Hacking Resources
Hacking Resources Cheat Sheet¶
General Tools & Resources¶
Title | Description |
---|---|
GTFObins | A curated list of Unix binaries that can be exploited to bypass local security restrictions. |
CyberChef | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, and data analysis. |
LOLBAS | Living Off The Land Binaries and Scripts - a collection of binaries that can be used by an attacker post-exploitation. |
linPEAS | A script that searches for possible privilege escalation paths on Linux/Unix systems. |
LaZagne | An open-source application used to retrieve passwords stored on a local computer. |
CeWL | A custom word list generator which spiders a given URL to a specified depth. |
MimiPenguin | A tool to dump the login password from the current Linux user. |
firefox_decrypt | A tool to extract and decrypt passwords from Firefox's encrypted database. |
DefaultCreds Cheat Sheet | A repository containing a comprehensive list of default credentials for various services. |
FeroxBuster | A simple, fast, recursive content discovery tool written in Rust |
Sherlock | A tool to find usernames across many social networks and websites. |
BloodHound | A tool to analyze Active Directory relationships and attack paths. |
Responder | A tool to capture NTLM hashes by responding to NetBIOS name service requests. |
Impacket | A collection of Python classes for working with network protocols, used in many post-exploitation scenarios. |
DNScat2 | Send data through DNS |
DNScat2 client - powershell | DNSCat2 Client with PowerShell |
Online Tools & Repositories¶
Title | Description |
---|---|
PayloadsAllTheThings | A collection of useful payloads and bypasses for Web Application Security. |
unPacker | A tool to unpack encoded/packed files online. |
RevShells | An online reverse shell generator. |
Ippsec Rocks | A searchable database of IppSec's Hack The Box videos. |
LinPEAS GitHub | A script that enumerates the system for privilege escalation possibilities on Linux. |
Firefox Decrypt | A tool to decrypt Firefox's password database. |
MimiPenguin | Dumps the login password from the current Linux user. |
WinPEAS GitHub | A script to enumerate privilege escalation vectors on Windows systems. |
GTFOBins | A repository of Unix binaries that can be used to bypass security restrictions. |
LOLBas | A project collecting Living Off The Land binaries and scripts used post-exploitation. |
Useful Data Repositories¶
Title | Description |
---|---|
Hacktricks | Just the Hacking Bible |
CeWL GitHub | Generates custom wordlists by spidering websites. |
TJNull's OSCP like machines | A comprehensive list of vulnerable services and their details. |
LainKusanagi's OSCP like machines | A shared document listing weak/default passwords for various systems. |
DefaultCreds Cheat Sheet | Repository of default credentials for various services and devices. |
PayloadsAllTheThings | A collection of payloads and bypasses for Web Application Security. |
Windows Exploit Suggester | A tool for identifying potential privilege escalation paths on Windows. |
Linuxprivchecker | A script to check for common Linux privilege escalation vectors. |