Practical command references for penetration testing and red team operations
Commands I actually use. Kept updated from real engagements.
| Cheatsheet | Description |
|---|---|
| Enumeration & Recon | Nmap, Gobuster, FFuf, subdomain enum, service fingerprinting |
| Web Application | SQLi, XSS, IDOR, file inclusion, SSRF, directory traversal |
| Privilege Escalation — Linux | SUID, sudo, cron, capabilities, kernel exploits |
| Privilege Escalation — Windows | Token impersonation, UAC bypass, registry, service abuse |
| Active Directory | Kerberoasting, AS-REP roasting, BloodHound, Pass-the-Hash |
| Post Exploitation | Persistence, lateral movement, data exfil, covering tracks |
| Payloads & Shells | Reverse shells, msfvenom, obfuscation, listeners |
Pull requests welcome — if you spot something wrong or missing, open an issue.