Skip to content

Hacking Resources

Hacking Resources Cheat Sheet

General Tools & Resources

Title Description
GTFObins A curated list of Unix binaries that can be exploited to bypass local security restrictions.
CyberChef The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, and data analysis.
LOLBAS Living Off The Land Binaries and Scripts - a collection of binaries that can be used by an attacker post-exploitation.
linPEAS A script that searches for possible privilege escalation paths on Linux/Unix systems.
LaZagne An open-source application used to retrieve passwords stored on a local computer.
CeWL A custom word list generator which spiders a given URL to a specified depth.
MimiPenguin A tool to dump the login password from the current Linux user.
firefox_decrypt A tool to extract and decrypt passwords from Firefox's encrypted database.
DefaultCreds Cheat Sheet A repository containing a comprehensive list of default credentials for various services.
FeroxBuster A simple, fast, recursive content discovery tool written in Rust
Sherlock A tool to find usernames across many social networks and websites.
BloodHound A tool to analyze Active Directory relationships and attack paths.
Responder A tool to capture NTLM hashes by responding to NetBIOS name service requests.
Impacket A collection of Python classes for working with network protocols, used in many post-exploitation scenarios.
DNScat2 Send data through DNS
DNScat2 client - powershell DNSCat2 Client with PowerShell

Online Tools & Repositories

Title Description
PayloadsAllTheThings A collection of useful payloads and bypasses for Web Application Security.
unPacker A tool to unpack encoded/packed files online.
RevShells An online reverse shell generator.
Ippsec Rocks A searchable database of IppSec's Hack The Box videos.
LinPEAS GitHub A script that enumerates the system for privilege escalation possibilities on Linux.
Firefox Decrypt A tool to decrypt Firefox's password database.
MimiPenguin Dumps the login password from the current Linux user.
WinPEAS GitHub A script to enumerate privilege escalation vectors on Windows systems.
GTFOBins A repository of Unix binaries that can be used to bypass security restrictions.
LOLBas A project collecting Living Off The Land binaries and scripts used post-exploitation.

Useful Data Repositories

Title Description
Hacktricks Just the Hacking Bible
CeWL GitHub Generates custom wordlists by spidering websites.
TJNull's OSCP like machines A comprehensive list of vulnerable services and their details.
LainKusanagi's OSCP like machines A shared document listing weak/default passwords for various systems.
DefaultCreds Cheat Sheet Repository of default credentials for various services and devices.
PayloadsAllTheThings A collection of payloads and bypasses for Web Application Security.
Windows Exploit Suggester A tool for identifying potential privilege escalation paths on Windows.
Linuxprivchecker A script to check for common Linux privilege escalation vectors.