Useful Resources

Please keep in mind that all the linked resources point to free or MOSTLY free services. All tools linked are open source or free as well. Some categories may mesh somewhat – Browse and refer to anything you might find useful. I’m always adding new resources as well!

Red Team Penetration Testing Resources [Very useful!]:

Luke’s Practical OSCP Guide (General Red Team Techniques)
EK’s Pentest Tips and Tricks
Metasploit: msfvenom Cheat Sheet
ExploitDB
VulnHub
HackTheBox
HighOnCoffee Pentesting Guide (VERY good!)
Windows Command Reference (from Microsoft)
ADSecurity.org
PowerOPS: PowerShell for Offensive Operations
Grouper: AD Weak Group Policy Detection Powershell Script
Building and Attacking an AD Environment with Powershell
Mimikittenz – Powershell Tool for dumping passwords from memory
Vault7 CIA Hacking Tools Leak (Reddit thread)
NoSQL Exploit Framework
CTFTime.org

OSINT, Enumeration, & Recon Tools:
Hackertarget
DNSDumpster
Robtex (really useful but has incredibly bad pop-ups)
Google Hacking Database (GHDB)
MXToolbox
OSINT Resources for 2019 – Medium
Shodan
GreyNoise Bot Mass-Scanning Activity
FireHOL IP List/Blacklist Lookup
TheHarvester – OSINT Framework
(Google is your best friend for this sort of thing as well as the tools in your operating system.)


Web Application Testing:

Cross Site Scripting [XSS] – Bypassing WAFs
SQL Injection – Bypassing WAFs

XML/XXE Injection Testing
XSS-Payloads Website
HUGE Collection of XSS + WAF Bypassing Payloads
AngularJS XSS Payloads – mccabe615
Testing for Path Traversal Vulnerabilities
Defcon 17 Joe McRay Advanced SQL Injection Slides
SQLMap – Tamper Scripts for WAF Evasion
Pentesting with OWASP ZAP – General Guide
Outpost 24 – Local File Inclusion to Remote Code Execution (RCE)
Infosec Institute – Local File Inclusion to RCE/Shell
NoSQL Exploitation Framework


Attacking 802.11/Wireless:

SniffAir – Wireless Pentesting Tool
LANs.py – Wireless Man in the Middle Toolkit
BetterCAP – Superior Ettercap alternative

Reverse Shell Cheat Sheets:

PenTest Monkey Reverse Shell Cheat Sheet
swisskyrepo Reverse Shell Cheat Sheet
Bernardo Damele Reverse Shell Cheat Sheet
HighOnCoffee Reverse Shell Cheat Sheet
sushant747 Reverse Shells Guide
CanYouPwn.Me Reverse Shell Comprehensive Guide


Windows & Linux Privilege Escalation/Post Exploitation (See red team resources above as well)

(Linux) payatu – Linux Privilege Escalation Guide
(Linux) Linux Privilege Escalation Scripts
(Linux) hackingarticles – sudo NOPASSWD Privilege Escalation
(Linux) Touhid Shaikh – Abusing Linux NOPASSWD for Privilege Escalation
(Linux) SysadminNotebook – Sudoers NOPASSWD PrivEsc via shell scripts
(Linux) securitynewspaper – Abusing Poor Sudo Permissions in Linux
(Linux) NullByte – Local Privilege Escalation in Linux with a Kernel Exploit
(Linux) LinEnum
(Linux) securelayer7 – Abusing Sudo for Privilege Escalation
(Windows) HUGE Active Directory Attack+Defense Comprehensive Guide
(Windows) TrustWave – My 5 Top Ways to Privilege Escalate
(Windows/Linux) sushant747 – Privilege Escalation Overview
(Windows) WinPwnage – Windows Privilege Escalation Framework
(Windows) p0wnedShell – Powershell post exploitation toolkit
(Windows) icebreaker – Active Directory Privilege Escalation Tool
(Windows) StealthBit Kerberos Golden Ticket AD PrivEsc
(Windows) PowerOPS: PowerShell for Offensive Operations
(Windows) Grouper: AD Weak Group Policy Detection Powershell Script
(Windows) Building and Attacking an AD Environment with Powershell
(Windows) Mimikittenz – Powershell Tool for dumping passwords from memory
(Windows) DCShadow – Silently Disable Windows Logging
(Windows) ADSecurity.org

Reverse Engineering/Forensics/Malware Analysis/Cybercrime Research – General Resources:

Reverse Engineering Router/Embedded Device Firmware w/ Binwalk – devTTYS0
RouterSploit 3.0 – THREAT9
Malwares.com malware samples/hostname lookups/IP address lookup
SpamHaus Top 10 Most Abused TLDs
MXToolbox Blacklist Check
GreyNoise Bot Mass-Scanning Activity
FireHOL IP List/Blacklist Lookup
File Carving with Foremost