A curated list of websites and github repos with pentest/redteam cheatsheets
, tools
, techniques
, CTF write-ups
, programming languages
, and more.
The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, write-ups, and more for like-minded offensive security enthusiasts and professionals.
- API Security
- Binaries
- Blogs
- Cheatsheets
- CTF Write-ups & Videos
- Cybersecurity Labs
- Networking
- Other Resources
- Payloads
- Programming & Scripting Notes
- Search Engines
- Tools
- Wordlists
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
awesome-api-security | André Rainho | A collection of awesome API Security tools and resources. | Link | API Security |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Gtfobins | Emilio Pinna, Andrea Cardaci | A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. | Link | Unix |
LOLBAS | Oddvar Moe | Contains a list of Windows binaries, scripts, and libraries that can be used for executing codes, Compiling code, UAC bypass, Persistance, etc | Link | Windows |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
harmj0y | harmj0y | harmj0y's blog covering security researches and attacks on active directory. | Link | Offsec/Active Directory |
Juggernaut Pentesting Academy | Juggernaut | Extensive blog on General Offsec, Red Teaming and Pentesting Topics | Link | Pentest, Red Team, Offsec Topics |
0xBEN | Benjamin H. | 0xBEN's blog featuring cybersecurity/IT resources, cheat sheets, and write-ups. | Link | Cybersecurity/IT |
NetSPI Blog | NetSPI | A blog on various Pentest, Red Team, General Offsec focused topics. | Link | Pentest/Red Team in depth |
Hacking Articles | Raj Chandel - Founder and Others | Detailed and Summarised articles on various Pentest and Red Team topics, Offsec Tools and CTF writeups | Link | Pentest/Red Team |
TechMint | Ravi Saive | Free online community-supported publication that publishes practical and useful out-of-the-box high-quality articles on Linux, Sysadmin, Security, DevOps, Cloud Computing, Tools, and many other topics. | Link | Linux, Sysadmin, Security, Tools, etc |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
HackTricks | Carlos Polop | A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing. | Link | Pentest |
pentestmonkey | pentestmonkey | Contains pentest blogs, tools, and cheatsheets | Link | Pentest |
Active Directory Exploitation Cheat Sheet | Nikos Katsiopis | A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. | Link | Active Directory |
OSCP Cheatsheet | Sai Sathvik | OSCP cheatsheets to prepare effectively for the certification | Link | OSCP |
explainshell.com | Idan Kamara | A web interface capable of parsing man pages, extracting options and explaining a given command-line by matching each argument to the relevant help text in the man page. | Link | Shell/Linux |
WADComs | John Woodman | An interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments | Link | Windows/AD |
Offensive Security Cheatsheet | Haax | A document used to centralize many informations about cybersecurity techniques and payloads. | Link | Pentest |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
IppSec | IppSec | IppSec's website that helps streamline your search for his YouTube videos and courses on HTB walkthroughs and techniques | Link | videos |
0xdf hacks stuff | 0xdf | 0xdf's website with detailed write-ups on HTB machines | Link | write-ups |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
DetectionLab | Chris Long | Automate the creation of a lab environment complete with security tooling and logging best practices | Link | Cybersecurity Home-lab |
PortSwigger Web Security Academy | PortSwigger | An academy with lessons and hands on lab to learn WebApp Pentesting | Link | WebApp Security Lessons & Labs |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Speed Guide | SG Staff | The site offers free network tools and covers Broadband Internet connections, network security, wireless and system performance. A large section focuses on Cable Modems and DSL technology, stressing on improving TCP/IP performance over high speed/latency networks. | Link | Network & Security |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Red Team Notes | Mantvydas Baranauskas | A list of red teaming and penetration testing notes on various tools and techniques utilized by penetration testers, red teams, and real adversaries. | Link | Red team/Pentest notes |
The Hacker Recipes | Charlie Bromberg | Provides technical guides on various hacking topics as well as advanced topics such as Active Directory and Web services. | Link | Ethical Hacking guide |
Hackersploit | Hackersploit | Video content on Red Team, Blue Team, Android Sec, CTF Writeup, Bug Bounty | Link | Red/Blue Team, Webapp, Android, Bug Bounty |
Awesome Pentest | Nick Raienko | A collection of awesome penetration testing resources, tools and other shiny things | Link | Penetration testing and offensive cybersecurity |
The Book of Secret Knowledge | Michał Ży | A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. | Link | Resources for System and Network administrators, DevOps, Pentesters, and Security Researchers |
Cybercopaedia | cr0mll | A website aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is accessible to as large an audience as possible and so that everyone has a good resource to learn ethical hacking from | Link | Ethical Hacking Encyclopedia |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Payloads All The Things | Swissky | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Link | Web App |
RevShells.com | Ryan Montgomery | Website with simple to use generator for reverse shell payloads | Link | Payloads and reverse shells |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Goal Kicker | Unknown | Provides free exceptional programming notes covering 49 different types of programming languages, including scripting languages such as python and powershell | Link | Programming & Scripting languages |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
Awesome Hacker Search Engines | Edoardo Ottavianelli | A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more. | Link | Pentest search engines |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
CyberChef | GCHQ | A web app for encryption, encoding, compression and data analysis | Link | Web based security analysis |
HackTools | Ludovic Coulon, Riadh BOUCHAHOUA | A web extension facilitating web application penetration tests, it includes cheatsheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. | Link | Web App |
HackerTarget.com | Peter Hill | An open-source security platform that provides free security tools, tutorials, cheatsheets, blogs, and researches | Link | Open-source cybersecurity tools |
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
SecLists | Daniel Miessler, Jason Haddix, g0tmi1k | A collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | Link | Wordlists |
Assetnote Wordlists | Assetnote | The website provides wordlists that are up to date and effective against the most popular technologies on the internet. | Link | Wordlists |
-
Add a Table of Content
-
Arrange each type of resource into separate tables, e.g Tools, CTF/write-ups, cheatsheets, binaries
-
Arrange them alphabetically
Contributions are welcomed. This list is not exhaustive, and I might have missed other pertinent resources. Therefore, feel free to add useful pentest/redteam resources to the list. The resources could be for pentesting tools, techniques, cheatsheets, write-ups, blogs, payloads, and wordlists.
I appreciate your contributions to Pentest-Resources-Cheat-Sheets and look forward to working together to improve this project!
-
Fork the Repository: Start by forking the Pentest-Resources-Cheat-Sheets repository to your GitHub account. You can do this by clicking the "Fork" button on the top right of the repository page.
-
Clone the Repository: Clone your forked repository to your local machine using the following command, replacing
/bL34cHig0/
with your GitHub username andyour-feature-name
with your desired name:git clone https://github.com/bL34cHig0/Pentest-Resources-Cheat-Sheets.git
-
Create a Branch: Before making changes, create a new branch for your work:
git checkout -b feature/your-feature-name
Be sure to choose an appropriate branch name that describes the purpose of your changes.
-
Make Your Changes: Make your desired changes to the list and follow the format.
-
Commit Your Changes: Commit your changes with clear and concise commit messages:
git commit -m "Add feature/fix: describe your changes here"
-
Push Your Changes: Push your changes to your forked repository:
git push origin feature/your-feature-name
-
Submit a Pull Request (PR): Go to the original repository and click the "New Pull Request" button. Provide a detailed description of your changes, why they are necessary, and any relevant context.
If you would like to discuss improvements, please open an issue on the GitHub repository or reach out to me via LinkedIn
Some of these websites and github repos are open-source. Contributors not mentioned are credited on each projects' official page.