Tools for everything

Hacktricks

Cloud Hacktricks

Payloads

  1. Payload all the things (Web and API pentest) : https://swisskyrepo.github.io/PayloadsAllTheThings/

  2. Internet all the things (Cheetsheets for internal and AD pentest): https://swisskyrepo.github.io/InternalAllTheThings/

Enumeration

  1. subdomain finder - https://crt.sh/ Can be invoked using curl:

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq .

    To sort out unique subdomains:

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u

Privilege Escalation

  1. Linux:

    1. linpeas.sh: curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

    2. linuxprivchecker (python script for linux enumeration): https://github.com/sleventyeleven/linuxprivchecker

Playgrounds

  1. OWASP Juice Shop - Modern web app based on node.js, angular etc with OWASP Top 10: https://owasp.org/www-project-juice-shop/

  2. DVWA - Damn Vulnerable Web Application - Older web app for legacy attacks: https://github.com/digininja/DVWA

  3. Metasploitable3 - Upgraded metasploitable2 version: https://github.com/rapid7/metasploitable3

  4. Portswigger web academy - https://portswigger.net/web-security

  5. Under and Over the wire - For Linux command line and windows powershell mastery https://underthewire.tech/wargames https://overthewire.org/wargames/

Terminal improvements (coz, eh, default— eh!)

  1. tmux - https://github.com/tmux/tmux

    1. Small tmux cheatsheet -

    2. CTRL + B (Hereby referred to as the prefix)

    3. prefix + shift + % (Open a new terminal vertically side by side)

    4. prefix + shift + " (Open a new terminal horizontally downwards)

    5. prefix + arrow buttons <up/down/left/right> (interact with a specific terminal window)

    6. prefix + c (new terminal tab)

    7. prefix + <number> (go to a particular terminal tab)

    8. prefix + shift + <number> (Create a new terminal <tab number> and send a terminal window to a particular terminal tab)

Videos/Channels I refer to

  1. Old retired HTb boxes - Ippsec

  1. John Hammond

  1. Rana Khalil - Portswigger videos explanation

Last updated

Was this helpful?