A curated list of websites and github repos with pentest cheatsheets, tools, techniques, CTF write-ups, and programming languages.
The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, and write-ups for like-minded offensive security enthusiasts and professionals.
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
HackTricks | Carlos Polop | A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing. | Link | Pentest cheatsheats |
Red Team Notes | Mantvydas Baranauskas | A list of red teaming and penetration testing notes on various tools and techniques utilized by penetration testers, red teams, and real adversaries. | Link | Red team/Pentest notes |
Gtfobins | Emilio Pinna, Andrea Cardaci | A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. | Link | Unix binaries |
LOLBAS | Oddvar Moe | Contains a list of Windows binaries, scripts, and libraries that can be used for executing codes, Compiling code, UAC bypass, Persistance, etc | Link | Windows binaries/scripts |
0xBEN | Benjamin H. | 0xBEN's blog featuring cybersecurity/IT resources, cheat sheets, and write-ups. | Link | Cybersecurity/IT blog |
IppSec | IppSec | IppSec's website that helps streamline your search for his YouTube videos and courses on HTB walkthroughs and techniques | Link | CTF (HTB) videos |
0xdf hacks stuff | 0xdf | 0xdf's website with detailed write-ups on HTB machines | Link | CTF (HTB) write-ups |
Goal Kicker | Unknown | Provides free exceptional programming notes covering 49 different types of programming languages, including scripting languages such as python and powershell | Link | Programming/Scripting language notes |
The Hacker Recipes | Charlie Bromberg | Provides technical guides on various hacking topics as well as advanced topics such as Active Directory and Web services. | Link | Ethical Hacking guide |
harmj0y | harmj0y | harmj0y's blog covering security researches and attacks on active directory. | Link | Offsec/Active Directory resource |
CyberChef | GCHQ | A web app for encryption, encoding, compression and data analysis | Link | Web based security analysis tool |
Payloads All The Things | Swissky | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Link | Web App payloads/cheatsheets |
SecLists | Daniel Miessler, Jason Haddix, g0tmi1k | A collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | Link | Wordlists |
Assetnote Wordlists | Assetnote | The website provides wordlists that are up to date and effective against the most popular technologies on the internet. | Link | Wordlists |
Speed Guide | SG Staff | The site offers free network tools and covers Broadband Internet connections, network security, wireless and system performance. A large section focuses on Cable Modems and DSL technology, stressing on improving TCP/IP performance over high speed/latency networks. | Link | Network/Security resource |
pentestmonkey | pentestmonkey | Contains pentest blogs, tools, and cheatsheets | Link | Pentest cheatsheets |
Awesome Hacker Search Engines | Edoardo Ottavianelli | A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more. | Link | Pentest search engines |
HackTools | Ludovic COULON, Riadh BOUCHAHOUA | A web extension facilitating web application penetration tests, it includes cheatsheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. | Link | Web App tool/cheatsheet |
NetSPI Blog | NetSPI | A blog on various Pentest, Red Team, General Offsec focused topics. | Link | Pentest/Red Team in depth |
Hacking Articles | Raj Chandel - Founder and Others | Detailed and Summarised articles on various Pentest and Red Team topics, Offsec Tools and CTF writeups | Link | Detailed Pentest/Red Team Blog |
PortSwigger Web Security Academy | PortSwigger | An academy with lessons and hands on lab to learn WebApp Pentesting | Link | WebApp Security Lessons & Labs |
Juggernaut Pentesting Academy | Juggernaut | Extensive blog on General Offsec, Read Teaming and Pentesting Topics | Link | Pentest, Red Team, Offsec Topics |
Hackersploit | Hackersploit | Video content on Red Team, Blue Team, Android Sec, CTF Writeup, Bug Bounty | Link | Red/Blue Team, Webapp, Android, Bug Bounty |
Contributions are welcomed. This list is not exhaustive, and I might have missed other pertinent resources. Therefore, feel free to add useful pentest/redteam resources to the list. The resources could be for pentesting tools, techniques, cheatsheets, write-ups, blogs, payloads, and wordlists.
I appreciate your contributions to Pentest-Resources-Cheat-Sheets and look forward to working together to improve this project!
-
Fork the Repository: Start by forking the Pentest-Resources-Cheat-Sheets repository to your GitHub account. You can do this by clicking the "Fork" button on the top right of the repository page.
-
Clone the Repository: Clone your forked repository to your local machine using the following command, replacing
/bL34cHig0/
with your GitHub username andyour-feature-name
with your desired name:git clone https://github.com/bL34cHig0/Pentest-Resources-Cheat-Sheets.git
-
Create a Branch: Before making changes, create a new branch for your work:
git checkout -b feature/your-feature-name
Be sure to choose an appropriate branch name that describes the purpose of your changes.
-
Make Your Changes: Make your desired changes to the list and follow the format.
-
Commit Your Changes: Commit your changes with clear and concise commit messages:
git commit -m "Add feature/fix: describe your changes here"
-
Push Your Changes: Push your changes to your forked repository:
git push origin feature/your-feature-name
-
Submit a Pull Request (PR): Go to the original repository and click the "New Pull Request" button. Provide a detailed description of your changes, why they are necessary, and any relevant context.
If you would like to discuss improvements, please open an issue on the GitHub repository or reach out to me via LinkedIn
Some of these websites and github repos are open-source. Contributors not mentioned are credited on each projects' official page.