Tools for everything

Hacktricks

LogoHackTricks - HackTricks

Cloud Hacktricks

LogoAWS Pentesting - HackTricks Cloud

Payloads

  1. Payload all the things (Web and API pentest) : https://swisskyrepo.github.io/PayloadsAllTheThings/

  2. Internet all the things (Cheetsheets for internal and AD pentest): https://swisskyrepo.github.io/InternalAllTheThings/

Enumeration

  1. subdomain finder - https://crt.sh/ Can be invoked using curl: 

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq .

    To sort out unique subdomains: 

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u

Privilege Escalation

  1. Linux:

    1. LinEnum: https://github.com/rebootuser/LinEnum

    2. linpeas.sh: curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

    3. linuxprivchecker (python script for linux enumeration): https://github.com/sleventyeleven/linuxprivchecker

    4. Linux priv esc checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html

    5. https://gtfobins.github.io/

  2. Windows:

    1. winpeas: https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS

    2. Windows priv esc checklist: https://book.hacktricks.wiki/en/windows-hardening/checklist-windows-privilege-escalation.html

    3. Seatbelt (C# code): https://github.com/GhostPack/Seatbelt

    4. JAWS (powershell): https://github.com/411Hall/JAWS

    5. https://lolbas-project.github.io/#

Playgrounds

  1. OWASP Juice Shop - Modern web app based on node.js, angular etc with OWASP Top 10: https://owasp.org/www-project-juice-shop/

  2. DVWA - Damn Vulnerable Web Application - Older web app for legacy attacks: https://github.com/digininja/DVWA

  3. Metasploitable3 - Upgraded metasploitable2 version: https://github.com/rapid7/metasploitable3

  4. Portswigger web academy - https://portswigger.net/web-security

  5. Under and Over the wire - For Linux command line and windows powershell mastery https://underthewire.tech/wargames https://overthewire.org/wargames/

Terminal improvements (coz, eh, default— eh!)

  1. tmux - https://github.com/tmux/tmux

    1. Small tmux cheatsheet -

    2. CTRL + B (Hereby referred to as the prefix)

    3. prefix + shift + % (Open a new terminal vertically side by side)

    4. prefix + shift + " (Open a new terminal horizontally downwards)

    5. prefix + arrow buttons <up/down/left/right> (interact with a specific terminal window)

    6. prefix + c (new terminal tab)

    7. prefix + <number> (go to a particular terminal tab)

    8. prefix + shift + <number> (Create a new terminal <tab number> and send a terminal window to a particular terminal tab)

Videos/Channels I refer to

  1. Old retired HTb boxes - Ippsec

LogoIppSecYouTube

  1. John Hammond

LogoJohn HammondYouTube

  1. Rana Khalil - Portswigger videos explanation

LogoRana KhalilYouTube

PreviousLinear Congruential Generator

Last updated

Was this helpful?