Cheat Sheets for Pentesting - Unofficial OSCP Approved Tools

This by no means the end-all be-all list but merely tools that have been suggeseted by others. General rule of thumb - if a tool can auto-exploit then it is not allowed in the exam.

Note Taking

• OneNote
• GitHub Repo
• KeepNote
• PenTest
• Joplin (Template from TJ Null)
• Obsidian Mark Down
• Trilium

Report Template

• OSCP Report Template
• WhoIsFlynn
• Noraj

Enumeration

• AutoRecon
• nmapautomater
• Reconbot
• Raccoon
• RustScan
• BashScan

Web Related

• DirSearch
• GoBuster
• Recursive GoBuster
• Wfuzz
• goWAPT
• fuff
• Nikto
• dirb
• dirbuster
• feroxbuster
• FinalRecon

Networking

• impacket

Wordlists & Dictionaries

• SecLists

Payload Generators

• Reverse Shell Generator
• Windows Reverse Shell Generator
• MSFVenom Payload Creator

PHP Reverse Shells

• Windows PHP Reverse Shell
• Pentest Monkey Unix PHP Reverse Shell

Terminals

• Tmux
• Tmux Logging
• Oh My Tmux
• Screen
• Terminator
• Vim Windir

Exploits

• Exploit-DB
• Windows Kernel Exploits
• AutoNSE
• Linux Kernel Exploits

Password Brute Forcers

• BruteX
• Hashcat
• John The Ripper

Post-Exploitation & Privelage Escalation

• LinEnum
• LinPrivChecker
• Powerless
• PowerUp
• Linux Exploit Suggester
• Windows Exploit Suggester
• Windows Privelage Escalation Awesome Scripts WinPEAS
• Linux Privelage Escalation Awesome Scripts Double -Check The VERSION NUMBER
• GTFO Bins
• Get GTFO Bins
• Sudo Killer
• WADComs
• LOLBAS

Buffer OverFlow

• VulnServer for Windows
• VulnServer for Linux -Tib3rius TryHackMe Buffer Overflow

Privelage Escalation Practice

• Local Privelage Escalation Workshop
• Tib3rius Linux Privelage Escalation
• Tib3rius Windows Privelage Escalation

Resources

• HTB/VulnHub OSCP like Machines
• Offensive Security Proving Grounds
• Virtual Hacking Labs
• HackTheBox VIP required to access the retired machines
• Vulnhub
• RootMe
• TryHackMe
• OverTheWire Start with Bandit

☠️I am not the creator of these of tools. Use responsibly, don't be an asshole.