Interactive Cheatsheets

Searchable command references for pentesting, CTF, and security research. Click any command to copy.

All web-pentest (7) exploitation (7) active-directory (6) recon (3) network-pentest (2) mobile-pentest (2) privesc (1) forensics (1) cloud-pentest (1)

Netcat & Socat — Network Swiss Army Knife

Netcat and Socat for reverse shells, port forwarding, file transfer, and network debugging.

John the Ripper — Password Cracking

John the Ripper — versatile password cracker with hash extraction helpers for common file formats.

MSFVenom — Payload Generation

MSFVenom combines msfpayload and msfencode for generating custom shellcode and payloads.

Metasploit Framework — Exploitation

Metasploit Framework — the world's most used penetration testing framework for exploit development a…

Hashcat — Offline Password Cracking

Hashcat is the world's fastest password recovery tool supporting 300+ hash types and GPU acceleratio…

SearchSploit & ExploitDB — Exploit Discovery

SearchSploit — local ExploitDB search tool for finding and using publicly known exploits.

Hydra — Online Password Brute Force

Hydra is a fast, parallelized online password cracker supporting 50+ protocols.