Like everyone else I thought it'd be a good idea to keep a list of interesting resources and tools. This is my list, there are many like it, but this one is mine.

The list is broken up into sections. Sections will generally be related links or specific usage details or background. Some links may be in multiple sections as they are usefull in multiple ways. Some sections are broken out into separate pages. I'm yet to find a good, consistent way to do this so it is currently a bit arbitrary and unorganised.

Many of these things have been picked up from twitter, forums or other places. Not all have been tested by me so YMMV. So far none of it is my original research. Great appreciation to all those who publish and share their research or even the research of others

• General/Varied

  • Pen Test Tools - High On Coffee
  • Payload all the things!
  • The Hacker Recipes
  • IPPSEC
  • 0xffsec's pentesting handbook

• Recon

  • External
    • General
      • nmap
      • searchsploit
      • good old nc
      • socat
      • RustScan - faster nmap - testing suggests many false negatives :(
      • Awesome WAF - waf details, detection, bypass etc.
      • MYIP.MS - whois/DNS/hosting etc. resources
      • DNSDumpster - DNS recon and research
    • Web App
      • Encode shell in PNG idat
      • sqlmap
      • sslyze
      • DirBuster - remember to "Go Fast". 200 Thread seems about right Deprecated and built into ZAP now
      • dirsearch - python implementation of directory brute forcing. Lots of configurations options.
      • OWASP ZAP
      • Sublist3r - subdomain OS int
      • Certificate Search crt.sh
      • HTTP Request Smuggler
      • Burp Suite
    • Windows
      • SMB Enumeration
      • Enumerating AD
      • smbclient
      • smbmap
      • CrackMapExec - smb, ldap, ssh, winrm, mssql
      • Responder - sniff, capture and forward all sorts of credentials/auth
      • rpcclient
      • redhat rpcclient man/help
      • An old but still a little helpful RPC tutorial - eTutorials.org
      • The Dog Whisperers Handbook - Detailed primer on Bloodhound use
  • Internal (On Box)
    • General
      • Payloads All The Things!
      • PEASS-ng - linpeas and winpeas
    • linux
      • LinEnum.sh
      • Linux Priv Checker
      • Metasploit - post/multi/recon/local_exploit_suggester <-- not very good, maiinly seems to look for old CVEs
      • find / -writable 2>/dev/null
      • find / -perm 6000 2>/dev/null
      • Linux Smart Enum
      • pspy - process file access watching
      • Proc FS
    • Windows
      • mimikatz
      • kekeo
      • Rubeus
      • Get-ChildItem -Path <start-path> -Recurse -Force -ErrorAction SilentlyContinue -Include <file-name1> -Include <file-name2>
      • nettitude - SharpWSUS - use any signed windows binary to create a WSUS update and push it to selected computers
      • probx - PoshWSUS - PowerShell tools to inspect WSUS configs
      • eladshamir - Whisker - manipualte msDS-KeyCredentialLink to get pfx
  • Internal (Other Network Hosts)
    • nmap
    • meterpreter portfwd
    • socat/nc tunneling
    • proxychains4 (deals with some exceptions better than proxychains)
    • smartbrute - lower risk credential brute forcing in AD
    • InveighZero - Interception/Spoofing attacks in C#
    • Inveigh - Interception/Spoofing attacks in PowerShell
    • Responder-Windows - Interception/Spoofing attacks in python (with compiled versions, still need python)

• Login/Login Bypass/Privesc

  • Web Creds
    • Hydra (Brute force http-get|post-form)
    • padbuster - instructions
    • credmaster2 by knavesec - password spraying through AWS to rotate IPs
  • Windows
    • impacket
    • kerberos cheat sheet
    • tarlogic kerberos cheat sheet III
    • spooky sec secretsdump tutorial
    • Knock and Pass Kerberos
    • Evil WinRM
    • Petitpotam
    • SpoolSploit - dockerized print spooler exploit collection
    • impacket - set of AD/Kerberos tools (and many others) for python. Many work on Windows.

• Exploits

  • General
    • EDB Binaries
  • Linux
    • GTFOBins
    • Jaws enumeration
  • Windows
    • FuzzySecurity
    • PowerUp
    • BeRoot
    • absolom's WPE guide
    • Printer driver - from local admin to LPE on any machine
    • List of Windows exploits which MS wont/can't fix
    • Windows LPE to DA - RemotePotato0
    • LOLBAS
  • Web

• Reverse Eng

  • Cross Platform
    • IDA
    • Ghidra
    • Reverse Engineering for Beginners
  • Windows
    • dnSpy
  • Knowledge
    • Process injection with gdb

• General Knowledge (understand the tools)

  • Kerberos
    • Wikipedia Kerberos Description
    • f-secure ms14-068 kerberos
  • Reverse Shells LOTL
  • IPPSEC
  • sushant747 Total OSCP guide
  • OWASP Web testing guide
  • Guide to named pipes and Cobalt Strike pipes
  • Specterops - Abusing Active Directory Certificate Services
  • zer1t0 atacking AD - extensive guide to AD and attacking it
  • A twitter thread on LSA by Steve Syfuhs
  • A guide to AD security

• Training

  • Certifications
    • Offensive Security
    • Portswigger Web Security Academy Certification
    • Pentester Academy RedTeam Certification
  • Practice
    • Hack The Box
    • Try Hack Me
    • Pentester Academy
    • Offensive Security Proving Grounds
    • VulnHub - prebuilt vulnerable VMs
    • Portswigger Web Security Academy
    • OWASP vulnerable web apps list

• Scripting Hints

  • Powershell
    • Create Credentials without Credential pop-up
    • Bypass PS execution policy
    • Enable RDP via PS
  • cmd
    • reg query hklm...
  • general
    • Reverse Shell Generator

• Cracking

  • Hashcat
  • John
  • JWT
    • JWT Tool
    • jwtcat
    • jwtcracker
    • c-jwt-cracker
  • Password Lists
    • FlameOfIgnis
    • Breach Parser from hmaverickadams
    • Updated OneRuleToRuleThemAll - OneRuleToRuleThemStill by stealthsploit

• Reporting

  • Tools
    • Greenshot Windows Screenshot with simple editing
    • Flameshot Linux Screenshot with simple editing

• Online Tools

  • Decoding/Hash Cracking
    • Cyberchef
    • MD5hashing - hashcracking

• Impants and Command and Control

• Building and maintaining a lab

  • BadBlood - random AD object creation
  • AD via powershell
  • LetsEncrypt for certs
  • More AD via powershell - server 2019
  • Install-ADDSForest
  • Windows update via powershell
  • Add a second DC
  • Free M365 25 seat dev account
  • Collection of AWS books