Skip to content

Latest commit

 

History

History

PenTest

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 

README.md

PenTest CheatSheets

This is a repo for pentest cheat sheets which I have found useful!!

  1. https://pentestbook.six2dez.com/others/web-checklist is pentest #Checklist.
  2. https://github.com/trimstray/the-book-of-secret-knowledge#hackingpenetration-testing-toc is a complete cheatsheet. #CheatSheet
  3. https://github.com/enaqx/awesome-pentest is a complete cheatsheet. #CheatSheet
  4. https://github.com/enaqx/awesome-pentest for Pentest cheatsheet. #CheatSheet
  5. https://github.com/riramar/Web-Attack-Cheat-Sheet for Pentest cheatsheet. #CheatSheet
  6. https://github.com/swisskyrepo/PayloadsAllTheThings for various attacks paloads. #attackPayloads
  7. https://github.com/tennc/webshell for collection of web shells. #webshells
  8. https://portswigger.net/web-security/cross-site-scripting/cheat-sheet for XSS cheat sheets. #XSS
  9. https://github.com/Walidhossain010/WAF-bypass-xss-payloads for XSS payloads for bypassing WAFs. #XSS #WAF
  10. https://book.hacktricks.xyz/pentesting-web/file-upload for file upload cheat sheets. #fileUpload
  11. https://github.com/modzero/mod0BurpUploadScanner for upload scanner for burp. #uploadScanner
  12. https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/dpapi-extracting-passwords for DPAPI - Extracting Passwords. #Crypto
  13. https://www.beyondtrust.com/resources/glossary/pass-the-hash-pth-attack for Pass-the-Hash(PtH) Attack. #Crypto
  14. https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/ for TLS Vulnerabilities. #TLS
  15. https://www.cloudinsidr.com/content/known-attack-vectors-against-tls-implementation-vulnerabilities/ for Attack vectors against TLS. #TLS
  16. https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html for REST Security Cheat Sheet. #API
  17. https://owasp.org/www-project-api-security/ for API testing. #API
  18. https://blog.nvisium.com/angular-for-pentesters-part-1 is Angular And AngularJS For Pentesters. #Angular
  19. https://portswigger.net/web-security/websockets for WebSocket Pentesting. #WebSocket
  20. https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html for REST API Pentesting. #REST_API
  21. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for CORS. #CORS
  22. https://github.com/cipher387/Dorks-collections-list/ for Dorks. #Dork
  23. https://github.com/gquere/pwn_jenkins for Pentesting Jenkins. #Jenkins
  24. https://many-passwords.github.io/ for collection of default passwords. #default #password
  25. https://github.com/arainho/awesome-api-security for API PenTest. #API #Pentest

Pentest Report

  1. https://github.com/juliocesarfort/public-pentesting-reports for PenTesting report samples. #Report
  2. https://cure53.de/ for pentest reports of popular applications. #reports #popular_apps

Code Analysis

1.https://deepscan.io/demo/ for statically analyzing JS, VUE, and React code. #staticAnalysis

Pentest Methodology

  1. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines for pentest methodology. #methodology

Asset Discovery and Enumeration

  1. https://github.com/OWASP/Amass
  2. https://github.com/redhuntlabs/Awesome-Asset-Discovery

Learning to PenTest

These websites are recommended for learning to Pentest.

  1. https://www.hackthebox.eu/
  2. https://tryhackme.com/
  3. https://www.root-me.org/
  4. https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups HackTheBox CTF Cheatsheet

FireEye Red Team to learn!

  1. https://github.com/PowerShellMafia/PowerSploit
  2. https://www.cobaltstrike.com/help-beacon
  3. https://github.com/GhostPack/Seatbelt
  4. https://github.com/cobbr/SharpSploit
  5. https://github.com/med0x2e/RT-EWS
  6. https://github.com/med0x2e/GadgetToJScript
  7. https://github.com/SecureAuthCorp/impacket
  8. https://github.com/Kevin-Robertson/InveighZero
  9. https://github.com/denandz/KeeFarce
  10. https://github.com/med0x2e/NET-Assembly-Inject-Remote
  11. https://github.com/med0x2e/NoAmci/
  12. https://github.com/GhostPack/Rubeus
  13. https://github.com/GhostPack/SafetyKatz
  14. https://github.com/IllidanS4/SharpUtils/
  15. https://github.com/hoangprod/AndrewSpecial
  16. https://github.com/rasta-mouse/RuralBishop

Android Apps Security Evaluation and PenTest

  1. https://github.com/OWASP/owasp-mstg

Scanners for popular and dangerous vulnerabilities

  1. https://github.com/fullhunt/log4j-scan CVE-2021-44228 - Apache Log4j RCE Scanner #log4j

Android

  1. https://github.com/saeidshirazi/awesome-android-security

Building Pentest Environment

  1. https://github.com/cybersecsi/HOUDINI