Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-pentest-cheat-sheets

Collection of the cheat sheets useful for pentesting
https://github.com/coreb1t/awesome-pentest-cheat-sheets

Last synced: 1 day ago
JSON representation

Write-Ups
- XSS
  - Facebook Bug Bounties - Categorized Facebook Bug Bounties write-ups
  - Write-Ups for CTF challenges
Security Talks and Videos
- InfoCon - Hacking Conference Archive
- Curated list of Security Talks and Videos
General
- OSX Command Line Cheat Sheet
- PowerShell Cheat Sheet - SANS PowerShell Cheat Sheet from SEC560 Course [(PDF version)](docs/PowerShellCheatSheet_v41.pdf)
- Rawsec's CyberSecurity Inventory - An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ([Source](https://gitlab.com/rawsec/rawsec-cybersecurity-list))
- Docker Cheat Sheet
- Mobile App Pentest Cheat Sheet
- Regexp Security Cheat Sheet
- Security Cheat Sheets - A collection of security cheat sheets
- Unix / Linux Cheat Sheet
Discovery
- Google Dorks - Google Dorks Hacking Database (Exploit-DB)
- ZoomEye - Zoomeye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.
- Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information
- Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information
Exploitation
- Empire Cheat Sheet - [Empire](http://www.powershellempire.com) is a PowerShell and Python post-exploitation framework
- Local File Inclusion (LFI) Cheat Sheet #1 - Arr0way's LFI Cheat Sheet
- Local File Inclusion (LFI) Cheat Sheet #2 - Aptive's LFI Cheat Sheet
- Metasploit Unleashed - The ultimate guide to the Metasploit Framework
- Metasploit Cheat Sheet - A quick reference guide [(PNG version)](docs/Metasploit-CheatSheet.png)[(PDF version)](docs/Metasploit-CheatSheet.pdf)
- PowerSploit Cheat Sheet - [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) is a powershell post-exploitation framework
- PowerView 2.0 Tricks
- PowerView 3.0 Tricks
- PHP htaccess Injection Cheat Sheet - htaccess Injection Cheat Sheet by PHP Secure Configuration Checker
- Reverse Shell Cheat Sheet #1 - Pentestmonkey Reverse Shell Cheat Sheet
- Reverse Shell Cheat Sheet #2 - Arr0way's Reverse Shell Cheat Sheet
- SQL Injection Cheat Sheet - Netsparker's SQL Injection Cheat Sheet
- SQLite3 Injection Cheat Sheet
- Java Deserialization Cheat Sheet - A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities
Learning Platforms
- Online
  - Hack The Box :: Penetration Testing Labs
  - Pentestit labs - Hands-on Pentesting Labs (OSCP style)
  - Root-me.org - Hundreds of challenges are available to train yourself in different and not simulated environments
  - Vulnhub.com - Vulnerable By Design VMs for practical 'hands-on' experience in digital security
- Off-Line
  - OWASP Vulnerable Web Applications Directory Project (Offline) - List of offline available vulnerable applications for learning purposes
Privilege Escalation
- Linux Privilege Escalation
  - Basic Linux Privilege Escalation - Linux Privilege Escalation by [@g0tmi1k](https://twitter.com/g0tmi1k)
  - Linux_Exploit_Suggester.pl - Linux Exploit Suggester written in Perl (last update 3 years ago)
  - linuxprivchecker.py - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
  - Linux_Exploit_Suggester.pl v2 - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
  - Linux Soft Exploit Suggester - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities
  - checksec.sh - bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
- Windows Privilege Escalation
  - PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by [harmj0y](https://twitter.com/harmj0y) [(direct link)](https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1)
  - PowerUp Cheat Sheet
  - Windows Exploit Suggester - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
- Learn Privilege Escalation
  - Windows / Linux Local Privilege Escalation Workshop - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems and includes slides, videos, test VMs.
Tools
- Windows Privilege Escalation
  - SQLmap Tamper Scripts - SQLmap Tamper Scripts General/MSSQL/MySQL
  - VIM Cheatsheet
  - XSS'OR Encoder/Decoder - Online Decoder/Encoder for testing purposes (@evilcos)
  - WebGun - WebGun, XSS Payload Creator (@brutelogic)
  - Hackvertor - Tool to convert various encodings and generate attack vectors (@garethheyes)
  - JSFiddle - Test and share XSS payloads, [Example PoC](https://jsfiddle.net/xqjpsh65/)
Payloads
- XSS
  - XSS Polyglot Payloads #1 - Unleashing an Ultimate XSS Polyglot list by 0xsobky
  - XSS Polyglot Payloads #2 - [@filedescriptor](https://twitter.com/filedescriptor)'s XSS
  - Browser's-XSS-Filter-Bypass-Cheat-Sheet - Excellent List of working XSS bypasses running on the latest version of Chrome / Safari, IE 11 / Edge created by Masato Kinugawa
Defence Topics
- Tools
  - Docker Security Cheat Sheet - The following tips should help you to secure a container based system [(PDF version)](docs/DockerCheatSheet.pdf)
Enumeration
- enum4linux-ng - Python tool for enumerating information from Windows/Samba systems

Programming Languages

Python 2 Roff 1 Perl 1 Batchfile 1 PHP 1

Ecosyste.ms: Awesome

awesome-pentest-cheat-sheets

Write-Ups

XSS

Security Talks and Videos

General

Discovery

Exploitation

Learning Platforms

Online

Off-Line

Privilege Escalation

Linux Privilege Escalation

Windows Privilege Escalation

Learn Privilege Escalation

Tools

Windows Privilege Escalation

Payloads

XSS

Defence Topics

Tools

Enumeration