Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
Notes
Home
Recon
Port Scanning
Ports
80,443 (Web)
113 (ident)
Cloud
AWS
AWS S3
Git
DNS
Subdomain / Vhosts
Exploit / Initial Access
Shell (Reverse/Others)
Windows
Linux
Antivirus Evasion
Process Hollowing (Windows)
ASPX
Tomcat
Python
Wordpress
Elastic / FreePBX
Jenkins
H2 (JDBC)
LSP Reverse (Lua Server)
Upgrade Interactive Shell
Escape Restricted Shell
Common Exploits
Log4Shell
ShellShock
MS17-010 EternalBlue
Redis RCE
Samba
Public SSH Keys
Double Decoding Apache Tomcat (CVE2007-1860)
Struts s2-045
JWT
Pickled Parameters
SQL Injection
MySQL/Maria Injection
MSSQL Injection
PostgreSQL Injection
MongoDB
GraphQL
Redis DB
SQLite
NoSQL
SQLMap
Privilege Escalation
Linux PE
First Check
Auto Enumeration
Manual Enumeration
Method (Linux)
Weak File Permission
Sudo
Cron Jobs
SUID / SGID
Passwords and Keys
NFS Share
Dangerous Groups
Process Running As Root
Service Exploit
.service File
Kernel Exploit
Windows PE
Auto Enumeration
Manual Enumeration
Method (Windows)
Services
Registry
Passwords
Scheduled Tasks
Insecure GUI App
Potato
Startup
Installed Application
LOCAL / NETWORK SERVICE
Special Privileges
Driver Vulnerabilities
Kernel Exploit
Active Directory
Pivot
Ligolo-ng
Ligolo-MP
Chisel
SSH
Plink
NetSH
HTTPTunnel
IP Namespace (Segregate VPN in case Routing Conflict)
RINETD
Password Cracking
Operating Systems
NTLM
DCC2 (MSCACHE)
/etc/shadow
Web Passwords
HTTP Form POST
Wordpress
HTTP Authentication
Tomcat
HTPASSWD
Other Passwords
FTP
SSH
MSSQL
RDP
VNC
ZIP / PDF / RAR
Keepass (kdbx)
MD5
Custom Wordlist
General Usage
Bloodhound
RunAs
ngrok
Powershell
Meterpreter
Crackmapexec
BeEF
Netcat / SMTP (Write)
Apache2
Python
Impacket
FTP
Strings
TFTP
SMB
Telnet
File Transfer
Compiling File
Git
APT
James POP3
Remote Desktop
Echo
PATH
WSF File
PHPINFO
SNMP (UDP 161)
PL Files
Wireshark
SSH / SCP
Covenant
Responder
Post Exploit
Ping Sweep
Cheap Port Scan
Common Checks
Template Repository