Pentest CheatSheet

2 min read

Visits: 4283

Pentest Tips & Tricks :

https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/
https://github.com/Voorivex/pentest-guide
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/ahmetgurel/Pentest-Hints


Reverse shell generator :

https://www.revshells.com/


Name That Hash :

The Modern Hash Identification System

https://nth.skerritt.blog/


Web Application Penetration Testing Checklist :

https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6

https://r3surr3c7.gitbook.io/notes/web-pentesting-checklist

https://pentestbook.six2dez.com/others/web-checklist

https://thackamura.github.io/web-checklist/


API-Security-Checklist :

https://github.com/shieldfy/API-Security-Checklist


WADComs :

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

https://wadcoms.github.io/


XSS Cheat Sheet :

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

https://hackersonlineclub.com/cross-site-scripting-xss/

https://0xhorizon.eu/cheat-sheet/xss/

https://kipalog.com/posts/Some-XSS-payload

https://chawdamrunal.medium.com/xss-cheat-sheet-e8b8261963c9

https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting

https://snoopysecurity.github.io/web-application-security/2019/08/02/08_common_xss_payloads_i_use.html

https://netsec.expert/posts/xss-in-2021/

https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html


SQL Injection CheatSheet :

https://www.hackingloops.com/sql-injection-cheat-sheet/

https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet

https://admiralgaust.github.io/SQL-Injection-cheat-sheet/

https://cybr.com/ethical-hacking-archives/sqlmap-cheat-sheets-to-help-you-find-sql-injections/

https://www.interviewbit.com/sql-injection-cheat-sheet/

https://brightsec.com/blog/sql-injection-payloads/

https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF


OFFENSIVE SECURITY CHEATSHEET :

https://cheatsheet.haax.fr/


Useful one liners :

https://gist.github.com/johnnypea/b0cd77e5734d65691fa21d93274b305b


Explainshell :

write down a command-line to see the help text that matches each argument.

https://explainshell.com/


CTF Cheatsheet :

https://github.com/Rajchowdhury420/CTF-CheatSheet

https://github.com/sl4x0/Web-CTF-Cheatsheet


All About OSCP :

https://oscp.infosecsanyam.in/


OWASP Cheatsheet :

https://cheatsheetseries.owasp.org/


Security Knowledge Base :

http://github.sofianehamlaoui.fr/Security-Cheatsheets/


Privilege Escalation Windows :

https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html

https://lolbas-project.github.io/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

https://book.hacktricks.xyz/windows/windows-local-privilege-escalation


CyberChef :

The Cyber Swiss Army Knife – a web app for encryption, encoding, compression and data analysis.

https://gchq.github.io/CyberChef/


Aperi’Solve :

Aperi’Solve is an online platform which performs layer analysis on image.

https://aperisolve.fr/


XOR Calculator :

Calculate the exclusive or (XOR) with a simple web-based calculator. Input and output in binary, decimal, hexadecimal or ASCII.

http://xor.pw/


Hackitude :

https://www.hackitude.in/


GTFOBINS :

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

https://gtfobins.github.io/


OSCP-CHEATSHEET :

https://github.com/Swafox/OSCP/blob/master/oscp-cheatsheet.md


HackTricks :

https://book.hacktricks.xyz/


Bug Bounty Cheatsheet/Tools/Templates :

https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html

https://github.com/EdOverflow/bugbounty-cheatsheet
https://taksec.github.io/google-dorks-bug-bounty/
https://github.com/topscoder/nuclei-wordfence-cve
https://github.com/daffainfo/AllAboutBugBounty


Payloads All The Things :

A list of useful payloads and bypass for Web Application Security and Pentest/CTF.

https://github.com/swisskyrepo/PayloadsAllTheThings


Active Directory attack cheat sheet :

https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/

https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet


Active Directory Enumeration :

https://www.hackingarticles.in/active-directory-enumeration-powerview/


Red Teaming Experiments :

https://www.ired.team/


OSINT-FR | Tools to begin in Open Source Intelligence :

https://osintfr.com/en/tools/


Windows Enumeration :

https://nored0x.github.io/red-teaming/windows-enumeration/


Hacking Tools Cheat Sheet :

pentest