Skip to content

This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.

License

Notifications You must be signed in to change notification settings

bL34cHig0/Pentest-Resources-Cheat-Sheets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
 
 
 
 
 
 

Repository files navigation

Pentest Resources Banner

📚 Pentest-Resources

A curated list of websites and github repos with pentest/redteam cheatsheets, tools, techniques, CTF write-ups, programming languages, and more.

The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, write-ups, and more for like-minded offensive security enthusiasts and professionals.

Summary

API Security

Name Author(s) / Maintainer(s) Description Link Type
awesome-api-security André Rainho A collection of awesome API Security tools and resources. Link API Security

Binaries

Name Author(s) / Maintainer(s) Description Link Type
Gtfobins Emilio Pinna, Andrea Cardaci A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. Link Unix
LOLBAS Oddvar Moe Contains a list of Windows binaries, scripts, and libraries that can be used for executing codes, Compiling code, UAC bypass, Persistance, etc Link Windows

Blogs

Name Author(s) / Maintainer(s) Description Link Type
harmj0y harmj0y harmj0y's blog covering security researches and attacks on active directory. Link Offsec/Active Directory
Juggernaut Pentesting Academy Juggernaut Extensive blog on General Offsec, Red Teaming and Pentesting Topics Link Pentest, Red Team, Offsec Topics
0xBEN Benjamin H. 0xBEN's blog featuring cybersecurity/IT resources, cheat sheets, and write-ups. Link Cybersecurity/IT
NetSPI Blog NetSPI A blog on various Pentest, Red Team, General Offsec focused topics. Link Pentest/Red Team in depth
Hacking Articles Raj Chandel - Founder and Others Detailed and Summarised articles on various Pentest and Red Team topics, Offsec Tools and CTF writeups Link Pentest/Red Team
TechMint Ravi Saive Free online community-supported publication that publishes practical and useful out-of-the-box high-quality articles on Linux, Sysadmin, Security, DevOps, Cloud Computing, Tools, and many other topics. Link Linux, Sysadmin, Security, Tools, etc

Cheatsheets

Name Author(s) / Maintainer(s) Description Link Type
HackTricks Carlos Polop A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing. Link Pentest
pentestmonkey pentestmonkey Contains pentest blogs, tools, and cheatsheets Link Pentest
Active Directory Exploitation Cheat Sheet Nikos Katsiopis A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. Link Active Directory
OSCP Cheatsheet Sai Sathvik OSCP cheatsheets to prepare effectively for the certification Link OSCP
explainshell.com Idan Kamara A web interface capable of parsing man pages, extracting options and explaining a given command-line by matching each argument to the relevant help text in the man page. Link Shell/Linux
WADComs John Woodman An interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments Link Windows/AD
Offensive Security Cheatsheet Haax A document used to centralize many informations about cybersecurity techniques and payloads. Link Pentest

CTF Write-ups & Videos

Name Author(s) / Maintainer(s) Description Link Type
IppSec IppSec IppSec's website that helps streamline your search for his YouTube videos and courses on HTB walkthroughs and techniques Link videos
0xdf hacks stuff 0xdf 0xdf's website with detailed write-ups on HTB machines Link write-ups

Cybersecurity Labs

Name Author(s) / Maintainer(s) Description Link Type
DetectionLab Chris Long Automate the creation of a lab environment complete with security tooling and logging best practices Link Cybersecurity Home-lab
PortSwigger Web Security Academy PortSwigger An academy with lessons and hands on lab to learn WebApp Pentesting Link WebApp Security Lessons & Labs

Networking

Name Author(s) / Maintainer(s) Description Link Type
Speed Guide SG Staff The site offers free network tools and covers Broadband Internet connections, network security, wireless and system performance. A large section focuses on Cable Modems and DSL technology, stressing on improving TCP/IP performance over high speed/latency networks. Link Network & Security

Other Resources

Name Author(s) / Maintainer(s) Description Link Type
Red Team Notes Mantvydas Baranauskas A list of red teaming and penetration testing notes on various tools and techniques utilized by penetration testers, red teams, and real adversaries. Link Red team/Pentest notes
The Hacker Recipes Charlie Bromberg Provides technical guides on various hacking topics as well as advanced topics such as Active Directory and Web services. Link Ethical Hacking guide
Hackersploit Hackersploit Video content on Red Team, Blue Team, Android Sec, CTF Writeup, Bug Bounty Link Red/Blue Team, Webapp, Android, Bug Bounty
Awesome Pentest Nick Raienko A collection of awesome penetration testing resources, tools and other shiny things Link Penetration testing and offensive cybersecurity
The Book of Secret Knowledge Michał Ży A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. Link Resources for System and Network administrators, DevOps, Pentesters, and Security Researchers
Cybercopaedia cr0mll A website aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is accessible to as large an audience as possible and so that everyone has a good resource to learn ethical hacking from Link Ethical Hacking Encyclopedia

Payloads

Name Author(s) / Maintainer(s) Description Link Type
Payloads All The Things Swissky A list of useful payloads and bypass for Web Application Security and Pentest/CTF Link Web App
RevShells.com Ryan Montgomery Website with simple to use generator for reverse shell payloads Link Payloads and reverse shells

Programming & Scripting Notes

Name Author(s) / Maintainer(s) Description Link Type
Goal Kicker Unknown Provides free exceptional programming notes covering 49 different types of programming languages, including scripting languages such as python and powershell Link Programming & Scripting languages

Search Engines

Name Author(s) / Maintainer(s) Description Link Type
Awesome Hacker Search Engines Edoardo Ottavianelli A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more. Link Pentest search engines

Tools

Name Author(s) / Maintainer(s) Description Link Type
CyberChef GCHQ A web app for encryption, encoding, compression and data analysis Link Web based security analysis
HackTools Ludovic Coulon, Riadh BOUCHAHOUA A web extension facilitating web application penetration tests, it includes cheatsheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. Link Web App
HackerTarget.com Peter Hill An open-source security platform that provides free security tools, tutorials, cheatsheets, blogs, and researches Link Open-source cybersecurity tools

Wordlists

Name Author(s) / Maintainer(s) Description Link Type
SecLists Daniel Miessler, Jason Haddix, g0tmi1k A collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Link Wordlists
Assetnote Wordlists Assetnote The website provides wordlists that are up to date and effective against the most popular technologies on the internet. Link Wordlists

📝 To-Do List

  • Add a Table of Content

  • Arrange each type of resource into separate tables, e.g Tools, CTF/write-ups, cheatsheets, binaries

  • Arrange them alphabetically

⭐ Contributing

Contributions are welcomed. This list is not exhaustive, and I might have missed other pertinent resources. Therefore, feel free to add useful pentest/redteam resources to the list. The resources could be for pentesting tools, techniques, cheatsheets, write-ups, blogs, payloads, and wordlists.

I appreciate your contributions to Pentest-Resources-Cheat-Sheets and look forward to working together to improve this project!

How to Contribute

  1. Fork the Repository: Start by forking the Pentest-Resources-Cheat-Sheets repository to your GitHub account. You can do this by clicking the "Fork" button on the top right of the repository page.

  2. Clone the Repository: Clone your forked repository to your local machine using the following command, replacing /bL34cHig0/ with your GitHub username and your-feature-name with your desired name:

    git clone https://github.com/bL34cHig0/Pentest-Resources-Cheat-Sheets.git
    
  3. Create a Branch: Before making changes, create a new branch for your work:

    git checkout -b feature/your-feature-name
    

    Be sure to choose an appropriate branch name that describes the purpose of your changes.

  4. Make Your Changes: Make your desired changes to the list and follow the format.

  5. Commit Your Changes: Commit your changes with clear and concise commit messages:

    git commit -m "Add feature/fix: describe your changes here"
    
  6. Push Your Changes: Push your changes to your forked repository:

    git push origin feature/your-feature-name
    
  7. Submit a Pull Request (PR): Go to the original repository and click the "New Pull Request" button. Provide a detailed description of your changes, why they are necessary, and any relevant context.

Reporting Issues

If you would like to discuss improvements, please open an issue on the GitHub repository or reach out to me via LinkedIn

Note

Some of these websites and github repos are open-source. Contributors not mentioned are credited on each projects' official page.

About

This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •