This is a series of cheatsheets covering common tools, techniques, and nuggets of information which I find useful as a penetration tester. The aim is to start publishing one document a week until there is a solid library of tools and techniques listed which you can download to have an offline copy on your pen testing build.
These cheatsheets are listed in the table below:
Document Name | Last Modified | Version |
---|---|---|
Common Hashes Cheatsheet | 2021-03-08 | v1.0 |
Compiling C# Using CSC Cheatsheet | 2021-05-06 | v1.0 |
Default Database Credentials Cheatsheet | 2021-05-06 | v1.0 |
Hashing & Encoding Cheatsheet | 2021-05-06 | v1.0 |
IPv4 Settings Cheatsheet | 2021-05-06 | v1.0 |
John the Ripper Cheatsheet | 2021-05-06 | v1.0 |
MS SQL Data Extraction Cheatsheet | 2021-05-06 | v1.0 |
Netcat Cheatsheet | 2021-05-06 | v1.0 |
OS Command Execution (Linux) Cheatsheet | 2021-05-06 | v1.0 |
OS Command Execution (Windows) Cheatsheet | 2021-05-06 | v1.0 |
Python Servers Cheatsheet | 2021-05-06 | v1.0 |
Shellshock Cheatsheet | 2021-05-06 | v1.0 |
SQL Injection Filter Evasion Cheatsheet | 2021-05-06 | v1.0 |
SQLMAP Cheatsheet | 2021-05-06 | v1.0 |
XXE Injection Cheatsheet | 2021-05-06 | v1.0 |
You are free download these files onto your pen testing build and use them in the course of training or working in the cyber security industry. You are also free to distribute these files to others who may find them useful. Please ensure you only use the techniques for legal and ethical purposes, however.
If you think that any crucial snippets are missing from any of the cheatsheets, raise an issue on Github, or contact me. Note that I aim to keep all cheatsheets at a maximum of two pages.
Feel free to contact me if you have any specific requests for tools, techniques, or information which you would like to be placed in cheatsheet format, or raise issues on Github.
TLDR: Only practice the techniques in these documents against systems you have permission to attack.
All information and techniques contained in the cheatsheets are for educational and professional purposes only. It is illegal to use the techniques outlined in many of these documents against computer systems that you do not expressly own, operate, and have full authorisation to target. It is your responsibility to obey all applicable laws when using the techniques in these documents.