Interactive Cheatsheets

Searchable command references for pentesting, CTF, and security research. Click any command to copy.

All web-pentest (7) exploitation (7) active-directory (6) recon (3) network-pentest (2) mobile-pentest (2) privesc (1) forensics (1) cloud-pentest (1)

Burp Suite — Web Application Testing Proxy

Burp Suite CLI tools and key workflows for web application security testing.

WPScan — WordPress Security Scanner

WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and exposed file…

Nuclei — Fast Vulnerability Scanner

Nuclei is a fast, template-based vulnerability scanner for web apps, networks, and cloud infrastruct…

SQLMap — SQL Injection Automation

SQLMap automates detection and exploitation of SQL injection vulnerabilities across all major databa…

FFUF — Fast Web Fuzzer

FFUF (Fuzz Faster U Fool) — high-speed web fuzzer for directories, parameters, subdomains, and more.

Nikto — Web Vulnerability Scanner

Nikto web server scanner — checks for dangerous files, outdated software, and server misconfiguratio…

Gobuster — Directory & DNS Brute Force

Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 buckets.