[
LazyHackers
]
_
Home
Plans
Courses
Certifications
Cheatsheets
Leaderboard
Tracker
Quiz
Login
Register
Home
Plans & Pricing
Courses
Certifications
Cheatsheets
Leaderboard
Tracker
Quiz
Login
Register
Interactive
Cheatsheets
Searchable command references for pentesting, CTF, and security research. Click any command to copy.
All
web-pentest
(7)
exploitation
(7)
active-directory
(6)
recon
(3)
network-pentest
(2)
mobile-pentest
(2)
forensics
(1)
cloud-pentest
(1)
privesc
(1)
exploitation
Metasploit Framework — Exploitation
Metasploit Framework — the world's most used penetration testing framework for exploit development a…
84
May 2026
cloud-pentest
AWS CLI — Cloud Penetration Testing
AWS CLI commands for cloud penetration testing: IAM enumeration, S3 attacks, EC2 SSRF, privilege esc…
107
May 2026
recon
theHarvester — OSINT Email & Domain Recon
theHarvester gathers emails, names, subdomains, IPs and URLs from multiple public sources.
80
May 2026
exploitation
Hashcat — Offline Password Cracking
Hashcat is the world's fastest password recovery tool supporting 300+ hash types and GPU acceleratio…
64
May 2026
web-pentest
Gobuster — Directory & DNS Brute Force
Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 buckets.
125
May 2026
web-pentest
FFUF — Fast Web Fuzzer
FFUF (Fuzz Faster U Fool) — high-speed web fuzzer for directories, parameters, subdomains, and more.
92
May 2026
network-pentest
Nmap — Network Scanning & Enumeration
Complete Nmap reference for host discovery, port scanning, service detection, and NSE scripting.
123
May 2026
web-pentest
Nuclei — Fast Vulnerability Scanner
Nuclei is a fast, template-based vulnerability scanner for web apps, networks, and cloud infrastruct…
99
May 2026
mobile-pentest
Frida — Dynamic Instrumentation & Hooking
Frida dynamic instrumentation toolkit for hooking, bypassing, and analyzing mobile and desktop apps.
96
May 2026
exploitation
John the Ripper — Password Cracking
John the Ripper — versatile password cracker with hash extraction helpers for common file formats.
192
May 2026
exploitation
SearchSploit & ExploitDB — Exploit Discovery
SearchSploit — local ExploitDB search tool for finding and using publicly known exploits.
89
May 2026
active-directory
BloodHound — Active Directory Attack Path Analysis
BloodHound maps Active Directory attack paths using graph theory to find privilege escalation routes…
101
May 2026
active-directory
Kerbrute & Rubeus — Kerberos Attacks
Kerbrute for username enumeration and password spraying; Rubeus for full Kerberos attack toolkit.
103
May 2026
recon
GitLeaks & Source Code Recon — Secret Discovery
Gitleaks and other tools for finding secrets, credentials, and sensitive data in source code and git…
96
May 2026
mobile-pentest
ADB — Android Debug Bridge
ADB (Android Debug Bridge) for device interaction, app analysis, and Android penetration testing.
124
May 2026
active-directory
NetExec (CrackMapExec) — AD Lateral Movement
NetExec (nxc) — the Swiss Army knife for Windows/AD lateral movement, credential spraying, and post-…
144
May 2026
recon
Subfinder & Amass — Subdomain Enumeration
Passive and active subdomain enumeration with Subfinder and Amass.
108
May 2026
exploitation
Netcat & Socat — Network Swiss Army Knife
Netcat and Socat for reverse shells, port forwarding, file transfer, and network debugging.
93
May 2026
web-pentest
WPScan — WordPress Security Scanner
WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and exposed file…
140
May 2026
active-directory
Impacket — Windows & Active Directory Attacks
Impacket Python library with tools for SMB, MSRPC, Kerberos, NTLM, WMI, and AD attacks.
138
May 2026
web-pentest
SQLMap — SQL Injection Automation
SQLMap automates detection and exploitation of SQL injection vulnerabilities across all major databa…
89
May 2026
active-directory
Responder — LLMNR/NBT-NS Poisoning
Responder poisons LLMNR, NBT-NS, and mDNS to capture NTLMv2 hashes from Windows hosts on the local n…
147
May 2026
exploitation
Hydra — Online Password Brute Force
Hydra is a fast, parallelized online password cracker supporting 50+ protocols.
80
May 2026
privesc
LinPEAS & WinPEAS — Privilege Escalation Scripts
PEASS-ng scripts for automated local privilege escalation enumeration on Linux and Windows.
80
May 2026
forensics
Volatility — Memory Forensics
Volatility 3 framework for memory forensics — process analysis, credential extraction, and malware i…
79
May 2026
web-pentest
Nikto — Web Vulnerability Scanner
Nikto web server scanner — checks for dangerous files, outdated software, and server misconfiguratio…
84
May 2026
active-directory
Mimikatz — Windows Credential Dumping
Mimikatz extracts plaintext passwords, hashes, PIN codes, and Kerberos tickets from Windows memory.
83
May 2026
web-pentest
Burp Suite — Web Application Testing Proxy
Burp Suite CLI tools and key workflows for web application security testing.
105
May 2026
network-pentest
Wireshark & TCPDump — Packet Analysis
Capture and analyze network traffic with Wireshark and TCPDump for credential interception and proto…
80
May 2026
exploitation
MSFVenom — Payload Generation
MSFVenom combines msfpayload and msfencode for generating custom shellcode and payloads.
92
May 2026
Cookies Notice
We use cookies to improve security, analytics and your experience.
Learn more
Accept
Close