Cheatsheet God Save

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Project README

Github Logo

COMMIT SIZE

+ UPDATE: Added my huge link of bookmarks / references ❤️

Do you have a million bookmarks saved? Do all of those bookmarks contain unique information? Github repos starred for later?

Well this is a compilation of all of these resources into a single repo known as Cheatsheet-God. No more need for bookmarked links. No need to open a web browser. Its all here for you.

This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want!

All contributions are welcomed! If you feel like you can contribute and make these documents more complete, please do! I'll acknowledge you.

If you would like to improve anything, and add to this repo, PLEASE DO!

Here's what you do:

Create Issue Request describing your enhancement
Fork this repository
Push some code to your fork
Come back to this repository and open a PR
After some review, get that PR merged to master
Make sure to update Issue Request so that I can credit you! You ROCK!

Feel free to also open an issue with any questions, help wanted, or requests!

Acknowledgments

Inspiration: Making a cheatsheet god would be proud of using.
Hat tip to anyone who ever contributed :shipit:

-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities

-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section

-> Much thanks to akshaycbor for his contribution to Cheatsheet_MobileAppTesting.txt regarding apk repackaging instructions

WeChat Official Account

A_Can_Of_Tuna
Webp net-resizeimage

Get Some Practice

Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
TryHackMe

BLOGS

FORUMS

Http://sla.ckers.org/forum/index.php
Http://www.ethicalhacker.net/
Http://www.backtrack-linux.org/forums/
Http://www.elitehackers.info/forums/
Http://www.hackthissite.org/forums/index.php
Http://securityoverride.com/forum/index.php
Http://www.iexploit.org/
Http://bright-shadows.net/
Http://www.governmentsecurity.org/forum/
Http://forum.intern0t.net/

MAGAZINES

Http://www.net-security.org/insecuremag.php
Http://hakin9.org/

VIDEO

Http://www.hackernews.com/
Http://www.securitytube.net/
Http://www.irongeek.com/i.php?page=videos/aide-winter-2011
Http://avondale.good.net/dl/bd/
Http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
https://www.youtube.com/user/RootOfTheNull
https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA

METHODOLOGIES

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
http://projects.webappsec.org/w/page/13246978/Threat-Classification
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Http://www.social-engineer.org/

PRESENTATIONS

Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
Http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
Http://infond.blogspot.com/2010/05/toturial-footprinting.html

PEOPLE AND ORGANIZATIONAL

Http://www.spokeo.com/
Http://www.123people.com/
Http://www.xing.com/
Http://www.zoominfo.com/search
Http://pipl.com/
Http://www.zabasearch.com/
Http://www.searchbug.com/default.aspx
Http://theultimates.com/
Http://skipease.com/
Http://addictomatic.com/
Http://socialmention.com/
Http://entitycube.research.microsoft.com/
Http://www.yasni.com/
Http://tweepz.com/
Http://tweepsearch.com/
Http://www.glassdoor.com/index.htm
Http://www.jigsaw.com/
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
Http://www.tineye.com/
Http://www.peekyou.com/
Http://picfog.com/
Http://twapperkeeper.com/index.php

INFRASTRUCTURE

Http://uptime.netcraft.com/
Http://www.serversniff.net/
Http://www.domaintools.com/
Http://centralops.net/co/
Http://hackerfantastic.com/
Http://whois.webhosting.info/
Https://www.ssllabs.com/ssldb/analyze.html
Http://www.clez.net/
Http://www.my-ip-neighbors.com/
Http://www.shodanhq.com/
Http://www.exploit-db.com/google-dorks/
Http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
Http://www.exploit-db.com/
Http://www.cvedetails.com/
Http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
Http://www.securityfocus.com/bid
Http://nvd.nist.gov/
Http://osvdb.org/
http://www.nullbyte.org.il/Index.html
Http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
Http://secunia.com/
Http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
Http://www.cheat-sheets.org/
Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

AGILE HACKING

Http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
Http://blog.commandlinekungfu.com/
Http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
Http://isc.sans.edu/diary.html?storyid=2376
Http://isc.sans.edu/diary.html?storyid=1229
Http://ss64.com/nt/
Http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
Http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
Http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
Http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
Http://www.pentesterscripting.com/
Http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

OS AND SCRIPTS

http://en.wikipedia.org/wiki/IPv4_subnetting_reference
Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
Http://shelldorado.com/shelltips/beginner.html
Http://www.linuxsurvival.com/
http://mywiki.wooledge.org/BashPitfalls
Http://rubular.com/
Http://www.iana.org/assignments/port-numbers
Http://www.robvanderwoude.com/ntadmincommands.php
Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

TOOLS

Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
Http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
Http://h.ackack.net/cheat-sheets/netcat

DISTROS

Http://www.backtrack-linux.org/
Http://www.matriux.com/
Http://samurai.inguardians.com/
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
Https://pentoo.ch/
Http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
Http://www.piotrbania.com/all/kon-boot/
Http://www.linuxfromscratch.org/
Http://sumolinux.suntzudata.com/
Http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
Http://www.backbox.org/

LABS ISOS AND VMS

Http://sourceforge.net/projects/websecuritydojo/
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
Http://heorot.net/livecds/
Http://informatica.uv.es/~carlos/docencia/netinvm/
Http://www.bonsai-sec.com/en/research/moth.php
Http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Http://pynstrom.net/holynix.php
Http://gnacktrack.co.uk/download.php
Http://sourceforge.net/projects/lampsecurity/files/
Https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
Http://sourceforge.net/projects/virtualhacking/files/
Http://www.badstore.net/
Http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Http://www.dvwa.co.uk/
Http://sourceforge.net/projects/thebutterflytmp/

VULNERABLE SOFTWARE

Http://www.oldapps.com/
Http://www.oldversion.com/
Http://www.exploit-db.com/webapps/
Http://code.google.com/p/wavsep/downloads/list
http://www.owasp.org/index.php/Owasp_SiteGenerator
Http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

TEST SITES

Http://www.webscantest.com/
http://crackme.cenzic.com/Kelev/view/home.php
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Http://testaspnet.vulnweb.com/
Http://testasp.vulnweb.com/
Http://testphp.vulnweb.com/
Http://demo.testfire.net/
Http://hackme.ntobjectives.com/

EXPLOITATION INTRO

Http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
Http://www.mgraziano.info/docs/stsi2010.pdf
Http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
Http://www.ethicalhacker.net/content/view/122/2/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
Http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
Http://ref.x86asm.net/index.html

REVERSE ENGINEERING & MALWARE

http://www.woodmann.com/TiGa/idaseries.html
Http://www.binary-auditing.com/
Http://visi.kenshoto.com/
Http://www.radare.org/y/
Http://www.offensivecomputing.net/

PASSWORDS AND HASHES

Http://www.irongeek.com/i.php?page=videos/password-exploitation-class
Http://cirt.net/passwords
Http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
Http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
Http://www.foofus.net/?page_id=63
Http://hashcrack.blogspot.com/
Http://www.nirsoft.net/articles/saved_password_location.html
Http://www.onlinehashcrack.com/
Http://www.md5this.com/list.php?
Http://www.virus.org/default-password
Http://www.phenoelit-us.org/dpl/dpl.html
Http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

WORDLISTS

Http://contest.korelogic.com/wordlists.html
http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
Http://www.ericheitzman.com/passwd/passwords/

PASS THE HASH

Http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
Http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
Http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MITM

Http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
Http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
Http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.mindcenter.net/uploads/ECCE101.pdf
Http://toorcon.org/pres12/3.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
Http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
Http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.oact.inaf.it/ws-ssri/Costa.pdf
Http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
Http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
Http://blog.spiderlabs.com/2010/12/thicknet.html
Http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
Http://www.go4expert.com/forums/showthread.php?t=11842
Http://www.irongeek.com/i.php?page=security/ettercapfilter
Http://openmaniak.com/ettercap_filter.php
Http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
Http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
Http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
Http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

TOOLS OSINT

http://www.edge-security.com/theHarvester.php
Http://www.mavetju.org/unix/dnstracer-man.php
Http://www.paterva.com/web5/

Metadata

Http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
Http://lcamtuf.coredump.cx/strikeout/
Http://www.sno.phy.queensu.ca/~phil/exiftool/
Http://www.edge-security.com/metagoofil.php
Http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

GOOGLE HACKING

Http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
Http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
Http://sqid.rubyforge.org/#next
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

WEB

Http://www.bindshell.net/tools/beef
Http://blindelephant.sourceforge.net/
Http://xsser.sourceforge.net/
Http://sourceforge.net/projects/rips-scanner/
Http://www.divineinvasion.net/authforce/
Http://andlabs.org/tools.html#sotf
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
Http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
Http://code.google.com/p/pinata-csrf-tool/
Http://xsser.sourceforge.net/#intro
Http://www.contextis.co.uk/resources/tools/clickjacking-tool/
Http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
Http://sourceforge.net/projects/ws-attacker/files/
Https://github.com/koto/squid-imposter

ATTACK STRINGS

Http://code.google.com/p/fuzzdb/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

SHELLS

Http://sourceforge.net/projects/yokoso/
Http://sourceforge.net/projects/ajaxshell/

SCANNERS

Http://w3af.sourceforge.net/
Http://code.google.com/p/skipfish/
Http://sqlmap.sourceforge.net/
Http://sqid.rubyforge.org/#next
http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://code.google.com/p/fimap/wiki/WindowsAttack
Http://code.google.com/p/fm-fsf/

PROXIES Burp

Http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
Http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
Http://sourceforge.net/projects/belch/files/
Http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
Http://blog.ombrepixel.com/
Http://andlabs.org/tools.html#dser
Http://feoh.tistory.com/22
Http://www.sensepost.com/labs/tools/pentest/reduh
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
Http://intrepidusgroup.com/insight/mallory/
Http://www.fiddler2.com/fiddler2/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

Http://www.secmaniac.com/

PASSWORD

Http://nmap.org/ncrack/
Http://www.foofus.net/~jmk/medusa/medusa.html
Http://www.openwall.com/john/
Http://ophcrack.sourceforge.net/
Http://blog.0x3f.net/tool/keimpx-in-action/
Http://code.google.com/p/keimpx/
Http://sourceforge.net/projects/hashkill/

METASPLOIT

Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
Http://seclists.org/metasploit/
Http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
Http://meterpreter.illegalguy.hostzi.com/
Http://blog.metasploit.com/2010/03/automating-metasploit-console.html
Http://www.workrobot.com/sansfire2009/561.html
Http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
Http://vimeo.com/16852783
Http://milo2012.wordpress.com/2009/09/27/xlsinjector/
Http://www.fastandeasyhacking.com/
Http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Http://www.irongeek.com/i.php?page=videos/metasploit-class
Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
Http://vimeo.com/16925188
Http://www.ustream.tv/recorded/13396511
Http://www.ustream.tv/recorded/13397426
Http://www.ustream.tv/recorded/13398740

MSF Exploits or Easy

NSE

Http://www.securitytube.net/video/931
Http://nmap.org/nsedoc/

NET SCANNERS AND SCRIPTS

Http://nmap.org/
Http://asturio.gmxhome.de/software/sambascan2/i.html
Http://www.softperfect.com/products/networkscanner/
Http://www.openvas.org/
Http://tenable.com/products/nessus
Http://www.rapid7.com/vulnerability-scanner.jsp
Http://www.eeye.com/products/retina/community

POST EXPLOITATION

Http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
Http://www.phx2600.org/archive/2008/08/29/metacab/
Http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

NETCAT

Http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
Http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Http://www.dest-unreach.org/socat/
Http://www.antionline.com/archive/index.php/t-230603.html
Http://technotales.wordpress.com/2009/06/14/netcat-tricks/
Http://seclists.org/nmap-dev/2009/q1/581
Http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Http://gse-compliance.blogspot.com/2008/07/netcat.html

SOURCE INSPECTION

Http://www.justanotherhacker.com/projects/graudit.html
Http://code.google.com/p/javasnoop/

FIREFOX ADDONS

https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/?src=collection https://addons.mozilla.org/en-US/firefox/addon/web-developer/?src=collection https://addons.mozilla.org/en-CA/firefox/addon/cookie-quick-manager/ https://addons.mozilla.org/en-CA/firefox/addon/hackbartool/

TOOL LISTINGS

Http://packetstormsecurity.org/files/tags/tool
http://tools.securitytube.net/index.php?title=Main_Page

TRAINING/CLASSES SEC/HACKING

Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity

PROGRAMMING Python

Http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en: Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
Http://showmedo.com/videotutorials/python
Http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

PROGRAMMING Ruby

Http://www.tekniqal.com/

OTHER MISC

Http://www.cs.sjtu.edu.cn/~kzhu/cs490/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
http://i-web.iu-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
Http://resources.infosecinstitute.com/
Http://vimeo.com/user2720399

WEB VECTORS SQLI

Http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
Http://isc.sans.edu/diary.html?storyid=9397
Http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Http://www.evilsql.com/main/index.php
Http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
Http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
Http://sqlzoo.net/hack/
Http://www.sqlteam.com/article/sql-server-versions
Http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
Http://vimeo.com/3418947
Http://sla.ckers.org/forum/read.php?24,33903
Http://websec.files.wordpress.com/2010/11/sqli2.pdf
Http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
Http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL

WEB VECTORS UPLOAD TRICKS

Http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
Http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
Http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
Http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
Http://www.ravenphpscripts.com/article2974.html
Http://www.acunetix.com/cross-site-scripting/scanner.htm
Http://www.vupen.com/english/advisories/2009/3634
Http://msdn.microsoft.com/en-us/library/aa478971.aspx
Http://dev.tangocms.org/issues/237
http://seclists.org/fulldisclosure/2006/Jun/508
Http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://shsc.info/FileUploadSecurity

WEB VECTORS LFI/RFI

Http://pastie.org/840199
Http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
Http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
Http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
Http://www.digininja.org/blog/when_all_you_can_do_is_read.php

WEB VECTORS XSS

Http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
Http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
Http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
Http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
Http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
Http://heideri.ch/jso/#javascript
Http://www.reddit.com/r/xss/
Http://sla.ckers.org/forum/list.php?2

COLDFUSION

Http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://zastita.com/02114/Attacking_ColdFusion..html
Http://www.nosec.org/2010/0809/629.html
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

SHAREPOINT

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

LOTUS

http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://seclists.org/pen-test/2002/Nov/43
Http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

JBOSS

http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
Http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

VMWARE WEB

Http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

ORACLE APP SERVERS

Http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.owasp.org/index.php/Testing_for_Oracle
Http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
Http://www.ngssoftware.com/papers/hpoas.pdf

SAP

Http://www.onapsis.com/research.html#bizploit
Http://marc.info/?l=john-users&m=121444075820309&w=2
http://www.phenoelit-us.org/whatSAP/index.html

WIRELESS

Http://code.google.com/p/pyrit/

CAPTURE THE FLAG/WARGAMES

Http://intruded.net/
Http://smashthestack.org/
Http://flack.hkpco.kr/
Http://ctf.hcesperer.org/
Http://ictf.cs.ucsb.edu/
Http://capture.thefl.ag/calendar/

MISC/UNSORTED

http://www.ikkisoft.com/stuff/SMH_XSS.txt
Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/
Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
Http://www.sensepost.com/blog/4552.html
Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
Http://carnal0wnage.attackresearch.com/node/410
Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

Open Source Agenda is not affiliated with "Cheatsheet God" Project. README Source: OlivierLaflamme/Cheatsheet-God

Stars

4,690

Open Issues

Last Commit

7 months ago

Repository

OlivierLaflamme/Cheatsheet-God

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/cheatsheet-god"><img src="https://www.opensourceagenda.com/projects/cheatsheet-god/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

Cheatsheet God Save

If you would like to improve anything, and add to this repo, PLEASE DO!

Acknowledgments

More

WeChat Official Account

Get Some Practice

BLOGS

FORUMS

MAGAZINES

VIDEO

METHODOLOGIES

PRESENTATIONS

PEOPLE AND ORGANIZATIONAL

INFRASTRUCTURE

AGILE HACKING

OS AND SCRIPTS

TOOLS

DISTROS

LABS ISOS AND VMS

VULNERABLE SOFTWARE

TEST SITES

EXPLOITATION INTRO

REVERSE ENGINEERING & MALWARE

PASSWORDS AND HASHES

WORDLISTS

PASS THE HASH

MITM

TOOLS OSINT

Metadata

GOOGLE HACKING

WEB

ATTACK STRINGS

SHELLS

SCANNERS

PROXIES Burp

SOCIAL ENGINEERING

PASSWORD

METASPLOIT

MSF Exploits or Easy

NSE

NET SCANNERS AND SCRIPTS

POST EXPLOITATION

NETCAT

SOURCE INSPECTION

FIREFOX ADDONS

TOOL LISTINGS

TRAINING/CLASSES SEC/HACKING

PROGRAMMING Python

PROGRAMMING Ruby

OTHER MISC

WEB VECTORS SQLI

WEB VECTORS UPLOAD TRICKS

WEB VECTORS LFI/RFI

WEB VECTORS XSS

COLDFUSION

SHAREPOINT

LOTUS

JBOSS

VMWARE WEB

ORACLE APP SERVERS

SAP

WIRELESS

CAPTURE THE FLAG/WARGAMES

MISC/UNSORTED

Open Source Agenda Badge

From the blog

How to Choose Which Programming Language to Learn First?

From the blog

How to Choose Which Programming Language to Learn First?