CheatSheets

CURL DNS File Transfer Hydra Impacket JohnTheRipper NCAT NMAP Online Resources Reverse Shell Wordlists

Active Directory

Mindmap Attacking AD Linux AD

Cloud

AWS Azure Google Terraform

Container

Docker Kubernetes

Linux

Penetration Testing Checklist Enumeration Privilege Escalation Post Exploitation Services Tools

Network

Data Exfiltration Port Scanning Reconnaissance Pivoting Services Traffic Analysis

Tech Stack

CMS Databases DevOps Enterprise Apps IAM Monitoring Open-Source Utilities Web Servers

Windows

AV/EDR Evasion Enumeration Privilege Escalation Post Exploitation

Web Application

Reconnaissance Common Vulnerabilities Authentication Bypass API Testing

Network Port Scanning

TCP Scanning

# Full TCP scan
nmap -p- 192.168.1.1

# Stealth SYN scan
nmap -sS 192.168.1.1

# Service version scan
nmap -sV -p 1-1024 192.168.1.1

# Scan top ports
nmap --top-ports 1000 192.168.1.1

UDP Scanning

# Basic UDP scan
nmap -sU 192.168.1.1

# Scan specific UDP ports
nmap -sU -p 53,123,161 192.168.1.1

# Detect UDP services
nmap -sU -sV 192.168.1.1

# Aggressive UDP scan
nmap -sU -A 192.168.1.1

Stealth Scanning

# Fragment packets
nmap -f 192.168.1.1

# Spoof source IP
nmap -S <spoofed_ip> 192.168.1.1

# Decoy scan
nmap -D <decoy1>,<decoy2> 192.168.1.1

# Idle scan
nmap -sI <zombie_host> 192.168.1.1

Scanning Tools

• Nmap: nmap -sS <target>
• Masscan: masscan -p0-65535 <target> --rate 1000
• Unicornscan: unicornscan -i eth0 -r 1000 192.168.1.1
• Hping3: hping3 -S 192.168.1.1
• ZMap: zmap -p 80 192.168.1.0/24