[
LazyHackers
]
_
Home
Plans
Courses
Certifications
Cheatsheets
Leaderboard
Tracker
Quiz
Login
Register
Home
Plans & Pricing
Courses
Certifications
Cheatsheets
Leaderboard
Tracker
Quiz
Login
Register
Interactive
Cheatsheets
Searchable command references for pentesting, CTF, and security research. Click any command to copy.
All
web-pentest
(7)
exploitation
(7)
active-directory
(6)
recon
(3)
network-pentest
(2)
mobile-pentest
(2)
cloud-pentest
(1)
privesc
(1)
forensics
(1)
web-pentest
Burp Suite — Web Application Testing Proxy
Burp Suite CLI tools and key workflows for web application security testing.
37
Apr 2026
active-directory
Impacket — Windows & Active Directory Attacks
Impacket Python library with tools for SMB, MSRPC, Kerberos, NTLM, WMI, and AD attacks.
56
Apr 2026
active-directory
NetExec (CrackMapExec) — AD Lateral Movement
NetExec (nxc) — the Swiss Army knife for Windows/AD lateral movement, credential spraying, and post-…
57
Apr 2026
mobile-pentest
Frida — Dynamic Instrumentation & Hooking
Frida dynamic instrumentation toolkit for hooking, bypassing, and analyzing mobile and desktop apps.
35
Apr 2026
active-directory
Responder — LLMNR/NBT-NS Poisoning
Responder poisons LLMNR, NBT-NS, and mDNS to capture NTLMv2 hashes from Windows hosts on the local n…
82
Apr 2026
recon
GitLeaks & Source Code Recon — Secret Discovery
Gitleaks and other tools for finding secrets, credentials, and sensitive data in source code and git…
37
Apr 2026
exploitation
Netcat & Socat — Network Swiss Army Knife
Netcat and Socat for reverse shells, port forwarding, file transfer, and network debugging.
34
Apr 2026
exploitation
John the Ripper — Password Cracking
John the Ripper — versatile password cracker with hash extraction helpers for common file formats.
43
Apr 2026
mobile-pentest
ADB — Android Debug Bridge
ADB (Android Debug Bridge) for device interaction, app analysis, and Android penetration testing.
76
Apr 2026
web-pentest
WPScan — WordPress Security Scanner
WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and exposed file…
80
Apr 2026
network-pentest
Wireshark & TCPDump — Packet Analysis
Capture and analyze network traffic with Wireshark and TCPDump for credential interception and proto…
28
Apr 2026
recon
theHarvester — OSINT Email & Domain Recon
theHarvester gathers emails, names, subdomains, IPs and URLs from multiple public sources.
28
Apr 2026
exploitation
MSFVenom — Payload Generation
MSFVenom combines msfpayload and msfencode for generating custom shellcode and payloads.
38
Apr 2026
exploitation
Metasploit Framework — Exploitation
Metasploit Framework — the world's most used penetration testing framework for exploit development a…
30
Apr 2026
privesc
LinPEAS & WinPEAS — Privilege Escalation Scripts
PEASS-ng scripts for automated local privilege escalation enumeration on Linux and Windows.
30
Apr 2026
exploitation
Hashcat — Offline Password Cracking
Hashcat is the world's fastest password recovery tool supporting 300+ hash types and GPU acceleratio…
26
Apr 2026
cloud-pentest
AWS CLI — Cloud Penetration Testing
AWS CLI commands for cloud penetration testing: IAM enumeration, S3 attacks, EC2 SSRF, privilege esc…
35
Apr 2026
web-pentest
Nuclei — Fast Vulnerability Scanner
Nuclei is a fast, template-based vulnerability scanner for web apps, networks, and cloud infrastruct…
38
Apr 2026
web-pentest
SQLMap — SQL Injection Automation
SQLMap automates detection and exploitation of SQL injection vulnerabilities across all major databa…
35
Apr 2026
active-directory
Mimikatz — Windows Credential Dumping
Mimikatz extracts plaintext passwords, hashes, PIN codes, and Kerberos tickets from Windows memory.
34
Apr 2026
web-pentest
FFUF — Fast Web Fuzzer
FFUF (Fuzz Faster U Fool) — high-speed web fuzzer for directories, parameters, subdomains, and more.
32
Apr 2026
web-pentest
Nikto — Web Vulnerability Scanner
Nikto web server scanner — checks for dangerous files, outdated software, and server misconfiguratio…
27
Apr 2026
active-directory
Kerbrute & Rubeus — Kerberos Attacks
Kerbrute for username enumeration and password spraying; Rubeus for full Kerberos attack toolkit.
45
Apr 2026
exploitation
SearchSploit & ExploitDB — Exploit Discovery
SearchSploit — local ExploitDB search tool for finding and using publicly known exploits.
34
Apr 2026
web-pentest
Gobuster — Directory & DNS Brute Force
Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 buckets.
72
Apr 2026
recon
Subfinder & Amass — Subdomain Enumeration
Passive and active subdomain enumeration with Subfinder and Amass.
29
Apr 2026
network-pentest
Nmap — Network Scanning & Enumeration
Complete Nmap reference for host discovery, port scanning, service detection, and NSE scripting.
49
Apr 2026
forensics
Volatility — Memory Forensics
Volatility 3 framework for memory forensics — process analysis, credential extraction, and malware i…
32
Apr 2026
exploitation
Hydra — Online Password Brute Force
Hydra is a fast, parallelized online password cracker supporting 50+ protocols.
33
Apr 2026
active-directory
BloodHound — Active Directory Attack Path Analysis
BloodHound maps Active Directory attack paths using graph theory to find privilege escalation routes…
41
Apr 2026
Cookies Notice
We use cookies to improve security, analytics and your experience.
Learn more
Accept
Close