⚒️My Cyber Cheat Sheet

This is just a set here as a reminder of all of the tools and information just to have it in one place ordered correctly

Documentation

• The Bug Hunter's Methodology (TBHM) also in video from NahamCon2022

• OWASP Web Security Testing Guide

• OWASP Mobile Application Security

• OWASP Cheat Sheet Series

• HackTricks

Bug Bounty Programs

• HackerOne

• BugCrowd

• Intigriti

• YesWeHack

• Immunefi

• openbugbounty

Gather scopes programatically with sw33tLie/bbscope

Tools

Subdomain Enumeration

• OWASP/amass
• projectdiscovery/subfinder
• Oshmilylty/One4All

Information Gathering

• hackluke/haktrails

  • fetches securitytrails which is really usefull for subdomain-takeovers
• Extract info from JS files: BishopFox/jsluice

  • function jsurls { jsluice urls <(curl -sk "$1"); }

• assetfinder

  • checks certs

• chaos

  • everything that is in a BB program should be here

• edoardottt/cariddi

Wordlists

• commonspeak
• SecLists
• https://wordlists.assetnote.io/

Permutations

• gotator

gotator -sub $subdomains -perm $dns_wordlist -depth 2 -numbers 4 -mindup -adv -md -silent -t 150

• altdns
• goaltdns
• dnsgen
• regulator

  • More info here

SQLi:

• sqlmapproject/sqlmap
• eslam3kl/SQLiDetector: Integrates with BurpSuite
• r0oth3x49/ghauri

Phishing

• JoelGMSec/EvilnoVNC

Other tools

• DNS Resolver: puredns
• DNS Resolver: dnsx
• Reverse Lookup: https://securitytrails.com/domain/DOMAINTOFIND.COM/dns
• Similar companies/domains by trademark: https://trademarks.justia.com/
• Reverse Whois whoxyrm

  • https://www.whoxy.com/
• De-dups: uro
• Screenshot: gowitness
• Project Discovery Tool Manager - pdtm

  • To download tools like: subfinder, dnsx, httpx, Naabu, proxify, nuclei, notify
• Test all the strings: CyberChef
• 403 Bruteforce: M4DM0e/DirDar

Check Acquisitions

• httpx

  • Gives also context about web apps such as technology

Port Analysis

• Masscan
• Naabu
• nmap

PORTS=80,81,300,443,591,593,832,981,1010,1311,2082,2087,2095,2096,2480,2375,3000,3128,3333,4443,4080,4243,4567,4711,4712,4993,5000,5104,5108,5800,6543,7000,7396,7474,8000,8001,8008,8014,8042,8069,8080,8081,8088,8090,8091,8118,8123,8172,8222,8243,8280,8281,8333,8443,8500,8834,8880,8888,8983,9000,9043,9060,9080,9090,9091,9200,9443,9800,9981,10000,10250,12443,16080,18091,18092,20720,28017

Content Discovery

• ffuf/ffuf
• https://github.com/epi052/feroxbuster

  • Other content discovery (better)

• Gau: https://github.com/lc/gau

  • List public known resources

• Waybackurls or waymore

  • https://github.com/xnl-h4ck3r/waymore (edited)

VPS Hosting

• Scaleway - Budget Friendly
• Oracle Cloud - Almost free decent VPS
• Google Cloud - 300$ in free credits
• Amazon Web Services - Pretty decent VPS free tier
• Azure - Same as AWS

Manual - Proxies

• BurpSuite

  • Get hands on training with the Web Security Academy from PortSwigger
• Caido
• OWASP ZAP

Static Code Analysis | Secret detection

• gitleaks/gitleaks
• snyk/cli
• aquasecurity/trivy
• praetorian-inc/noseyparker

Privilege Escalation

• PEASS-ng

Useful banners

nmap cheat sheet

Good WriteUp's / Posts:

• https://medium.com/@s_novoselov
• https://github.com/hahwul/WebHackersWeapons
• https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/
• https://github.com/arget13/DDexec
• https://sha256algorithm.com/
• https://medium.com/nerd-for-tech/some-tips-for-sql-injections-764e1a254a29