Interactive Cheatsheets

Searchable command references for pentesting, CTF, and security research. Click any command to copy.

All exploitation (7) web-pentest (7) active-directory (6) recon (3) mobile-pentest (2) network-pentest (2) cloud-pentest (1) privesc (1) forensics (1)

John the Ripper — Password Cracking

John the Ripper — versatile password cracker with hash extraction helpers for common file formats.

MSFVenom — Payload Generation

MSFVenom combines msfpayload and msfencode for generating custom shellcode and payloads.

Hashcat — Offline Password Cracking

Hashcat is the world's fastest password recovery tool supporting 300+ hash types and GPU acceleratio…

Hydra — Online Password Brute Force

Hydra is a fast, parallelized online password cracker supporting 50+ protocols.

Metasploit Framework — Exploitation

Metasploit Framework — the world's most used penetration testing framework for exploit development a…

SearchSploit & ExploitDB — Exploit Discovery

SearchSploit — local ExploitDB search tool for finding and using publicly known exploits.

Netcat & Socat — Network Swiss Army Knife

Netcat and Socat for reverse shells, port forwarding, file transfer, and network debugging.