/awesome-pentest-cheat-sheets

Collection of the cheat sheets useful for pentesting

Awesome Pentest Cheat Sheets Awesome

Collection of cheat sheets useful for pentesting

Contribution

Your contributions and suggestions are heartily welcome. Please check the Contributing Guidelines for more details.

General

Discovery

  • Google Dorks - Google Dorks Hacking Database (Exploit-DB)
  • Shodan - Shodan is a search engine for finding specific devices, and device types, that exist online

Exploitation

Privilege Escalation

Linux Privilege Escalation

Windows Privilege Escalation

  • PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by harmj0y
  • Windows Exploit Suggester - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
  • Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
  • Precompiled Windows Exploits - Collection of precompiled Windows exploits
  • Metasploit Modules
    • post/multi/recon/local_exploit_suggester - suggests local meterpreter exploits that can be used
    • post/windows/gather/enum_patches - helps to identify any missing patches

Tools

Tools Online

Payloads

Genaral

  • Fuzzdb - Dictionary of attack patterns and primitives for black-box application testing Polyglot Challenge with submitted solutions
  • SecList - A collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more

XSS

Write-Ups

Learning Platforms

Online

Off-Line

Wireless Hacking

Tools

  • wifite2 - Full authomated WiFi security testing script

Defence Topics

Programming