This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.
A curated list of websites and github repos with pentest/redteam cheatsheets
, tools
, techniques
, CTF write-ups
, programming languages
, and more.
The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, write-ups, and more for like-minded offensive security enthusiasts and professionals.
Name | Author(s) / Maintainer(s) | Description | Link | Type |
---|---|---|---|---|
HackTricks | Carlos Polop | A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing. | Link | Pentest cheatsheats |
Red Team Notes | Mantvydas Baranauskas | A list of red teaming and penetration testing notes on various tools and techniques utilized by penetration testers, red teams, and real adversaries. | Link | Red team/Pentest notes |
Gtfobins | Emilio Pinna, Andrea Cardaci | A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. | Link | Unix binaries |
LOLBAS | Oddvar Moe | Contains a list of Windows binaries, scripts, and libraries that can be used for executing codes, Compiling code, UAC bypass, Persistance, etc | Link | Windows binaries/scripts |
0xBEN | Benjamin H. | 0xBEN's blog featuring cybersecurity/IT resources, cheat sheets, and write-ups. | Link | Cybersecurity/IT blog |
IppSec | IppSec | IppSec's website that helps streamline your search for his YouTube videos and courses on HTB walkthroughs and techniques | Link | CTF (HTB) videos |
0xdf hacks stuff | 0xdf | 0xdf's website with detailed write-ups on HTB machines | Link | CTF (HTB) write-ups |
Goal Kicker | Unknown | Provides free exceptional programming notes covering 49 different types of programming languages, including scripting languages such as python and powershell | Link | Programming/Scripting language notes |
The Hacker Recipes | Charlie Bromberg | Provides technical guides on various hacking topics as well as advanced topics such as Active Directory and Web services. | Link | Ethical Hacking guide |
harmj0y | harmj0y | harmj0y's blog covering security researches and attacks on active directory. | Link | Offsec/Active Directory resource |
CyberChef | GCHQ | A web app for encryption, encoding, compression and data analysis | Link | Web based security analysis tool |
Payloads All The Things | Swissky | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Link | Web App payloads/cheatsheets |
SecLists | Daniel Miessler, Jason Haddix, g0tmi1k | A collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | Link | Wordlists |
Assetnote Wordlists | Assetnote | The website provides wordlists that are up to date and effective against the most popular technologies on the internet. | Link | Wordlists |
Speed Guide | SG Staff | The site offers free network tools and covers Broadband Internet connections, network security, wireless and system performance. A large section focuses on Cable Modems and DSL technology, stressing on improving TCP/IP performance over high speed/latency networks. | Link | Network/Security resource |
pentestmonkey | pentestmonkey | Contains pentest blogs, tools, and cheatsheets | Link | Pentest cheatsheets |
Awesome Hacker Search Engines | Edoardo Ottavianelli | A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more. | Link | Pentest search engines |
HackTools | Ludovic COULON, Riadh BOUCHAHOUA | A web extension facilitating web application penetration tests, it includes cheatsheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. | Link | Web App tool/cheatsheet |
NetSPI Blog | NetSPI | A blog on various Pentest, Red Team, General Offsec focused topics. | Link | Pentest/Red Team in depth |
Hacking Articles | Raj Chandel - Founder and Others | Detailed and Summarised articles on various Pentest and Red Team topics, Offsec Tools and CTF writeups | Link | Detailed Pentest/Red Team Blog |
PortSwigger Web Security Academy | PortSwigger | An academy with lessons and hands on lab to learn WebApp Pentesting | Link | WebApp Security Lessons & Labs |
Juggernaut Pentesting Academy | Juggernaut | Extensive blog on General Offsec, Read Teaming and Pentesting Topics | Link | Pentest, Red Team, Offsec Topics |
Hackersploit | Hackersploit | Video content on Red Team, Blue Team, Android Sec, CTF Writeup, Bug Bounty | Link | Red/Blue Team, Webapp, Android, Bug Bounty |
TechMint | Ravi Saive | Free online community-supported publication that publishes practical and useful out-of-the-box high-quality articles on Linux, Sysadmin, Security, DevOps, Cloud Computing, Tools, and many other topics. | Link | Cheatsheets and High-quality articles on Linux, Sysadmin, Security, Tools, etc |
Active Directory Exploitation Cheat Sheet | Nikos Katsiopis | A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. | Link | Active Directory Cheatsheets |
Awesome Pentest | Nick Raienko | A collection of awesome penetration testing resources, tools and other shiny things | Link | Penetration testing and offensive cybersecurity resources. |
RevShells.com | Ryan Montgomery | Website with simple to use generator for reverse shell payloads | Link | Payloads and reverse shells |
Cybercopaedia | cr0mll | A website aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is accessible to as large an audience as possible and so that everyone has a good resource to learn ethical hacking from | Link | Ethical Hacking Encyclopedia |
OSCP Cheatsheet | Sai Sathvik | OSCP cheatsheets to prepare effectively for the certification | Link | OSCP Cheatsheet |
explainshell.com | Idan Kamara | A web interface capable of parsing man pages, extracting options and explaining a given command-line by matching each argument to the relevant help text in the man page. | Link | Shell/Linux Cheatsheet |
The Book of Secret Knowledge | Michał Ży | A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. | Link | Resources for System and Network administrators, DevOps, Pentesters, and Security Researchers. |
Contributions are welcomed. This list is not exhaustive, and I might have missed other pertinent resources. Therefore, feel free to add useful pentest/redteam resources to the list. The resources could be for pentesting tools, techniques, cheatsheets, write-ups, blogs, payloads, and wordlists.
I appreciate your contributions to Pentest-Resources-Cheat-Sheets and look forward to working together to improve this project!
Fork the Repository: Start by forking the Pentest-Resources-Cheat-Sheets repository to your GitHub account. You can do this by clicking the "Fork" button on the top right of the repository page.
Clone the Repository: Clone your forked repository to your local machine using the following command, replacing /bL34cHig0/
with your GitHub username and your-feature-name
with your desired name:
git clone https://github.com/bL34cHig0/Pentest-Resources-Cheat-Sheets.git
Create a Branch: Before making changes, create a new branch for your work:
git checkout -b feature/your-feature-name
Be sure to choose an appropriate branch name that describes the purpose of your changes.
Make Your Changes: Make your desired changes to the list and follow the format.
Commit Your Changes: Commit your changes with clear and concise commit messages:
git commit -m "Add feature/fix: describe your changes here"
Push Your Changes: Push your changes to your forked repository:
git push origin feature/your-feature-name
Submit a Pull Request (PR): Go to the original repository and click the "New Pull Request" button. Provide a detailed description of your changes, why they are necessary, and any relevant context.
If you would like to discuss improvements, please open an issue on the GitHub repository or reach out to me via LinkedIn
Some of these websites and github repos are open-source. Contributors not mentioned are credited on each projects' official page.