Skip to content

Latest commit

 

History

History
324 lines (238 loc) · 26.7 KB

README.md

File metadata and controls

324 lines (238 loc) · 26.7 KB

Awesome Pentest Cheat Sheets Awesome

Collection of cheat sheets and check lists useful for security and pentesting. The list contains a huge list of very sorted and selected resources, which can help you to save a lot of time.

This repo is the updated version from awesome-pentest-cheat-sheets.

Contents

Contribution

Your contributions and suggestions are heartily welcome. Please check the Contributing Guidelines for more details.

Security Talks and Videos

General cheat sheets

Mobile Pentesting

  • Mobile App Pentest Cheat Sheet - Collection of resources on Apple & iOS Penetration Testing.
  • Mobexler - Customised virtual machine, designed to help in penetration testing of Android & iOS applications.

Android

.

Vulnerable Android Applications

Apple

Cloud Pentesting

Kubernetes

Kubernetes Pentest Methodology (CyberArk)

Azure

Active Directory

Pentest Methodology

Discovery

  • Google Dorks - Google Dorks Hacking Database (Exploit-DB).
  • Shodan - Shodan is a search engine for finding specific devices, and device types, that exist online.
  • ZoomEye - Zoomeye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.
  • Amass - OWASP Network mapping of attack surfaces and external asset discovery using open source information.
  • Censys - Similar to shodan, search engine for specific devices including IoT.

Enumeration

Exploitation

Post-Exploitation

Privilege Escalation

Learn Privilege Escalation

  • Windows / Linux Local Privilege Escalation Workshop - The Privilege Escalation Workshop covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems and includes slides, videos, test VMs. .

Linux Privilege Escalation

  • Basic Linux Privilege Escalation - Linux Privilege Escalation by @g0tmi1k.
  • linux-exploit-suggester.sh - Linux privilege escalation auditing tool written in bash (updated).
  • Linux_Exploit_Suggester.pl - Linux Exploit Suggester written in Perl (last update 3 years ago).
  • Linux_Exploit_Suggester.pl v2 - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated).
  • Linux Soft Exploit Suggester - Linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities.
  • checksec.sh - Bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source).
  • linuxprivchecker.py - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift).
  • LinEnum - This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs if visible, weak credentials etc.(@Rebootuser).
  • linPEAS - LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz.
  • MimiPenguin - A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. .

Windows Privilege Escalation

  • PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by harmj0y (direct link).
  • PowerUp Cheat Sheet
  • Windows Exploit Suggester - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits.
  • Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
  • Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities.
  • Precompiled Windows Exploits - Collection of precompiled Windows exploits.
  • Metasploit Modules
    • post/multi/recon/local_exploit_suggester - suggests local meterpreter exploits that can be used.
    • post/windows/gather/enum_patches - helps to identify any missing patches.

Web Pentesting

Payloads
Labs

Binary Exploitation

.

Learning Platforms

Online

Off-Line

Bug Bounty

Free video courses

Podcasts

Other resources

Tools

Tools Online

Payloads

  • Fuzzdb - Dictionary of attack patterns and primitives for black-box application testing Polyglot Challenge with submitted solutions.
  • SecList - A collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

Write-Ups

Wireless Hacking

Tools

  • wifite2 - Full automated WiFi security testing script .

Defence Topics

Programming