A Note about Cheat Sheets
Everyone knows: cheat sheets are cool! They are very useful if you already know the basics about a topic but you have to look up details when you are not sure about something.
Especially, if you are new to a certain topic and you have to learn a lot of new stuff, it’s sometimes very hard to memorize everything.
Imagine you just got your 1st job as a security analyst. You’ll have to learn a lot of new tools, command options, attacks and so on. How can you quickly do a reverse DNS lookup of every IP address in a network? How can you run a specific nmap script against all servers on port 23? How do you show the details of a certificate of a TLS service? How did this Metasploit payload generation tool work again? How was this logonpasswords command called in mimikatz? And how again can I reuse relayed NTLM sessions using SOCKS? OK, I think you got it – it’s not so easy, right?
That’s exactly the place where cheat sheets come in handy!
Hacking Tools Cheat Sheet
So, I created a cheat sheet that contains lots of commands and tools that we often use during our penetration tests, security assessments or red teaming engagements. The cheat sheet contains info about the following topics:
- Basic Linux Networking Tools (ip, dig)
- Information Gathering (whois, CT logs, subdomain enumeration)
- TCP Tools (ncat)
- TLS Tools (openssl, ncat, sslyze, socat)
- HTTP Tools (python webserver, curl, nikto, gobuster)
- Sniffing (ARP spoofing, tcpdump, Wireshark, …)
- Network Scanning (nmap, masscan)
- Shells (Bind/reverse shells)
- Vulnerability DBs and Exploits (searchsploit and some links)
- Cracking (ncrack, hashcat, John the Ripper)
- Metasploit Framework (Use exploits, generate shells, shell listeners, meterpreter, pivoting, SOCKS proxying)
- Linux Privilege Escalation (LinEnum, lynis, GTFOBins)
- Windows Privilege Escalation (PowerSploit, smbmap)
- Windows Credentials Gathering (mimikatz, lsadump)
- Passh-The-Hash (Lots of impacket tools)
- NTLM Relay (ntlmrelayx, SOCKS proxying)
- Active Directory (BloodHound & PingCastle)
- Online References
The cheat sheet can be found here:
Download as a handy printable PDF:
Grab it while it’s hot 🤘!
Note: The latest version can always be found on GitHub: https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
Want to learn these tools?
Do you want to know more about these attack techniques and tools? Then, our new security training “Internal Network and System Security” might be something for you! In this training, the students will learn how attackers find security vulnerabilities in internal networks, how they are exploited and especially how to protect yourself and your infrastructure from such attacks. So this is a perfect course for network and system administrators that want to know the tools of the attackers in order to defend against them.
More infos about this training in general can be found here: https://www.compass-security.com/en/services/security-trainings/course-description-internal-network-and-system-security/.
There is a public training on the 11th and 12th of February 2020 where everyone whoi is interested can participate. More info can be found here: https://www.compass-security.com/en/services/security-trainings/translate-to-english-internal-network-and-system-security-februar-2020-bern/ . Note: This training will be held in German only (slides/course material are in English).
So, happy hacking and have fun!
How to attend the training.
Please send me the details to my mail.
There will be a training on the 11th and 12th of February 2020 in Berne, Switzerland.
More info can be found here: https://www.compass-security.com/en/services/security-trainings/translate-to-english-internal-network-and-system-security-februar-2020-bern/.
Note: The training will be held in German only (only the slides/course material and the used Linux distribution (Hacking-Lab Live CD) will be in English).
Very cool cheatsheet, thanks!
I see, the space is limited, but I miss the OSINT category…
Also, information gathering tools like dnsmap could be added.
But again, thanks, it’s awesome!
We have another dedicated cheat sheet for OSINT. This can be found here: https://www.compass-security.com/fileadmin/Datein/Research/White_Papers/osint_cheat_sheet.pdf
I’ll consider this for the future. THX for the tip.
Amass can also be used to perform some DNS hostname bruteforcing. This can be done using the -brute flag that is also documented in the cheat sheet.
Oh yes I see it now, amass looks very helpful. I’m surprised I’ve never stumbled across it before, it seems quite popular; definitely going to make use of it in the future.
The OSINT cheatsheet is also very helpful, thanks for sharing.
Yes, It’s one of my favourite subdomain enumeration tools because it uses a lot of different sources (however, Certificate Transparency is the most comprehensive IMHO).
Amass is also an OWASP flagship project since this year.
Your’re welcome. Have fun ;-)
And also please note, the latest version can now be found online on GitHub: https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet Happy Hacking :)
I will lern and experiment with them
I tried to type these into the command prompt but they did not work. What tool do I need to use to run these commands?
These are mainly tools for Linux. Depending on your used distribution, you have to install them first. The cheat sheet is however more designed to look up some command if you already know the tools and not to learn these tools from scratch.