Pentesting Pocket Book for hackers and developers.
Reconnaissance
Web Application Hacking
Weaponization
- Buffer Overflows (BOF)
  - DSBOFG
    Scripts
Initial Access
- 😈Services
- 😈Shells
Persistence
- File Transfers
  - Py->Exe->Txt
  - Cross compile example
- Backdoors
Privilege Escalation
Network Discovery
- Network Traffic
  - tcpdump
- Internal Discovery
Collection and Staging
- Collection
  - File types
Hacking Objectives
- Non Kinetic War (Quick Guide)
Procedures
Glossary
Hacking Frameworks
- Metasploit
  - msfvenom
- Dsnif
ThreatModeling
- Threat Modeling Overview
Certifications
- VMDR
- OSCP Cheat Sheet
RF - Radio Frequency
- Ham Technician

Powered by GitBook

On this page

InfoSec Communities
Reporting Frameworks
Report Template
Enumeration
Web Related
Network Tools
Wordlists / Dictionaries
Payload Generators
PHP Reverse Shells
Exploits
Post-Exploitation / Privilege Escalation
Practice:
Buffer Overflow Practice
Privilege Escalation Practice
Extra Practice

Was this helpful?

Certifications

OSCP Cheat Sheet

PreviousQualys Response (Patch Deployment)NextHam Technician

Last updated 3 years ago

Was this helpful?

InfoSec Communities

Offensive Security Official Discord —
Vulnhub Official Discord —
InfoSec Prep Discord —
Hack The Box Official Discord —
Try Hack Me Official Discord —
Unofficial Virtual Hacking Labs Discord —
Server: irc.freenode.org | channel: #offsec

Reporting Frameworks

Dradis —
Serpico —

Report Template

Created by whoisflynn —
Created by Noraj —

Enumeration

Web Related

Network Tools

Wordlists / Dictionaries

Payload Generators

PHP Reverse Shells

Exploits

Post-Exploitation / Privilege Escalation

Practice:

Buffer Overflow Practice

Privilege Escalation Practice

Extra Practice

AutoRecon —

nmapAutomator —

Reconbot —

Raccoon —

RustScan —

BashScan —

Dirsearch —

GoBuster —

Recursive GoBuster —

wfuzz —

goWAPT —

ffuf —

Nikto —

dirb —

dirbuster —

feroxbuster —

FinalRecon —

Impacket (SMB, psexec, etc) —

SecLists —

Reverse Shell Generator —

Windows Reverse Shell Generator —

MSFVenom Payload Creator —

Windows PHP Reverse Shell —

PenTestMonkey Unix PHP Reverse Shell — l

Exploit-DB —

Windows Kernel Exploits —

AutoNSE —

Linux Kernel Exploits —

Payload all the Things:

LinEnum —

linprivchecker —

Powerless —

PowerUp —

Linux Exploit Suggester —

Windows Exploit Suggester —

Windows Privilege Escalation Awesome Scripts (WinPEAS) —

CHECK THE VERSION NUMBER!!! Linux Privilege Escalation Awesome Script (LinPEAS) — Remove the code detailed in this blog post:

GTFOBins (Bypass local restrictions) —

Get GTFOBins —

sudo_killer —

WADComs —

LOLBAS —

Vulnserver for Windows —

Vulnserver for Linux —

Tib3rius TryHackMe BOF —

Local Privilege Escalation Workshop —

Linux Privilege Escalation —

Windows Privilege Escalation —

HTB/Vulnhub like OSCP machines (Curated by OffSec Community Manager TJNull)—

Offensive Security: Proving Grounds —

Virtual Hacking Labs —

HackTheBox (Requires VIP for Retired machines) —

Vulnhub —

Root-Me —

Try Hack Me —

OverTheWire — (Linux basics)

https://discord.gg/offsec

https://discord.gg/yNndh7R

https://discord.gg/infosecprep

https://discord.gg/hackthebox

https://discord.gg/tryhackme

https://discord.gg/bQfGnVQ

https://dradisframework.com/academy/industry/compliance/oscp/

https://github.com/SerpicoProject/Serpico

https://github.com/whosiflynn/OSCP-Exam-Report-Template

https://github.com/noraj/OSCP-Exam-Report-Template-Markdown

https://github.com/Tib3rius/AutoRecon

https://github.com/21y4d/nmapAutomator

https://github.com/Apathly/Reconbot

https://github.com/evyatarmeged/Raccoon

https://github.com/RustScan/RustScan

https://github.com/astryzia/BashScan

https://github.com/maurosoria/dirsearch

https://github.com/OJ/gobuster

https://github.com/epi052/recursive-gobuster

https://github.com/xmendez/wfuzz

https://github.com/dzonerzy/goWAPT

https://github.com/ffuf/ffuf

https://github.com/sullo/nikto

https://tools.kali.org/web-applications/dirb

https://tools.kali.org/web-applications/dirbuster

https://github.com/epi052/feroxbuster

https://github.com/thewhiteh4t/FinalRecon

https://github.com/SecureAuthCorp/impacket

https://github.com/danielmiessler/SecLists

https://github.com/cwinfosec/revshellgen

https://github.com/thosearetheguise/rev

https://github.com/g0tmi1k/msfpc

https://github.com/Dhayalanb/windows-php-reverse-shell

http://pentestmonkey.net/tools/web-shells/php-reverse-shel

https://www.exploit-db.com/

https://github.com/SecWiki/windows-kernel-exploits

https://github.com/m4ll0k/AutoNSE

https://github.com/lucyoa/kernel-exploits

https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/rebootuser/LinEnum

https://www.securitysift.com/download/linuxprivchecker.py

https://github.com/M4ximuss/Powerless

https://github.com/HarmJ0y/PowerUp

https://github.com/mzet-/linux-exploit-suggester

https://github.com/bitsadmin/wesng

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

https://www.offensive-security.com/offsec/understanding-pentest-tools-scripts/

https://gtfobins.github.io/

https://github.com/CristinaSolana/ggtfobins

https://github.com/TH3xACE/SUDO_KILLER

https://wadcoms.github.io/

https://lolbas-project.github.io/

https://github.com/stephenbradshaw/vulnserver

https://github.com/ins1gn1a/VulnServer-Linux

https://tryhackme.com/jr/bufferoverflowprep

https://github.com/sagishahar/lpeworkshop

https://www.udemy.com/course/linux-privilege-escalation/

https://www.udemy.com/course/windows-privilege-escalation/

https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159

https://www.offensive-security.com/labs/individual/

https://www.virtualhackinglabs.com/

https://www.hackthebox.eu/

https://www.vulnhub.com/

https://www.root-me.org/

https://tryhackme.com

https://overthewire.org