awesome-pentest-cheat-sheets

Pentest resource

A collection of cheat sheets and check lists useful for security testing and penetration

Collection of cheat sheets useful for pentesting

GitHub

365 stars
4 watching
19 forks
last commit: 5 months ago
Linked from 2 awesome lists

cheat-sheetcheat-sheet-pentestpenetration-testingpenetration-testing-toolspentestpentest-cheat-sheetspentestingpentesting-resources

Awesome Pentest Cheat Sheets / Security Talks and Videos

Cybersecurity Conference Directory All Cybersecurity, InfoSec & IT Conferences and Events
Confsec 498 3 months ago List of Security Events 2024
InfoCon The Hacking Conference Archive
Awesome Security Talks 4,052 over 3 years ago Curated list of Security Talks and Videos

Awesome Pentest Cheat Sheets / General cheat sheets

The Hackers' Choice Tips & Tricks Cheatsheet 3,149 18 days ago
Docker Cheat Sheet 22,143 4 months ago
macOS Command Line Cheat Sheet 28,946 about 3 years ago
PowerShell Cheat Sheet SANS PowerShell Cheat Sheet from SEC560 Course
Rawsec's CyberSecurity Inventory An open-source inventory of tools, resources, CTF platforms and Operating Systems about CyberSecurity. ( )
Regexp Security Cheat Sheet 711 over 2 years ago
Security Cheat Sheets 22 almost 8 years ago A collection of security cheat sheets
Unix Commands Cheat Sheet
Linux File Permissions Cheat Sheet
DostoevskyLabs' Pentest notes Pentest Notes collection from DostoevskyLabs
Thick Client Pentest Checklist 132 about 2 years ago Pentest Checklist for Thick-Client Penetration Tests
HauSec's Pentesting Cheat sheet Pentest Cheat sheet from HauSec

Awesome Pentest Cheat Sheets / Mobile Pentesting

Mobile App Pentest Cheat Sheet 4,598 10 months ago Collection of resources on Apple & iOS Penetration Testing
Mobexler Customised virtual machine, designed to help in penetration testing of Android & iOS applications

Awesome Pentest Cheat Sheets / Mobile Pentesting / Android

Android Pentest Checklist Xmind Xmind mindmap for Android Penetration Tests
MASTG 11,779 about 23 hours ago OWASP Mobile Application Security Testing Guide
Android Pentesting Checklist 183 about 1 month ago Case-by-case Checklist for Android Pentests
Android Pentesting Cheat sheet 366 26 days ago Android Pentesting Resources #1
HackTricks - Android Pentesting HackTricks Collection of Android Pentesting
InjuredAndroid 664 over 3 years ago
Damn vulnerable Bank 654 12 months ago
InsecureShop 232 over 2 years ago
AndroGoat 212 over 2 years ago
Android-Insecurebankv2 1,265 7 months ago
OVAA 656 4 months ago
DIVA 967 over 1 year ago

Awesome Pentest Cheat Sheets / Mobile Pentesting / Apple

iOS Pentest Checklist 310 4 months ago Checklist for iOS/IPA Penetration Tests
Hacktricks iOS Checklist Another Checklist for iOS/IPA Penetration Tests | Hacktricks Cloud
PentestGlobal IOS gitbook Gitbook about iOS Pentesting
Can i jailbreak? List of each jailbreak needed for each iOS version
Jailbreaks.app Downloads for Odyssey, Taurine Jailbreaks

Awesome Pentest Cheat Sheets / Cloud Pentesting / Kubernetes

Awesome Kubernetes (K8s) Security 1,915 about 1 year ago Collection of Kubernetes security resources
Kubetools Kubernetes security tools
HackingKubernetes 99 over 2 years ago Collection of Kubernetes Pentesting Resources
Kubernetes Goat 4,421 10 days ago Vulnerable-by-Design cluster environment for training
KubePwn 54 about 4 years ago Another Collection of resources about Kubernetes security
HackTricks - Kubernetes Pentesting HackTricks Collection of Kubernetes Pentesting
Part 1
Part 2
Part 3

Awesome Pentest Cheat Sheets / Cloud Pentesting / Azure

Awesome Azure Pentest 1,014 11 months ago A curated list of useful tools and resources for penetration testing and securing Microsofts cloud platform Azure
HackTricks - Azure Pentesting HackTricks Collection of Kubernetes Pentesting

Awesome Pentest Cheat Sheets / Active Directory

Active Directory Exploitation Cheat Sheet 5,669 about 2 months ago Cheat sheet for Active Directory Exploitation
OSCP Active Directory Cheat Sheet 139 almost 3 years ago Cheat sheet for Active Directory Attacks used in OSCP
WADComs Interactive cheat sheet - list of offensive security tools and their respective commands to be used against Windows/AD environments
HackTricks - Active Directory Pentesting HackTricks Collection of Active Directory Pentesting
GOAD 5,416 23 days ago Vulnerable-by-Design Active Directory environment
Ultimate BloodHound Guide The Ultimate Guide for BloodHound Community Edition (BHCE)
Windows Red Team Cheat sheet 124 over 2 years ago Windows for Red Teamers Cheat Sheet ( )
Resource Collection #1 30 almost 3 years ago Collection of Active Directory Pentesting resources #1
Resource Collection #2 16 7 months ago Collection of Active Directory Pentesting resources #2
Resource Collection #3 150 about 3 years ago Collection of Active Directory Pentesting resources #3
Resource Collection #4 2,483 almost 2 years ago Collection of Active Directory Pentesting resources #4

Awesome Pentest Cheat Sheets / Pentest Methodology / Discovery

Google Dorks Google Dorks Hacking Database (Exploit-DB)
Shodan 365 5 months ago Shodan is a search engine for finding specific devices, and device types, that exist online
ZoomEye Zoomeye is a Cyberspace Search Engine recording information of devices, websites, services and components etc
Amass 12,067 7 days ago OWASP Network mapping of attack surfaces and external asset discovery using open source information
Censys Similar to shodan, search engine for specific devices including IoT

Awesome Pentest Cheat Sheets / Pentest Methodology / Enumeration

enum4linux-ng 1,189 4 months ago Python tool for enumerating information from Windows/Samba systems
0xdf - SMB Enumeration 0xdf's SMB Enumeration Cheat Sheet
OSCP Enumeration Cheat sheet 102 over 3 years ago Cheat sheet for Enumeration for OSCP Certificate
CrackMapExec Cheatsheet Cheat sheet for CrackMapExec (CME)

Awesome Pentest Cheat Sheets / Pentest Methodology / Exploitation

Empire Cheat Sheet 1,042 about 7 years ago is a PowerShell and Python post-exploitation framework
Exploit Development Cheat Sheet 365 5 months ago 's exploit development in one picture
Java Deserialization Cheat Sheet 3,035 over 1 year ago A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities
Local File Inclusion (LFI) Cheat Sheet #1 Arr0way's LFI Cheat Sheet
Local File Inclusion (LFI) Cheat Sheet #2 Aptive's LFI Cheat Sheet
Metasploit Unleashed The ultimate guide to the Metasploit Framework
Metasploit Cheat Sheet A quick reference guide
PowerSploit Cheat Sheet 1,042 about 7 years ago is a powershell post-exploitation framework
PowerView 2.0 Tricks
PowerView 3.0 Tricks
PHP htaccess Injection Cheat Sheet 814 8 months ago PHP htaccess Injection Cheat Sheet by PHP Secure Configuration Checker
Reverse Shell Cheat Sheet #1 Pentestmonkey Reverse Shell Cheat Sheet
Reverse Shell Cheat Sheet #2 Arr0way's Reverse Shell Cheat Sheet
SQL Injection Cheat Sheet Netsparker's SQL Injection Cheat Sheet
SQLite3 Injection Cheat Sheet

Awesome Pentest Cheat Sheets / Pentest Methodology / Post-Exploitation

Awesome Windows Post Exploitation 524 about 3 years ago Collection of resources for Windows Post-Exploitation
HackTricks - Post Exploitation HackTricks Collection of Post-Exploitation

Awesome Pentest Cheat Sheets / Pentest Methodology / Privilege Escalation

Windows / Linux Local Privilege Escalation Workshop 1,879 about 2 years ago The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems and includes slides, videos, test VMs
Basic Linux Privilege Escalation Linux Privilege Escalation by
linux-exploit-suggester.sh 5,653 9 months ago Linux privilege escalation auditing tool written in bash (updated)
Linux_Exploit_Suggester.pl 1,779 over 10 years ago Linux Exploit Suggester written in Perl (last update 3 years ago)
Linux_Exploit_Suggester.pl v2 1,858 almost 2 years ago Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
Linux Soft Exploit Suggester 222 over 1 year ago Linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities
checksec.sh 2,026 24 days ago Bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
linuxprivchecker.py This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
LinEnum 7,032 about 1 year ago This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs if visible, weak credentials etc.(@Rebootuser)
linPEAS 16,117 22 days ago LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local Linux Privilege Escalation checklist from
MimiPenguin 3,812 over 1 year ago A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz.
PowerUp 11,936 over 4 years ago Excellent powershell script for checking of common Windows privilege escalation vectors. Written by
PowerUp Cheat Sheet 1,042 about 7 years ago
Windows Exploit Suggester 3,968 over 1 year ago Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
Sherlock 1,895 about 6 years ago PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
Watson 1,556 almost 4 years ago Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
Precompiled Windows Exploits 1,831 about 4 years ago Collection of precompiled Windows exploits
Metasploit Modules 34,232 about 17 hours ago

Awesome Pentest Cheat Sheets / Web Pentesting

OWASP Web Security Testing Guide
Web Pentest Checklist Checklist for Web Application Penetration Tests
SQL Injection Cheatsheet PortSwigger SQL Injection Cheat Sheet
Cross-Site-Scripting Cheat sheet PortSwigger Cross-Site-Scripting (XSS) Cheat sheet
Google CSP Evaluator Google's CSP Evaluator
Awesome Web Hacking 5,875 2 days ago Collection of resources for Web Pentesting #1
Awesome Web Security 11,474 9 months ago Collection of resources for Web Pentesting #2
XSS Polyglot Payloads #1 1,948 about 2 years ago Unleashing an Ultimate XSS Polyglot list by 0xsobky
XSS Polyglot Payloads #2 's XSS
Browser's-XSS-Filter-Bypass-Cheat-Sheet 1,116 over 7 years ago Excellent List of working XSS bypasses running on the latest version of Chrome, Safari, Edge created by Masato Kinugawa
PortSwigger Web Penetration Testing Labs

Awesome Pentest Cheat Sheets / Binary Exploitation

Binary Exploitation Red Team Notes Ired.team notes for Binary Exploitation
Binary Exploitation Notes Ir0nstone's Binary Exploitation Notes
Sticky Notes Binary Exploitation Sticky Notes colletion for Binary Exploitation
checksec.py 314 2 months ago Cross-Platform CheckSec Tool for checking binary security properties
HackTricks - Binary Exploitation HackTricks Collection of Binary Exploitation
Liveoverflow - Binary Exploitation LiveOverflow's Binary Exploitation YouTube playlist
PwnTools Cheat sheet Cheat sheet for PwnTools python library
pwndbg Cheat sheet Cheat sheet for pwndbg GDB plug-in
GDB PEDA Cheat sheet 16 almost 8 years ago Cheat sheet for PEDA GDB plug-in

Awesome Pentest Cheat Sheets / Learning Platforms

Hack The Box :: Penetration Testing Labs Leading penetration testing training labs platform
TryHackMe Free online platform for learning cyber security & penetration testing
OWASP Vulnerable Web Applications Directory Project (Online) List of online available vulnerable applications for learning purposes
Pentestit labs Hands-on Pentesting Labs (OSCP style)
Root-me.org Hundreds of challenges are available to train yourself in different and not simulated environments
Vulnhub.com Vulnerable By Design VMs for practical 'hands-on' experience in digital security
Damn Vulnerable Xebia Training Environment 102 over 2 years ago Docker Container including several vurnerable web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
OWASP Vulnerable Web Applications Directory Project (Offline) List of offline available vulnerable applications for learning purposes
Vulnerable SOAP Web Service Vulnerable SOAP web service lab environment
Vulnerable Flask Web App Vulnerable Flask Web App lab environment

Awesome Pentest Cheat Sheets / Bug Bounty

Awesome BugBounty Tools 4,285 about 2 months ago A curated list of various bug bounty tools
bug-bounty-platforms 634 5 months ago Open-Sourced Collection of Bug Bounty Platforms
m0chan - Bug Bounty Methodology m0chan's Bug Bounty Methodology Collection
NahamSec - Resources for Beginners 10,777 4 months ago NahamSec's Resources for Beginner Bug Bounty Hunters Collection
AllAboutBugBounty 5,855 about 1 year ago BugBounty notes gathered from various sources
Bug-Bounty-Resources 64 about 6 years ago Collection of Bug Bounty Resources #1
Bug-Bounty-Resources 381 over 2 years ago Collection of Bug Bounty Resources #2
Ryan John Bug Bounty Playlist Collection of Ryan John's BugBounty videos ( )
LiveOverFlow Bug Bounty Playlist Collection of LiveOverflow's Bug bounty videos
BBRE Podcast Bug Bounty Reports Explained Podcast
Critical Thinking Podcast Critical Thinking Bug Bounty Podcast

Awesome Pentest Cheat Sheets / Bug Bounty / Tools

Nmap Cheat Sheet 365 5 months ago
SQLmap Cheat Sheet 365 5 months ago
SQLmap Tamper Scripts SQLmap Tamper Scripts General/MSSQL/MySQL
VIM Cheatsheet
Wireshark Display Filters 365 5 months ago Filters for the best sniffing tool

Awesome Pentest Cheat Sheets / Bug Bounty / Tools Online

revshells.com Reverse shell payload generator ( )
Segfault Segfault: Free disposable root servers (by )
suip.biz Various free online pentesting tools like nmap, wpscan, sqlmap
XSS'OR Encoder/Decoder Online Decoder/Encoder for testing purposes (@evilcos)
WebGun WebGun, XSS Payload Creator (@brutelogic)
Hackvertor Tool to convert various encodings and generate attack vectors (@garethheyes)
JSFiddle Test and share XSS payloads,

Awesome Pentest Cheat Sheets / Bug Bounty / Payloads

Fuzzdb 8,242 about 1 year ago Dictionary of attack patterns and primitives for black-box application testing Polyglot Challenge with submitted solutions
SecList 58,770 about 22 hours ago A collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more

Awesome Pentest Cheat Sheets / Bug Bounty / Write-Ups

Bug Bounty Reference 3,753 4 months ago Huge list of bug bounty write-up that is categorized by the bug type (SQLi, XSS, IDOR, etc.)
Write-Ups for CTF challenges
Facebook Bug Bounties Categorized Facebook Bug Bounties write-ups

Awesome Pentest Cheat Sheets / Bug Bounty / Wireless Hacking

wifite2 30 almost 8 years ago Full automated WiFi security testing script

Awesome Pentest Cheat Sheets / Bug Bounty / Defence Topics

Docker Security Cheat Sheet The following tips should help you to secure a container based system
Windows Domain Hardening 1,749 almost 5 years ago A curated list of awesome Security Hardening techniques for Windows

Awesome Pentest Cheat Sheets / Bug Bounty / Programming

JavaScript Cheat Sheet 6,692 about 2 years ago Learn JavaScript in one picture
Python Cheat Sheet #1 16 about 9 years ago Learn python3 in one picture
Python Cheat Sheet #2 4,975 over 2 years ago Learn python3 in one picture
Python Snippets Cheat Sheet 365 5 months ago List of helpful re-usable code snippets in Python

Backlinks from these awesome lists:

More related projects: