Pentest Resources
- published
- reading time
- 4 minutes
📚 Pentest-Resources
A curated list of websites and github repos with pentest cheatsheets, tools, techniques, CTF write-ups, programming languages, and more.
The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, and write-ups for like-minded offensive security enthusiasts and professionals.
| Name | Author(s) / Maintainer(s) | Description | Link | Type |
|---|---|---|---|---|
| HackTricks | Carlos Polop | A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing. | Link | Pentest cheatsheats |
| Red Team Notes | Mantvydas Baranauskas | A list of red teaming and penetration testing notes on various tools and techniques utilized by penetration testers, red teams, and real adversaries. | Link | Red team/Pentest notes |
| Gtfobins | Emilio Pinna, Andrea Cardaci | A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. | Link | Unix binaries |
| LOLBAS | Oddvar Moe | Contains a list of Windows binaries, scripts, and libraries that can be used for executing codes, Compiling code, UAC bypass, Persistance, etc | Link | Windows binaries/scripts |
| 0xBEN | Benjamin H. | 0xBEN’s blog featuring cybersecurity/IT resources, cheat sheets, and write-ups. | Link | Cybersecurity/IT blog |
| IppSec | IppSec | IppSec’s website that helps streamline your search for his YouTube videos and courses on HTB walkthroughs and techniques | Link | CTF (HTB) videos |
| 0xdf hacks stuff | 0xdf | 0xdf’s website with detailed write-ups on HTB machines | Link | CTF (HTB) write-ups |
| Goal Kicker | Unknown | Provides free exceptional programming notes covering 49 different types of programming languages, including scripting languages such as python and powershell | Link | Programming/Scripting language notes |
| The Hacker Recipes | Charlie Bromberg | Provides technical guides on various hacking topics as well as advanced topics such as Active Directory and Web services. | Link | Ethical Hacking guide |
| harmj0y | harmj0y | harmj0y’s blog covering security researches and attacks on active directory. | Link | Offsec/Active Directory resource |
| CyberChef | GCHQ | A web app for encryption, encoding, compression and data analysis | Link | Web based security analysis tool |
| Payloads All The Things | Swissky | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Link | Web App payloads/cheatsheets |
| SecLists | Daniel Miessler, Jason Haddix, g0tmi1k | A collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | Link | Wordlists |
| Assetnote Wordlists | Assetnote | The website provides wordlists that are up to date and effective against the most popular technologies on the internet. | Link | Wordlists |
| Speed Guide | SG Staff | The site offers free network tools and covers Broadband Internet connections, network security, wireless and system performance. A large section focuses on Cable Modems and DSL technology, stressing on improving TCP/IP performance over high speed/latency networks. | Link | Network/Security resource |
| pentestmonkey | pentestmonkey | Contains pentest blogs, tools, and cheatsheets | Link | Pentest cheatsheets |
| Awesome Hacker Search Engines | Edoardo Ottavianelli | A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more. | Link | Pentest search engines |
| HackTools | Ludovic COULON, Riadh BOUCHAHOUA | A web extension facilitating web application penetration tests, it includes cheatsheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. | Link | Web App tool/cheatsheet |
| NetSPI Blog | NetSPI | A blog on various Pentest, Red Team, General Offsec focused topics. | Link | Pentest/Red Team in depth |
| Hacking Articles | Raj Chandel - Founder and Others | Detailed and Summarised articles on various Pentest and Red Team topics, Offsec Tools and CTF writeups | Link | Detailed Pentest/Red Team Blog |
| PortSwigger Web Security Academy | PortSwigger | An academy with lessons and hands on lab to learn WebApp Pentesting | Link | WebApp Security Lessons & Labs |
| Juggernaut Pentesting Academy | Juggernaut | Extensive blog on General Offsec, Read Teaming and Pentesting Topics | Link | Pentest, Red Team, Offsec Topics |
| Hackersploit | Hackersploit | Video content on Red Team, Blue Team, Android Sec, CTF Writeup, Bug Bounty | Link | Red/Blue Team, Webapp, Android, Bug Bounty |
| TechMint | Ravi Saive | Free online community-supported publication that publishes practical and useful out-of-the-box high-quality articles on Linux, Sysadmin, Security, DevOps, Cloud Computing, Tools, and many other topics. | Link | Cheatsheets and High-quality articles on Linux, Sysadmin, Security, Tools, etc |
| Active Directory Exploitation Cheat Sheet | Nikos Katsiopis | A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. | Link | Active Directory Cheatsheets |
| Awesome Pentest | Nick Raienko | A collection of awesome penetration testing resources, tools and other shiny things | Link | Penetration testing and offensive cybersecurity resources. |