Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
Notes
Home
Recon
Port Scanning
Ports
80,443 (Web)
113 (ident)
Cloud
AWS
AWS S3
Git
DNS
Subdomain / Vhosts
Exploit / Initial Access
Shell (Reverse/Others)
Antivirus Evasion
Process Hollowing (Windows)
Disable Windows Defender
Microsoft Office Macro
AppLocker / Powershell CLM
AppLocker Bypass
PowerShell Constrained Language Mode (CLM) Bypass
Windows
Linux
ASPX
Tomcat
Python
Wordpress
Elastic / FreePBX
Jenkins
H2 (JDBC)
LSP Reverse (Lua Server)
Upgrade Interactive Shell
Web Exploits
Web Recon
Information Gathering
XSS
Stealing Cookie
Stealing Local Secrets
Keylogging
Saved Password
Login Form Phishing
Common Payload for XSS
XSS Chain CSRF
CORS/CSRF
CSRF payloads
CORS payloads
SQL Injection
MySQL/Maria Injection
MySQL/MariaDB Common
MSSQL Injection
MSSQL Common
PostgreSQL Injection
PostgreSQL Common
MongoDB
SQLite Common
GraphQL
NoSQL Common
Oracle DB Common
Redis DB
SQLite
SQLMap
Fuzzing
NoSQL
SQLMap
Directory Traversal
Useful Payloads
XML External Entity
Useful Payloads
SSTI
Useful Payloads
OS Command Injection
Useful Payloads
Bypass Blacklist
Check Capabilities
Reverse Shell
Write Web Shell
SSRF
Useful Payloads
IDOR
Useful Payloads
Escape Restricted Shell
User Impersonation
Common Exploits
Log4Shell
ShellShock
MS17-010 EternalBlue
Redis RCE
Samba
Public SSH Keys
Double Decoding Apache Tomcat (CVE2007-1860)
Struts s2-045
JWT
Pickled Parameters
SQL Injection
MySQL/Maria Injection
MySQL/MariaDB Common
MSSQL Injection
MSSQL Common
PostgreSQL Injection
PostgreSQL Common
MongoDB
SQLite Common
GraphQL
NoSQL Common
Oracle DB Common
Redis DB
SQLite
SQLMap
Fuzzing
NoSQL
SQLMap
Privilege Escalation
Linux PE
First Check
Auto Enumeration
Manual Enumeration
Method (Linux)
Weak File Permission
Sudo
Cron Jobs
SUID / SGID
Passwords and Keys
NFS Share
Dangerous Groups
Process Running As Root
Service Exploit
.service File
Kernel Exploit
Windows PE
Auto Enumeration
Manual Enumeration
Method (Windows)
Services
Registry
Passwords
Scheduled Tasks
Insecure GUI App
Potato
Startup
Installed Application
LOCAL / NETWORK SERVICE
Special Privileges
Driver Vulnerabilities
Kernel Exploit
Active Directory
Active Directory Recon
PowerView
Active Directory Exploit
Kerberoast
ASREP Roasting
Unconstrained Delegation
Pivot
Ligolo-ng
Ligolo-MP
Chisel
SSH
Plink
NetSH
HTTPTunnel
IP Namespace (Segregate VPN in case Routing Conflict)
RINETD
Password Cracking
Operating Systems
NTLM
DCC2 (MSCACHE)
/etc/shadow
Web Passwords
HTTP Form POST
Wordpress
HTTP Authentication
Tomcat
HTPASSWD
Other Passwords
FTP
SSH
MSSQL
RDP
VNC
ZIP / PDF / RAR
Keepass (kdbx)
MD5
Custom Wordlist
Post Exploit
Ping Sweep
Cheap Port Scan
Common Checks
General Usage
Bloodhound
RunAs
ngrok
Powershell
Meterpreter
Crackmapexec
BeEF
Netcat / SMTP (Write)
Apache2
Python
Impacket
FTP
Strings
TFTP
SMB
Telnet
File Transfer
Compiling File
Git
APT
James POP3
Remote Desktop
Echo
PATH
WSF File
PHPINFO
SNMP (UDP 161)
PL Files
Wireshark
SSH / SCP
Covenant
Responder
Mimikatz
Other Attacks
Wireless Attack
WEP (Wired Equivalent Privacy)
WPA/WPA2
Wireless Attack Tools
Airmon-ng
Airodump-ng
Aireplay-ng
Manual Connection
Wi-Fi Interface Command
Exploit Development
Windows x86
Stack Buffer Overflow
SEH Buffer Overflow
IDA Pro
DEP Bypass (VirtualAlloc)
ROP Common
Template Repository
Exploit / Initial Access
Web Exploits
CORS/CSRF
Table of contents
CSRF payloads
CORS payloads