+ HUGE 4000+ Line Update Comming ETD end of Late October 4 real this time!!!
Do you have a million bookmarks saved? Do all of those bookmarks contain unique information? Github repos starred for later?
Well this is a compilation of all of these resources into a single repo known as Cheatsheet-God. No more need for bookmarked links. No need to open a web browser. Its all here for you.
This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want!
All contributions are welcomed! If you feel like you can contribute and make these documents more complete, please do! I'll acknowledge you.
Here's what you do:
- Create Issue Request describing your
enhancement - Fork this repository
- Push some code to your fork
- Come back to this repository and open a PR
- After some review, get that PR merged to master
- Make sure to update Issue Request so that I can credit you! You ROCK!
Feel free to also open an issue with any questions, help wanted, or requests!
- Inspiration: Making a cheatsheet god would be proud of using.
- Hat tip to anyone who ever contributed
-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities
-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section
-
Amazing Blog http://hackingandsecurity.blogspot.com
-
OSCP Journey https://scriptkidd1e.wordpress.com/oscp-journey/
-
Offensive Security PWB and OSCP My Experience http://www.securitysift.com/offsec-pwb-oscp/
-
Down with OSCP http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
-
Jolly Frogs - Tech Exams (Very thorough) http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
-
Exploit-db https://www.exploit-db.com/
-
SecurityFocus - Vulnerability database http://www.securityfocus.com/
-
Vuln Hub - Vulnerable by design https://www.vulnhub.com/
-
Offensive Security’s PWB and OSCP — My Experience
http://www.securitysift.com/offsec-pwb-oscp/ -
Exploit Exercises https://exploit-exercises.com/
-
SecLists - collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads https://github.com/danielmiessler/SecLists
-
Security Tube http://www.securitytube.net/
-
Metasploit Unleashed - free course on how to use Metasploit https://www.offensive-security.com/metasploit-unleashed/
-
0Day Security Enumeration Guide http://www.0daysecurity.com/penetration-testing/enumeration.html
Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md
OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets
CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf
Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/
Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/
Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/
Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/
MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/
Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6
Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5
Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
NetCat
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://h.ackack.net/cheat-sheets/netcat
Collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads
https://github.com/danielmiessler/SecLists
Security Tube
http://www.securitytube.net/
0Day Security Enumeration Guide
http://www.0daysecurity.com/penetration-testing/enumeration.html
Github IO Book - Pen Testing Methodology
https://monkeysm8.gitbooks.io/pentesting-methodology/
Fuzzy Security http://www.fuzzysecurity.com/tutorials/16.html
accesschk.exe
https://technet.microsoft.com/en-us/sysinternals/bb664922
Windows Priv Escalation For Pen Testers https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Elevating Privileges to Admin and Further
https://hackmag.com/security/elevating-privileges-to-administrative-and-further/
Transfer files to windows machines
https://blog.netspi.com/15-ways-to-download-a-file/