Comprehensive Burp Suite Cheat Sheet for Web Application Security Testing

Burp Suite is one of the most powerful tools for web application security testing, used widely by penetration testers and security researchers. It offers an extensive set of features to…

Active Directory (AD) Hacking Cheat Sheet

What is Active Directory? Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It’s widely used to manage permissions and access to network resources. Compromising…

SQLMap Cheat Sheet

What is SQLMap? SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and takes over database servers. Basic SQLMap Commands CommandDescriptionsqlmap -u…

FFuF (Fuzz Faster U Fool) Cheat Sheet

Basic Commands CommandDescriptionffuf -u <URL/FUZZ> -w <wordlist>Basic directory/file brute-forcingffuf -u <URL/FUZZ> -w <wordlist> -e <ext>Brute-force directories/files with specific extensionsffuf -u http://FUZZ.example.com/ -w <wordlist>Brute-force subdomainsffuf -u <URL>?FUZZ=value -w <wordlist>Brute-force parameters in…

Impacket Kerberoasting Cheat Sheet

What is Kerberoasting? Kerberoasting is an attack where an adversary requests service tickets for Service Principal Names (SPNs) from a Domain Controller, extracts these tickets, and attempts to crack their…

Gobuster Cheat Sheet

Basic Commands CommandDescriptiongobuster dir -u <URL> -w <wordlist>Directory brute-force against a web servergobuster dns -d <domain> -w <wordlist>DNS subdomain brute-force against a domaingobuster vhost -u <URL> -w <wordlist>Virtual host brute-force…

Metasploit Cheat Sheet

Starting Metasploit CommandDescriptionmsfconsoleStart Metasploit FrameworkmsfupdateUpdate the Metasploit FrameworkmsfdRun the Metasploit DaemonmsfvenomStandalone payload generator Basic Commands CommandDescriptionsearch <keyword>Search for modules using a keyworduse <module>Select a module (e.g., use exploit/windows/smb/ms17_010_eternalblue)info <module>Show information…

Nmap Cheat Sheet

Basic Scan Types CommandDescriptionnmap <target>Simple scan, default is a TCP connect scannmap -sS <target>Stealth SYN scan (default for privileged users)nmap -sT <target>TCP connect scan (used if SYN scan isn’t an…