Navigation :
navigation

Offensive Security Cheatsheet

Informations & Disclaimer

1/ This website is my personnal cheatsheet, a document used to centralize  
   many informations about cybersecurity techniques and payloads.

2/ Content, commands and tools provided on this website can cause damages 
   to websites and systems you might want to use them against.  
   Remember that is is illegal to scan or attack a resource that does not belong to you.

3/ Content is taken from my personnal experience but also from several
   online resources and cheatsheets. I also made a resources sections, linking to several
   resources I found or used. This section has been made lately, so all informations might
   not be sourced!

4/ This website is for educationnal and "memo" purpose only.
   It does not aim to weaponize anyone.

5/ If you have any request (Something that is wrong, removing informations...)  
   please do not hesitate to contact me on Twitter (@Haax9_).

6/ I'm also posting some writeups (HackTheBox, CTF..) and other cybersecurity stuff on a blog,
   available in French and English !
   --> https://haax.fr


Updates

06/02/2021
- OSINT Tools :
   - DumpItBlue Extension
   - Maigret
   - Social Analyzer
   - OSINT.sh
   - World Postal Codes
   - Added "OSINT in the air" category!

- OSINT Resources
   - Amnesty International Course : Open Source Investigations for Human Rights
   - Darknet Markets for Investigators
   - Flowcharts to distinguish European languages

- OSINT Trick
   - Instagram trick for viewing post (/embed/captioned)

- Web Pentest Tools
   - HTTP Methods Tester
   - Burp Suite Extension - Asset history
   - Firefox extension - HackTools
   - Bypa4xx tool
   - Findomain / Subfinder

- Leaks
   - Breachdirectory

- Cyber Threat Intel
   - APT Map

- MISC
   - Le dessous des cartes Youtube channel (Geopolitics)

- Windows Pentest
   - Precisions for Kerberos Delegations attacks
21/01/2021
- OSINT Tools :
   - Carbondate / Carbon14
   - shadow calculator
   - Instagram Location Search
   - Searching unique identifier on Facebook
   - isearchfrom
   - Google Maps Alternatives
   - Screenshots
   - emailrep.io
   - 360cities
   - Holehe web version
   - Time and Date

- OSINT Resources & Tricks :
   - The OSINT Library
   - Geotips
   - Open Street Map and Overpass part (OSINT/GEOINT)
   - some OSINT resources links
 
- Infosec Resource : The Hacker Recipes
- Windows Resource : WADComs interactive cheatsheet
- Added OPSEC Resources
- Added Any.run to resources

- Updated the phishing part (SSL & tips)
- Passcracking tool : Wrapcat

- +Added previous unreported resources, tools and tips


Acknowledgments

Special thanks to @Maki for teaching many tricks, methods and for the Hugo theme, but also to @_ACKNAK_ for the cheatsheet basis I started from, some months ago. And generally speaking, thanks to everyone sharing content and knowledge ! :)