search

Tools for everything

hashtag
Hacktricks

LogoHackTricks - HackTricksbook.hacktricks.wikichevron-right

hashtag
Cloud Hacktricks

LogoAWS Pentesting - HackTricks Cloudcloud.hacktricks.wikichevron-right

hashtag
Payloads

  1. Payload all the things (Web and API pentest) : https://swisskyrepo.github.io/PayloadsAllTheThings/arrow-up-right

  2. Internet all the things (Cheetsheets for internal and AD pentest): https://swisskyrepo.github.io/InternalAllTheThings/arrow-up-right

hashtag
Enumeration

  1. subdomain finder - https://crt.sh/arrow-up-right Can be invoked using curl:

    To sort out unique subdomains:

hashtag
Privilege Escalation

  1. Linux:

    1. LinEnum: https://github.com/rebootuser/LinEnumarrow-up-right

    2. linpeas.sh: curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

    3. linuxprivchecker (python script for linux enumeration): https://github.com/sleventyeleven/linuxprivcheckerarrow-up-right

    4. Linux priv esc checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.htmlarrow-up-right

    5. https://gtfobins.github.io/arrow-up-right

  2. Windows:

    1. winpeas: https://github.com/peass-ng/PEASS-ng/tree/master/winPEASarrow-up-right

    2. Windows priv esc checklist: https://book.hacktricks.wiki/en/windows-hardening/checklist-windows-privilege-escalation.htmlarrow-up-right

    3. Seatbelt (C# code): https://github.com/GhostPack/Seatbeltarrow-up-right

    4. JAWS (powershell): https://github.com/411Hall/JAWSarrow-up-right

    5. https://lolbas-project.github.io/#arrow-up-right

hashtag
Playgrounds

  1. OWASP Juice Shop - Modern web app based on node.js, angular etc with OWASP Top 10: https://owasp.org/www-project-juice-shop/arrow-up-right

  2. DVWA - Damn Vulnerable Web Application - Older web app for legacy attacks: https://github.com/digininja/DVWAarrow-up-right

  3. Metasploitable3 - Upgraded metasploitable2 version: https://github.com/rapid7/metasploitable3arrow-up-right

  4. Portswigger web academy - https://portswigger.net/web-securityarrow-up-right

  5. Under and Over the wire - For Linux command line and windows powershell mastery https://underthewire.tech/wargamesarrow-up-right https://overthewire.org/wargames/arrow-up-right

hashtag
Terminal improvements (coz, eh, default— eh!)

  1. tmux - https://github.com/tmux/tmuxarrow-up-right

    1. Small tmux cheatsheet -

    2. CTRL + B (Hereby referred to as the prefix)

    3. prefix + shift + % (Open a new terminal vertically side by side)

    4. prefix + shift + " (Open a new terminal horizontally downwards)

    5. prefix + arrow buttons <up/down/left/right> (interact with a specific terminal window)

    6. prefix + c (new terminal tab)

    7. prefix + <number> (go to a particular terminal tab)

    8. prefix + shift + <number> (Create a new terminal <tab number> and send a terminal window to a particular terminal tab)

hashtag
Videos/Channels I refer to

  1. Old retired HTb boxes - Ippsec

LogoIppSecYouTubechevron-right

  1. John Hammond

LogoJohn HammondYouTubechevron-right

  1. Rana Khalil - Portswigger videos explanation

LogoRana KhalilYouTubechevron-right

PreviousLinear Congruential GeneratorNextOpenssl

Last updated