Hacking Resources
Hacking Resources Cheat Sheet¶
General Tools & Resources¶
| Title | Description |
|---|---|
| GTFObins | A curated list of Unix binaries that can be exploited to bypass local security restrictions. |
| CyberChef | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, and data analysis. |
| LOLBAS | Living Off The Land Binaries and Scripts - a collection of binaries that can be used by an attacker post-exploitation. |
| linPEAS | A script that searches for possible privilege escalation paths on Linux/Unix systems. |
| LaZagne | An open-source application used to retrieve passwords stored on a local computer. |
| CeWL | A custom word list generator which spiders a given URL to a specified depth. |
| MimiPenguin | A tool to dump the login password from the current Linux user. |
| firefox_decrypt | A tool to extract and decrypt passwords from Firefox's encrypted database. |
| DefaultCreds Cheat Sheet | A repository containing a comprehensive list of default credentials for various services. |
| FeroxBuster | A simple, fast, recursive content discovery tool written in Rust |
| Sherlock | A tool to find usernames across many social networks and websites. |
| BloodHound | A tool to analyze Active Directory relationships and attack paths. |
| Responder | A tool to capture NTLM hashes by responding to NetBIOS name service requests. |
| Impacket | A collection of Python classes for working with network protocols, used in many post-exploitation scenarios. |
| DNScat2 | Send data through DNS |
| DNScat2 client - powershell | DNSCat2 Client with PowerShell |
Online Tools & Repositories¶
| Title | Description |
|---|---|
| PayloadsAllTheThings | A collection of useful payloads and bypasses for Web Application Security. |
| unPacker | A tool to unpack encoded/packed files online. |
| RevShells | An online reverse shell generator. |
| Ippsec Rocks | A searchable database of IppSec's Hack The Box videos. |
| LinPEAS GitHub | A script that enumerates the system for privilege escalation possibilities on Linux. |
| Firefox Decrypt | A tool to decrypt Firefox's password database. |
| MimiPenguin | Dumps the login password from the current Linux user. |
| WinPEAS GitHub | A script to enumerate privilege escalation vectors on Windows systems. |
| GTFOBins | A repository of Unix binaries that can be used to bypass security restrictions. |
| LOLBas | A project collecting Living Off The Land binaries and scripts used post-exploitation. |
Useful Data Repositories¶
| Title | Description |
|---|---|
| Hacktricks | Just the Hacking Bible |
| CeWL GitHub | Generates custom wordlists by spidering websites. |
| TJNull's OSCP like machines | A comprehensive list of vulnerable services and their details. |
| LainKusanagi's OSCP like machines | A shared document listing weak/default passwords for various systems. |
| DefaultCreds Cheat Sheet | Repository of default credentials for various services and devices. |
| PayloadsAllTheThings | A collection of payloads and bypasses for Web Application Security. |
| Windows Exploit Suggester | A tool for identifying potential privilege escalation paths on Windows. |
| Linuxprivchecker | A script to check for common Linux privilege escalation vectors. |