Penetrating Testing/Assessment Workflow & other fun infosec stuff https://github.com/jivoi/pentest My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole* - Reconnaissance - Passive/Semi-Passive - Tools - Discover - https://github.com/leebaird/discover - Third Party Resources - Locate Target Range - ARIN - https://www.arin.net/ - Fingerprint Domain/Website - Extended Network Information - Central Ops - https://centralops.net/co/DomainDossier.aspx - Robtex - https://www.robtex.net/ - Metasploit Scanning - auxiliary/scanner/* - portscan/tcp - http/http_version - http/tomcat_enum - http/trace_axd - Google - site: filetype:axd OR inurl:trace.axd - Shodan - https://www.shodan.io/ - https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches/ - Censys - https://www.censys.io/ - Zoomeye - https://www.zoomeye.org - Netcraft - https://www.netcraft.com/ - DNS Enumeration/Information - DNSdumpster - https://dnsdumpster.com/ - Subli3ster - https://github.com/aboul3la/Sublist3r - Social Media - https://socialbearing.com/search/ - Command Line Recon - Network Information - nslookup - dig - Security Mechanisms - Halberd - Identify HTTP load balancers - https://github.com//jmbr/halberd - Metadata - exiftool - strings - strings -e b (big endian) OR -e l (little endian) - Just-Metadata - https://github.com/ChrisTruncer/Just-Metadata - People Search - Yahoo People Search - http://itools.com/tool/yahoo-people-search - Switchboard - http://www.switchboard.com/person - Google Finance - https://www.google.com/finance - Zaba - http://www.zabasearch.com/ - Active - Command Line Recon Tools - General Recon - Recon-NG - https://bitbucket.org/LaNMaSteR53/recon-ng - Automated with https://github.com/jhaddix/domain - Domain/Subdomain Enumeration/Information - Fierce - https://github.com/mschwager/fierce - Subli3ster - https://github.com/aboul3la/Sublist3r - EyeWitness - https://github.com/ChrisTruncer/EyeWitness - Altdns - https://github.com/infosec-au/altdns - Brute force subdomain list - https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/sorted_knock_dnsrecon_fierce_recon-ng.txt - Nmap - nmap -Pn -sSU -sV --top-ports 20 - Create Custom Worldlist - cewl - https://digi.ninja/projects/cewl.php - wget - http://wiki.securityweekly.com/wiki/index.php/Episode129 - Tools - WPS (Wi-Fi) Information Gathering - https://www.coresecurity.com/corelabs-research/open-source-tools/wpsig - Viper - Automating Various Pentesting Tasks - https://github.com/chrismaddalena/viper - pyFOCA - Python version of FOCA - https://github.com/altjx/ipwn#user-content-pyfoca - truffleHog - https://github.com/dxa4481/truffleHog - Discover - https://github.com/leebaird/discover - GUI - FOCA - https://www.elevenpaths.com/labstools/foca/index.html - EvilFOCA - https://github.com/ElevenPaths/EvilFOCA - Maltego - http://sectools.org/tool/maltego/ - Dirbuster - http://sectools.org/tool/dirbuster/ - Google Searching - site:"target name" jobs,careers,openings,etc - intitle:"index of " - Keyword - .bash_history - etc/shadow - finances.xls(x) - htpasswd - inurl:maillog - site:*.edu filetype:*.bak OR - Keyword - *.conf - *.backup - Phishing - Important: Immediately pivot from initial host - Frameworks - Gophish - https://github.com/gophish/gophish - Phishing Frenzy - https://www.phishingfrenzy.com/ - King Phisher - https://github.com/securestate/king-phisher - FiercePhish - https://github.com/Raikia/FiercePhish - Empire - https://enigma0x3.net/2016/03/15/phishing-with-empire/ - Initial Access Techniques - Malicious Office XLS macros - https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator - Tools for Internal Use - Basic AUTH credential harvesting - https://github.com/ryhanson/phishery - Enumeration - Internal - Scanning - Map Internal Network - Command Line Tools - arp -a - ip neigh show - smbtree -NS 2>/dev/null - nbtscan -r - netdiscover -r - nmap -n -Pn -T5 -sS - nmap NSE scripts - NFS - SMB - SMB - SMBSpider - https://github.com/altjx/ipwn#user-content-smbspider - More - https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions - Find Routers - https://github.com/pentestmonkey/gateway-finder - Pivoting - SSH Proxy Tunneling with Proxychain - http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html - External - Scanning - Nmap - Masscan - https://github.com/robertdavidgraham/masscan - Unicornscan - http://sectools.org/tool/unicornscan/ - OneTwoPunch - Combines nmap and unicorn scan https://github.com/superkojiman/onetwopunch/blob/master/onetwopunch.sh - Exploitation - External - Attack Windows - Full Guides - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf - Attack Linux - Full Guides - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf - Attack Web Applications - Full Attack Frameworks - Offensive Web Testing Framework - https://owtf.github.io/ - Web2attack - https://github.com/santatic/web2attack - EaST - Exploits And Security Tool Framework - https://github.com/C0reL0ader/EaST - Attack WAF - WAFNinja - https://github.com/khalilbijjou/WAFNinja - My Guide: http://pastebin.com/bUrGCYxE - Steal HTTP/S Session Cookies - https://github.com/EnableSecurity/surfjack - XSS Scanner - xsscrapy - https://github.com/DanMcInerney/xsscrapy - XSS/Bypass Techniques - Beat XSS Filters - http://brutelogic.com.br/blog/the-easiest-way-to-bypass-xss-mitigations/ - XSS Cheatsheet - http://brutelogic.com.br/blog/cheat-sheet/ - WAF Bypass - http://securityidiots.com/Web-Pentest/WAF-Bypass/waf-bypass-guide-part-1.html - Attack BASIC Auth - Burp - http://www.smeegesec.com/2012/02/attacking-basic-authentication-with.html - Ncrack (supports multiple protocols) - https://nmap.org/ncrack/ - Methodologies - https://blog.zsec.uk/ltr101-methodologies/ - Attack OWA/Exchange - Malicious Outlook Rules - https://silentbreaksecurity.com/malicious-outlook-rules/ - Ruler - Abuse Exchange services - https://github.com/sensepost/ruler - MailSniper - Search users mailbox - http://www.blackhillsinfosec.com/?p=5296 - Web Vulnerability Scanners - Burp - https://portswigger.net/burp/ - Author's Guide: http://pastebin.com/nNHYP9Jd - Wapiti http://wapiti.sourceforge.net/ - w3af - http://w3af.org/ - Nikto -https://cirt.net/Nikto2 - Command Line Tools - CMSmap - https://github.com/Dionach/CMSmap - WPscan - https://wpscan.org/ - Joomscan - https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project - Wireless Exploitation - AirVentriloquest - Aircrack patch for WPA/2 packet injection - https://github.com/Caesurus/airventriloquist - Fluxion - MiTM WPA/2 Networks - https://github.com/deltaxflux/fluxion - Internal - LAN Attacks - Attack Windows - Attack Active Directory - Blood Hound - https://github.com/adaptivethreat/BloodHound - CrackMapExec - https://github.com/byt3bl33d3r/CrackMapExec - EmPyre - http://www.rvrsh3ll.net/blog/empyre/empyre-engaging-active-directory/ - Red Teaming AD (PDF) - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf - Attack SQL Server - PowerUpSQL - https://github.com/NetSPI/PowerUpSQL - Python - Command Line (Python Interpreter) - Scapy advanced network attacks - https://packetstormsecurity.com/files/36839/blackmagic.txt.html - Local Python Server - Serve Shells/Exploits - Python -M SimpleHTTPServer - Python TTY Reverse Shell IPv6 - https://eelsivart.blogspot.com/2015/02/python-tty-reverse-shell-over-ipv6-one.html - Metasploit In-Memory Python Interpreter - https://github.com/rapid7/metasploit-framework/wiki/Python-Extension - Attack Tools - Responder - https://github.com/SpiderLabs/Responder - Impacket - https://github.com/CoreSecurity/impacket - SMBExec - https://github.com/pentestgeek/smbexec - SMBSpider - https://github.com/altjx/ipwn#user-content-smbspider - Basic AUTH credential harvesting - https://github.com/ryhanson/phishery - WCE - http://www.ampliasecurity.com/research/windows-credentials-editor/ - Metasploit In-Memory Python Interpreter - https://github.com/rapid7/metasploit-framework/wiki/Python-Extension - Packet Crafting - Scapy - https://thesprawl.org/research/scapy/ - Impacket - https://www.coresecurity.com/corelabs-research/open-source-tools/impacket - Powershell - PowerSploit - https://github.com/PowerShellMafia/PowerSploit - More - https://www.hackingloops.com/powersploit-quick-shell-for-penetration-testing/ - EmPyre - http://www.rvrsh3ll.net/blog/empyre/empyre-engaging-active-directory/ - Bypass UAC - https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC - PsExec - http://techgenix.com/PsExec-Nasty-Things-It-Can-Do/ - Privilege Escalation - Windows - NTLM Relay/NBNS Spoofing - https://foxglovesecurity.com/2016/01/16/hot-potato/ - Linux/Unix - Various exploits - https://github.com/FuzzySecurity/Unix-PrivEsc - LinEnum- https://github.com/rebootuser/LinEnum - Unix-privesc-check - http://pentestmonkey.net/tools/audit/unix-privesc-check - Priv Esc/Enumeration - https://www.rebootuser.com/?p=1623 - Linux_Exploit_Suggester - https://github.com/PenturaLabs/Linux_Exploit_Suggester - Bypass AV/IDS/App Whitelisting/UAC - Egressing Bluecoat with CobaltStrike - https://cybersyndicates.com/2016/12/egressing-bluecoat-with-cobaltstike-letsencrypt/ - Beaconpire - https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/ - Bypass App Whitelisting - https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/ - "Fileless" UAC Bypass - https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ - Download/Execute Code via Command Line - https://www.greyhathacker.net/?p=500 - Reverse Shells - http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet - https://highon.coffee/blog/reverse-shell-cheat-sheet/ - Attack Routers - Router Exploitation Framework - https://github.com/reverse-shell/routersploit - Using Burp - https://www.cybrary.it/0p3n/pentesting-routers-1-dictionary-attack-burp-suite/ - Find Exploits - Web - Exploit-db - https://www.exploit-db.com/ - From command line: https://www.exploit-db.com/searchsploit/ - Packet Storm - https://packetstormsecurity.com/files/tags/exploit - SecurityFocus - http://www.securityfocus.com/bid - EaST Framework Exploits - http://eastexploits.com/ - SecList - http://seclist.us/category/exploits - NMap - Scan systems with NMap, parse output to: CVE's, CWE's and DPE's - https://github.com/NorthernSec/CVE-Scan - Import, manage, and search with a local MongoDB instance - https://github.com/cve-search/cve-search - Post-Exploitation - Attack Linux - Command Line Password Sniffing - Tcpdump - https://neverendingsecurity.wordpress.com/2015/03/14/tcpdump-tutorial-sniffing-and-analysing-packets-from-the-commandline/ - tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep –i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=||name=|name:|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line- - Ngrep - ngrep -q -W byline "GET|POST HTTP" - Dsniff - https://github.com/tecknicaltom/dsniff - Netsh Trace (Windows only) - https://isc.sans.edu/diary/19409 - Network Authentication Cracking Tool - https://nmap.org/ncrack/ - Attack Windows - Stealing/Cracking Passwords/Hashes - Steal - WCE -http://www.ampliasecurity.com/research/windows-credentials-editor/ - Extract Hashes from AD - https://blog.didierstevens.com/2016/07/13/ - Network Authentication Cracking Tool - https://nmap.org/ncrack/ - pysecdump - https://github.com/pentestmonkey/pysecdump - Windows Creds - https://www.securusglobal.com/community/2013/12/20/dumping-windows-credentials/ - Network Password Recovery - http://www.nirsoft.net/utils/network_password_recovery.html - Crack - Windows Password Audit - https://blog.joelj.org/windows-password-audit-with-kali-linux/ - pysecdump - https://blog.didierstevens.com/2016/07/30/video-ntds-dit-extract-hashes-with-secretsdump-py/ - Hashcat - https://samsclass.info/123/proj10/px16-hashcat-win.htm - Network Authentication Cracking Tool - https://nmap.org/ncrack/ - Attack Mac - Empyre - http://www.harmj0y.net/blog/empyre/building-an-empyre-with-python/ - Attack Specific Software/Tools - Privilege Escalation - Splunk - http://threat.tevora.com/penetration-testing-with-splunk-leveraging-splunk-admin-credentials-to-own-the-enterprise/ - Password/Hash Cracking - Wordlists - https://github.com/Mebus/cupp - http://wiki.securityweekly.com/wiki/index.php/Episode129 - https://adaywithtape.blogspot.com.au/2011/05/creating-wordlists-with-crunch-v30.html - https://wiki.skullsecurity.org/Passwords - Password/Hash Cracking - Guides - Build Cracking Rig - http://www.netmux.com/blog/how-to-build-a-password-cracking-rig - Cracking 12 Character Passwords - http://www.netmux.com/blog/cracking-12-character-above-passwords - Tools - PACK (crack/obtain stats/) - https://thesprawl.org/projects/pack/ - Hashcat - https://hashcat.net/hashcat/ - https://samsclass.info/123/proj10/px16-hashcat-win.htm - Windows Password Audit - https://blog.joelj.org/windows-password-audit-with-kali-linux/ - pysecdump - https://blog.didierstevens.com/2016/07/30/video-ntds-dit-extract-hashes-with-secretsdump-py/ - GPU Cracking - https://www.trustedsec.com/june-2016/introduction-gpu-password-cracking-owning-linkedin-password-dump/ - Web Services - CrackStation - https://crackstation.net/ - HashKiller - https://forum.hashkiller.co.uk/default.aspx - Attack Frameworks/Tools - PowerSploit - https://github.com/PowerShellMafia/PowerSploit - Empire - http://www.powershellempire.com/ - Armitage - http://www.fastandeasyhacking.com/manual - http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/ - Pwnd(dot)sh - https://github.com/SafeBreach-Labs/pwndsh - CrackMapExec - https://github.com/byt3bl33d3r/CrackMapExec/wiki - Privilege Escalation - Excellent Wiki - http://pwnwiki.io/#!index.md - Windows - Wiki - http://pwnwiki.io/#!privesc/windows/index.md - SMB - Relay Attacks/Spoofing - Hot Potato - https://foxglovesecurity.com/2016/01/16/hot-potato/ - Chuckle - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/november/introducing-chuckle-and-the-importance-of-smb-signing/ - More - https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python - RDP - https://onedrive.live.com/view.aspx?resid=F32A9F4F1477E49!109&ithint=file%2cdocx&app=Word&authkey=!ANzQTrmsTXSK9FM  - Various techniques/commands - http://resources.infosecinstitute.com/wp-content/uploads/Post-Exploitation-without-Automated-Tools1.pdf - http://www.slideshare.net/riyazwalikar/windows-privilege-escalation - Linux/Unix - Various exploits - https://github.com/FuzzySecurity/Unix-PrivEsc - Wiki - http://pwnwiki.io/#!privesc/linux/index.md - LinEnum- https://github.com/rebootuser/LinEnum - Unix-privesc-check - http://pentestmonkey.net/tools/audit/unix-privesc-check - Priv Esc/Enumeration - https://www.rebootuser.com/?p=1623 - Basic Linux Privilege Escalation - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ - Linux_Exploit_Suggester - https://github.com/PenturaLabs/Linux_Exploit_Suggester - Various techniques/commands - https://room362.com/post/2011/2011-09-06-post-exploitation-command-lists/ - Exfiltration - Detection Capabilities - Egress-Assess - https://github.com/ChrisTruncer/Egress-Assess - Outbound Port Detection (find unfiltered outbound connections) - http://www.floyd.ch/?p=352 - Network Exfiltration - DNS - dnsteal - https://github.com/m57/dnsteal - Learning Resources - Blogs - Mubix - https://room362.com/ - OJ's Perspective - http://buffered.io/ - Carnal0wnage - http://carnal0wnage.attackresearch.com/ - Corelan - https://www.corelan.be/ - Daniel Miessler https://danielmiessler.com/information-security/ - NetSec Addict - http://netsec.ws/ - SecList - http://seclist.us/ - Notepad - https://bobloblaw.gitbooks.io/security/content/ - Getting Started - Security - http://www.pentester.tips/gettingstarted.html - https://bobloblaw.gitbooks.io/security/content/ - https://www.reddit.com/r/HowToHack/comments/2c8d1p/free_online_ethical_hacking_courses/ - Networking - http://networkingprogramming.com/1024x768/index.html - OSCP Info - http://buffered.io/posts/oscp-and-me/ - https://jivoi.github.io/2015/06/19/oscp-prepare/ - https://gnashsec.blogspot.com/2015/07/my-experience-with-pwk-and-oscp.html - Video Series/Channels - LiveOverflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w - Pentestit - https://www.youtube.com/user/PentestITLab/videos - Hacking Labs/VMs - Vulnerable Windows Environment - http://www.crowdfunder.co.uk/rastalabs - Web Apps - Web Security Labs - http://www.cis.syr.edu/~wedu/seed/web_security.html - 40 Vulnerable Sites - https://www.bonkersabouttech.com/security/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392 - DVWS - https://github.com/interference-security/DVWS - oxfat - https://0xf.at/ - Find more here - https://skydogcon.blogspot.com/p/learning-resources.html - https://blogs.sans.org/pen-testing/files/2013/06/PosterSide1.png - http://www.amanhardikar.com/mindmaps/practice-links.html - Specific Topic Learning - Web Application Security - Solid Methodology - http://blog.zsec.uk/ltr101-method-to-madness/ - Introduction (left hand side) - http://securityidiots.com/index.html - XSS - Start here - http://brutelogic.com.br/blog/xss101/ - Practice XSS - https://xss-game.appspot.com/level1 - VM - https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/ - SQLi (SQL Injection) - http://attack.samsclass.info/sqlol-raw/search-raw.htm - Various Web Exploits - https://google-gruyere.appspot.com/part1 - Scripting/Coding - Python - Scapy - http://thesprawl.org/research/scapy/ - https://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html - Full Python Course - https://www.codecademy.com/learn/python - Exploit Development/Exploitation - Modern Binary Exploitation - https://github.com/RPISEC/MBE - https://www.peerlyst.com/posts/the-best-resources-for-learning-exploit-development - Crypto - https://littlemaninmyhead.wordpress.com/2015/09/28/so-you-want-to-learn-to-break-ciphers/ - Malware Analysis/Reversing - Start Here - https://github.com/tylerph3/awesome-reversing - University Course - https://github.com/RPISEC/Malware - Ray's World - http://rayseyfarth.com/ - Amanda - http://amanda.secured.org/how-to-start-reverse-engineering-malware/ - Practice Phishing - Morning Catch - http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/ - Free University Courses - https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html - Challenges - SANS Holiday Hack Challenge - https://holidayhackchallenge.com/2016/ - Before 2014 - https://pen-testing.sans.org/holiday-challenge/2014 - PCAP Challenges - https://github.com/aeibrahim/wireshark_challenge - https://www.honeynet.org/challenges - Fun Reading List - http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html - Repos/Collection of Tools - Large Toolset - https://awesomehacking.org/ - Large repo (many topics) - https://github.com/nixawk/pentest-wiki - https://github.com/Hack-with-Github/Awesome-Hacking - Penetration Testing Tools - Tons - https://github.com/enaqx/awesome-pentest - Tons - https://github.com/Aptive/penetration-testing-tools - Python - Intro - https://github.com/PacktPublishing/Python-Journey-from-Novice-to-Expert - Penetration Testing Tools - https://github.com/dloss/python-pentest-tools - Python Forensics - https://github.com/PacktPublishing/Learning-Python-for-Forensics - Reverse Engineering - https://github.com/tylerph3/awesome-reversing - Complete Courses/Videos/Guides/Books - Existing Full Guides (fantastic!) - Pentest Wiki - https://github.com/nixawk/pentest-wiki - Awesome Pentest - https://github.com/enaqx/awesome-pentest - CTF - Field Guide - https://trailofbits.github.io/ctf/ - Author's Guide - http://pastebin.com/DrsetKc8 - Resources - http://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/ - Attack - IPv6 - http://haxpo.nl/materials/haxpo2015ams/D3%20-%20R.%20Schaefer%20and%20J.%20Salazar%20-%20Pentesting%20in%20the%20Age%20of%20IPv6.pdf - Windows - Zero to Domain - http://www.computerworld.com/article/2843632/security0/scenario-based-pen-testing-from-zero-to-domain-admin-with-no-missing-patches-required.html - Network Fingerprinting and Exploitation - - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf - Linux - Network Fingerprinting and Exploitation - - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf - Courses - Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/ - Pen Testing - https://www.cybrary.it/course/advanced-penetration-testing/ - Videos - Advanced Threat Tactics - http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/ - Books - Advanced Penetration Testing for Highly Secured Environments - LARGE (!) PDF - https://news.asis.io/sites/default/files/%E2%80%8Cbook.pdf - Multiple pentesting books - http://www.arthur-training.com/Downloads/ITT/ - How-To - Evil Access Point - https://www.sensepost.com/blog/2013/rogue-access-points-a-how-to/ - DNS Phishing in Public Hotspots - https://www.exploit-db.com/docs/20875.pdf - Various topics - https://bobloblaw.gitbooks.io/security/content/ - Misc. Resources - Lectures/VMs/Videos (tons) - http://www.arthur-training.com/Downloads/ - Cheatsheets - Various Pentesting Tools - https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ - Powershell - Mics Scripts - https://github.com/rvrsh3ll/Misc-Powershell-Scripts - https://ramblingcookiemonster.github.io/images/Cheat-Sheets/powershell-cheat-sheet.pdf - Python - https://www.cheatography.com/davechild/cheat-sheets/python/ - 2 - https://realpython.com/files/python_cheat_sheet_v1.pdf - 3 - https://perso.limsi.fr/pointal/_media/python:cours:mementopython3-english.pdf - Shells - http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html - Netcat - https://neverendingsecurity.wordpress.com/2015/04/13/netcat-commands-cheatsheet/ - https://www.securitaus.org/netcat/pentest/2016/05/23/netcat-cheat-sheet.html - Tcpdump - http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/ - http://packetlife.net/media/library/12/tcpdump.pdf - Collections of Cheatsheets - https://github.com/jshaw87/Cheatsheets - http://packetlife.net/library/cheat-sheets/ - http://www.danielowen.com/2017/01/01/sans-cheat-sheets/ - SANS - https://pen-testing.sans.org/resources/downloads - Detection/Remediation/Defending - Detecting Meterpreter - https://www.sans.org/reading-room/whitepapers/forensics/analysis-meterpreter-post-exploitation-35537 - Detecting Backdoors - https://www.rawhex.com/2016/03/a-guide-to-recognising-backdoors-using-metasploitable-2/ - Detecting Malicious VBA Macros - https://github.com/decalage2/oletools/wiki/mraptor