Hacking Cheatsheet

Plataformas de bug bounty

HackerOne https://hackerone.com/

Intigriti https://www.intigriti.com/

Bugcrowd https://www.bugcrowd.com/

YesWeHack https://www.yeswehack.com/

Cheatsheets

Exploit notes https://exploit-notes.hdks.org/

Hideandsec https://hideandsec.sh/

Deep Hacking https://deephacking.tech/

Hacktricks https://book.hacktricks.wiki/en/index.html

PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings.git

InternalAllTheThings https://github.com/swisskyrepo/InternalAllTheThings.git

HardwareAllTheThings https://github.com/swisskyrepo/HardwareAllTheThings.git

Advanced Bug Hunting Toolkit https://lostsec.xyz/

Awesome Bug Bounty Tools https://github.com/vavkamil/awesome-bugbounty-tools.git

Sistema Operativo

Kali Linux https://www.kali.org/

AutoBSPWM https://github.com/Justice-Reaper/AutoBspwmKali.git

Navegadores

Chrome https://www.google.com/intl/es/chrome/

Firefox https://www.firefox.com/es-ES/

Tor https://www.torproject.org/es/download/

VPN

TorGuard https://torguard.net/

Correo electrónico temporal

HouseHole https://github.com/TheCyberpunker/houseHole.git

Wifi

Airgeddon https://github.com/v1s1t0r1sh3r3/airgeddon.git

Android

Scrpy https://github.com/Genymobile/scrcpy.git

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF.git

OSINT

SpiderFoot https://github.com/smicallef/spiderfoot.git

Recon-ng https://github.com/lanmaster53/recon-ng.git

TheHarvester https://github.com/laramies/theHarvester.git

IntelligenceX https://intelx.io/

Hunter.io https://hunter.io/

SnusBase https://snusbase.com/

Leak Lookup https://leak-lookup.com/

Breach Directory https://breachdirectory.org/

DeHashed https://dehashed.com/

Waybackurls https://github.com/tomnomnom/waybackurls.git

Wayback Machine https://web.archive.org/

Phonebook https://phonebook.cz/

Emailrep.io https://emailrep.io/

Verify Email Address https://www.verifyemailaddress.org/

Email Checker https://email-checker.net/

Foros

Dark Forums https://darkforums.st/

Hack Forums https://hackforums.net/

Infraestructuras

Shodan https://www.shodan.io/

Fofa https://fofa.so/

ZoomEye https://www.zoomeye.ai/

Redes sociales

Sherlock https://github.com/sherlock-project/sherlock.git

Maigret https://github.com/soxoj/maigret.git

Identificación facial

PimEyes https://pimeyes.com/

Google dorking

Bug Bounty Search Engine https://nitinyadav00.github.io/Bug-Bounty-Search-Engine/

Subnetting

IPv4 Subnet Calculator https://www.site24x7.com/tools/ipv4-subnetcalculator.html

IPv6 Subnet Calculator https://www.site24x7.com/tools/ipv6-subnetcalculator.html

Reconocimiento

Masscan https://github.com/robertdavidgraham/masscan.git

Arp Scan https://github.com/royhills/arp-scan.git

Nmap https://github.com/nmap/nmap.git

GetTopPorts https://github.com/Justice-Reaper/getTopPorts.git

Escáneres de vulnerabilidades

Nuclei https://github.com/projectdiscovery/nuclei.git

Nuclei Templates https://github.com/projectdiscovery/nuclei-templates.git

Proxies

Caido https://caido.io/

Burpsuite professional https://github.com/xiv3r/Burpsuite-Professional.git

Proxy manager

FoxyProxy https://chromewebstore.google.com/detail/foxyproxy-b%C3%A1sico/dookpfaalaaappcdneeahomimbllocnb?hl=es

Extensiones básicas de Burpsuite

Active Scan ++ https://github.com/PortSwigger/active-scan-plus-plus.git

Error Message Checks https://github.com/PortSwigger/error-message-checks.git

Additional Scanner Checks https://github.com/PortSwigger/additional-scanner-checks.git

Collaborator Everywhere https://github.com/PortSwigger/collaborator-everywhere-v2.git

Backslash Powered Scanner https://github.com/PortSwigger/backslash-powered-scanner.git

Content Type Converter https://github.com/PortSwigger/content-type-converter.git

Software Vulnerability Scanner https://github.com/PortSwigger/software-vulnerability-scanner.git

Diccionarios

Auto Wordlists https://github.com/carlospolop/Auto_Wordlists.git

SecLists https://github.com/danielmiessler/SecLists.git

Payloadbox https://github.com/orgs/payloadbox/repositories

OneListForAll https://github.com/six2dez/OneListForAll.git

Kaonashi https://github.com/kaonashi-passwords/Kaonashi.git

Weakpass https://weakpass.com/

Generar diccionarios

CeWL https://github.com/digininja/CeWL.git

Psudohash https://github.com/t3l3machus/psudohash.git

Undust https://github.com/t3l3machus/undust.py.git

Cupp https://github.com/Mebus/cupp.git

Dividir diccionarios

payloadSplitter https://github.com/Justice-Reaper/payloadSplitter.git

Web

Identificar tecnologías web

WhatWeb https://github.com/urbanadventurer/WhatWeb.git

Wappalyzer https://chromewebstore.google.com/detail/wappalyzer-technology-pro/gppongmhjkpfnbhagpmjfkannfbllamg?hl=es

WAF

WhatWaf https://github.com/Ekultek/WhatWaf.git

Wafw00f https://github.com/EnableSecurity/wafw00f.git

Fuzzing

Feroxbuster https://github.com/epi052/feroxbuster.git

Dirsearch https://github.com/maurosoria/dirsearch.git

Ffuf https://github.com/ffuf/ffuf.git

Gobuster https://github.com/OJ/gobuster.git

Fuzzuli https://github.com/musana/fuzzuli.git

Bypasses

Encode IP https://github.com/PortSwigger/encode-ip.git

Ipfuscator https://github.com/dwisiswant0/ipfuscator.git

URL validation bypass https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet

Recollapse https://github.com/0xacb/recollapse.git

403 Bypasser https://github.com/PortSwigger/403-bypasser.git

NoMore403 https://github.com/devploit/nomore403.git

Bypass 403 https://github.com/v0rl0x/bypass-403-updated.git

Byp4xx https://github.com/lobuhi/byp4xx.git

Bypass Url Parser https://github.com/laluka/bypass-url-parser.git

Forbidden Buster https://github.com/Sn1r/Forbidden-Buster.git

GoNMF https://github.com/akinerkisa/GoNMF.git

CMS

WhatCMS https://whatcms.org/

CMSmap https://github.com/dionach/CMSmap.git

CMSeeK https://github.com/Tuhinshubhra/CMSeeK.git

DroopeScan https://github.com/SamJoan/droopescan.git

CMS Scanner https://github.com/PortSwigger/cms-scan.git

WPScan https://github.com/wpscanteam/wpscan.git

WPSeku https://github.com/andripwn/WPSeku.git

Wordpresscan https://github.com/swisskyrepo/Wordpresscan.git

JoomScan https://github.com/OWASP/joomscan.git

MoodleScan https://github.com/inc0d3/moodlescan.git

Frameworks de explotación del navegador

Toxssin https://github.com/t3l3machus/toxssin.git

Beef https://github.com/beefproject/beef.git

Vulnerabilidades

XXE

XXEinjector https://github.com/enjoiz/XXEinjector.git

XXExploiter https://github.com/luisfontes19/xxexploiter.git

Oxml_xxe https://github.com/BuffaloWill/oxml_xxe.git

Docem https://github.com/whitel1st/docem.git

Clickjacking

Security Headers https://securityheaders.com/

Shcheck https://github.com/santoru/shcheck.git

Clickbandit https://portswigger.net/burp/documentation/desktop/tools/clickbandit

CORS

CORS* - Additional CORS Checks https://github.com/PortSwigger/additional-cors-checks.git

Trusted Domain CORS Scanner https://github.com/PortSwigger/trusted-domain-cors-scanner.git

CorsOne https://github.com/omranisecurity/CorsOne.git

CORScanner https://github.com/chenjj/CORScanner.git

CorsMe https://github.com/Shivangx01b/CorsMe.git

Corsy https://github.com/s0md3v/Corsy.git

C0rsPwn3r https://github.com/YaiYai8/C0rsPwn3r.git

of-CORS https://github.com/trufflesecurity/of-CORS.git

CSRF

CSRF Scanner https://github.com/PortSwigger/csrf-scanner.git

Bolt https://github.com/s0md3v/Bolt.git

XSRFProbe https://github.com/0xInfection/XSRFProbe.git

Project Forgery https://github.com/haqqibrahim/Project-Forgery.git

SQLI

Ghauri https://github.com/r0oth3x49/ghauri.git

Sqlmap https://github.com/sqlmapproject/sqlmap.git

SQLMap DNS Collaborator https://github.com/portswigger/sqlmap-dns-collaborator

Agartha https://github.com/PortSwigger/agartha.git

Loxs https://github.com/coffinxp/loxs.git

SQLI cheatsheet https://portswigger.net/web-security/sql-injection/cheat-sheet

XSS

Agartha https://github.com/PortSwigger/agartha.git

Docem https://github.com/whitel1st/docem.git

Dalfox https://github.com/hahwul/dalfox.git

XSSDynaGen https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen.git

XSSuccessor https://github.com/Cybersecurity-Ethical-Hacker/xssuccessor.git

Loxs https://github.com/coffinxp/loxs.git

XSStrike https://github.com/s0md3v/XSStrike.git

XSSHunter Express https://github.com/mandatoryprogrammer/xsshunter-express.git

XXHunter https://xsshunter.trufflesecurity.com/app/#/

BXSSHunter https://bxsshunter.com/

XSSReport https://xss.report/

DOM Invader https://portswigger.net/burp/documentation/desktop/tools/dom-invader

XSS cheatsheet https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

SSRF

SSRF Payload Generator https://github.com/cxosmo/ssrf-payload-generator.git

SSRF PayloadMaker https://github.com/deXwn/SSRF-PayloadMaker.git

SSRFmap https://github.com/swisskyrepo/SSRFmap.git

Command injection

Command injection attacker https://github.com/PortSwigger/command-injection-attacker.git

Agartha https://github.com/PortSwigger/agartha.git

Commix https://github.com/commixproject/commix.git

SSTI

TInjA https://github.com/Hackmanit/TInjA.git

Tplmap https://github.com/epinna/tplmap.git

SSTImap https://github.com/vladko312/SSTImap.git

Template Injection Table https://github.com/Hackmanit/template-injection-table.git

Information Disclosure

Carpeta .git expuesta

GitTools https://github.com/internetwache/GitTools.git

Git Cola https://github.com/git-cola/git-cola.git

Exploits

Sploitify https://sploitify.haxx.it/

Exploit Database https://www.exploit-db.com/

Exploit Database’s Binary Exploits https://gitlab.com/exploit-database/exploitdb-bin-sploits

Vulners https://vulners.com/

Shells

Reverse shell generator https://github.com/0dayCTF/reverse-shell-generator.git

Villain https://github.com/t3l3machus/Villain.git

Obtener una TTY interactiva en linux https://ironhackers.es/tutoriales/como-conseguir-tty-totalmente-interactiva/

ConPtyShell https://github.com/antonioCoco/ConPtyShell.git

Unix

Pspy https://github.com/DominicBreuker/pspy.git

Linux Exploit Suggester https://github.com/The-Z-Labs/linux-exploit-suggester.git

Linux Smart Enumeration https://github.com/diego-treitos/linux-smart-enumeration.git

LinPeas https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS

Grype https://github.com/anchore/grype.git

GTFOBins https://gtfobins.github.io/

SuCrack https://github.com/hemp3l/sucrack.git

Windows

WinPeas https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS

Lolbas https://lolbas-project.github.io/

WADComs https://wadcoms.github.io/

AdPeas https://github.com/61106960/adPEAS.git

Container breakout

• Amicontained https://github.com/genuinetools/amicontained.git

• Deepce https://github.com/stealthcopter/deepce.git

• CDK https://github.com/cdk-team/CDK.git

Dumpear credenciales

LaZagne https://github.com/AlessandroZ/LaZagne.git

HackBrowserData https://github.com/moonD4rk/HackBrowserData.git

Hashes

Identificar

Hash Identifier https://hashes.com/en/tools/hash_identifier

Hash Identifier https://github.com/blackploit/hash-identifier.git

HashID https://github.com/psypanda/hashID.git

Name That Hash https://github.com/bee-san/Name-That-Hash.git

Haiti https://github.com/noraj/haiti.git

Crackear

Hashcat https://github.com/hashcat/hashcat.git

John the Ripper https://github.com/openwall/john.git

Wrappers

Hashcatalyst https://github.com/stealthsploit/Hashcatalyst.git

Reglas

OneRuleToRuleThemStill https://github.com/stealthsploit/OneRuleToRuleThemStill.git

Rainbow tables

Hashes https://hashes.com/en/decrypt/hash

CrackStation https://crackstation.net/

Weakpass https://weakpass.com/tools/lookup

Pivoting

Unix

Enumeración

Pivoting Enum https://github.com/S12cybersecurity/Pivoting_Enum.git

Tunneling

Ligolo-ng https://github.com/nicocha30/ligolo-ng.git

Chisel https://github.com/jpillora/chisel.git