Welcome to Hacking_Stuff! Think of it as my digital backpack 🎒 – you never know if you'll pull out a Wi-Fi hack, a remote code exploit, or just a 3 AM bash script that somehow works.
The contents are neatly organized into the following areas:
🗂️ Cheat_Sheets
A massive collection of professional cheat sheets for almost every security tool:
- Network: Nmap, Netcat, Ncat, Socat, DNSRecon, Shodan
- Web: Gobuster, Nikto, Sqlmap, SQLi Tools Collection
- Password Attacks: John The Ripper, THC-Hydra, Medusa
- Exploitation: Metasploit, Metasploitable2
- OSINT: The Harvester, SpiderFoot, Whois, Nslookup
- Wireless: WPA2 Cracking, Bluetooth Hacking
- Other: Cryptcat, OpenVAS, Hackers Cheat Sheet
🧑💻 Beginner_Guides
Guides, walkthroughs, and notes ranging from basic anonymity to mobile vulnerabilities and Wi-Fi pentesting labs. Includes subdirectories for:
- Anonymity — VPN, Tor, proxy chains
- Web_Hacking — SQLi, XSS, CSRF fundamentals
- WiFi_Hacking — Aircrack-ng, WPA/WPA2 attacks
- Mobile_Hacking — Android/iOS pentesting basics
- OS_Hacking — Linux/Windows exploitation
📚 Library
Notes and breakdowns of essential ethical hacking literature. Currently includes:
- Beginning Ethical Hacking with Kali Linux
- Hacking Book Chapter Breakdown
⚙️ Scripts
Custom automation scripts to speed up your workflow:
subdomain_enum.sh— Multi-source subdomain enumerationport_scanner.py— Fast TCP port scanner with service detectionhash_id.py— Hash type identifier (MD5, SHA, bcrypt, JWT, etc.)dir_bruteforce.sh— Directory/file brute-forcer with extension supportnmap_automator.sh— Automated Nmap scanning and reporting
A structured place to store your HackTheBox, TryHackMe, and VulnHub walk-throughs:
- TryHackMe: Linux Fundamentals, Nmap, OWASP Top 10, Basic Pentesting, Kenobi
- HackTheBox: Blue, Legacy, Devel, Optimum, Bastion
Step-by-step methodologies for professional engagements:
- Web Pentesting — Comprehensive web app security testing
- API Security — OWASP API Top 10 checklist
- Linux Privilege Escalation — SUID, sudo, cron, kernel exploits, capabilities
- Active Directory — Full AD methodology: recon → enumeration → exploitation → persistence
- Mobile Pentesting — OWASP MASVS-L1 checklist
🛠️ Configs
Your dotfiles and configuration templates ready to deploy on any new pentest VM:
.tmux.conf— Terminal multiplexer configuration
Snippets of intentionally vulnerable code to practice source code review and exploitation:
- SQLi_Example.php — SQL injection vulnerability
- XSS_Reflected.php — Reflected cross-site scripting
- Command_Injection.php — OS command injection
- Insecure_Direct_Object_Reference.php — IDOR vulnerability
-
Clone this repo:
git clone https://github.com/sanketjaybhaye/Hacking_Stuff.git cd Hacking_Stuff -
Navigate to the section you're interested in and start learning! Every main folder has its own
README.mddetailing its specific contents. -
Contribute: See CONTRIBUTING.md for guidelines on adding new content.
This repository is strictly for educational purposes and authorized testing only.
If you use these scripts, exploits, or concepts for malicious activities, the consequences are entirely yours. Be ethical, stay legal. 🚓
- Found an awesome new tool or cheat sheet? Add it!
- Noticed a typo in my notes? Please fix it 🙏
- Got an exploit script that needs a home? PRs are always welcome
See CONTRIBUTING.md for detailed guidelines.
Curated learning paths, top YouTube channels, bug bounty platforms, and essential blogs to keep you ahead of the curve.
This repo is a work in progress — forever. Like Wi-Fi handshakes, it just keeps changing.
Grab your ☕, fire up your terminal, and dive in.
Made with ❤️ by Sanket Jaybhaye