Useful sites

Pentest Resources

• http://www.vulnerabilityassessment.co.uk/Penetration Test.html

• https://github.com/swisskyrepo/PayloadsAllTheThings

• https://book.hacktricks.xyz/

• https://guif.re/

• https://osintframework.com/ List of sites and resources for intelligence gathering

• https://www.regextester.com Test and debug regular expressions

• https://nomodulenamed.com Helps to fix missing dependencies on Python packages

• https://www.offensive-security.com/metasploit-unleashed Metasploit guide

• https://www.revshells.com/ Quick reverse shell templates

OWASP Guidelines

• https://owasp.org/www-project-application-security-verification-standard/

• https://cheatsheetseries.owasp.org/

Windows specific

• https://lolbas-project.github.io/ List of common exploitable Windows tools\programs

• https://github.com/Flangvik/SharpCollection Pre-compiled executables for in-memory execution

• https://www.lemoda.net/windows/windows2unix/windows2unix.html Windows CMD reference

• https://www.catalog.update.microsoft.com/ List of Windows hotfixes and updates

Active Directory

• https://attack.stealthbits.com/ Active Directory attacks guide
• https://wadcoms.github.io/ List of techniques for AD enumeration and exploit

Linux specific

• https://gtfobins.github.io/ List of common *nix programs that can be exploited for PrivEsc
• https://github.com/s0wr0b1ndef/Linux-Kernal-Exploits-m- List of linux kernel exploits
• https://explainshell.com/ Breaks down a bash command and explains it
• https://linux.die.net/man/ Linux man pages

Exploit databases

Exploit lists

• www.exploit-db.com
• https://vulners.com/search
• https://www.rapid7.com/db/
• www.securityfocus.com
• www.packetstormsecurity.com
• https://www.google.com/search?q=site%3Agithub.com

CVEs lists

• https://security.snyk.io/
• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=<keyword or cve>
• https://www.cve.org/
• https://cvedetails.com/cve/<cve>
• https://cxsecurity.com/cvemap/
• https://www.exploit-db.com/google-hacking-database

Fuzzying

• https://gchq.github.io/CyberChef/
• https://unicode-table.com/
• http://rumkin.com/tools/cipher/

Credentials

Forensics

• https://gchq.github.io/CyberChef/
• https://hashcat.net/wiki/doku.php?id=example_hashes

Text obfuscation

• http://rumkin.com/tools/cipher/
• https://www.quipqiup.com/

Default credentials

• https://open-sez.me/
• https://default-password.info/

Dictionaries

• https://github.com/danielmiessler/SecLists
• https://github.com/wallarm/jwt-secrets/blob/master/jwt.secrets.list

Hash cracking

• https://crackstation.net/
• https://hashes.org/search.php
• https://www.onlinehashcrack.com/
• https://hashkiller.co.uk/Cracker

Networking

Common Ports, Requests, Headers, Cookies...

• http://useragentstring.com/?uas=<UA string>&getText=all
• https://reqbin.com/
• https://www.speedguide.net/port.php?port=<port number>
• https://developer.mozilla.org/en-US/docs/Web/HTTP#reference
• https://cookiedatabase.org/
• http://www.soapclient.com/

Search Hosts or services

• https://www.whois.com/whois/<domain name>
• https://search.censys.io/
• https://www.shodan.io/

Network security analysis services

• https://www.ssllabs.com/ssltest/analyze.html?d=<url> SSL/TLS Configuration
• https://sitereport.netcraft.com/?url= <url> SSL/TLS Configuration
• https://securityheaders.com/?q=<url> HSTS Configuration

OSINT

• https://www.osintdojo.com/resources/
• https://osintframework.com/