses running on the latest version of Chrome / Safari, IE 11 / Edge created by Masato Kinugawa
-
-
Defence Topics
-
Tools
- Docker Security Cheat Sheet - The following tips should help you to secure a container based system [(PDF version)](docs/DockerCheatSheet.pdf)
-
-
Enumeration
- enum4linux-ng - Python tool for enumerating information from Windows/Samba systems
Programming Languages
Categories
Sub Categories
Keywords
security
3
pentesting
2
pentest
2
ctf-tools
1
static-analysis
1
runtime-analysis
1
reverse-engineers
1
network-analysis
1
mobile-app
1
ios-app
1
dynamic-analysis
1
android-application
1
docker
1
cheet-sheet
1
infosec
1
hacking
1
conferences
1
enum4linux
1
enumeration
1
hackthebox
1
htb
1
pentest-tools
1
security-audit
1
java-deserialization
1
javadeser
1
ctf
1
elevate
1
exploits
1
hacking-tool
1
linux
1
security-tools
1
vulnerabilities
1