Rechercher les aide-mémoires

Active Directory attack workflow: enumeration, Kerberoasting, AS-REP roasting, credential dumping, and lateral movement on authorized engagements.

Wi-Fi security auditing suite — capture with airodump-ng, deauth with aireplay-ng, crack WPA with aircrack-ng.

In-depth attack surface mapping and subdomain enumeration via passive and active techniques.

HTTP parameter discovery tool for finding hidden GET and POST parameters.

Find domains and subdomains related to a given domain using passive sources (Tom Hudson).

GUI digital forensics platform built on The Sleuth Kit for disk images, timelines, keyword search, and artifact parsing.

Command-line interface for AWS enumeration, credential validation, and misconfiguration discovery during cloud assessments.

Microsoft Azure command-line tool for subscription, VM, storage, and Entra ID enumeration in cloud pentests.

Bash scripting syntax and one-liners — variables, loops, conditionals, and text processing for automation and pentesting.

Modern network attack and monitoring framework for ARP/DNS spoofing, sniffing, and credential attacks on authorized LANs.

Firmware and file analysis tool that scans for embedded files and extracts hidden archives.

Map Active Directory attack paths from SharpHound/SharpHound data collectors.

Stack-based buffer overflow workflow: fuzz, find the offset, control EIP, find bad chars, locate a JMP ESP, and get a shell.

Integrated web proxy and testing platform for intercepting, modifying, and automating HTTP traffic.

Internet-wide scan data and certificate intelligence for hosts, services, and attack surface research.

Spider a site and build a custom wordlist from discovered words.

Quick report of binary security mitigations (RELRO, stack canary, NX, PIE, Fortify).

Fast TCP/UDP tunnel over HTTP(S) for pivoting through compromised hosts when SSH is unavailable.

OS command injection payloads, separators, blind detection, and filter bypasses for achieving RCE on authorized targets.

Automated command injection detection and exploitation in web parameters and headers.

Swiss-army SMB/WinRM/LDAP/MSSQL tool for AD enumeration and credential testing.

Cron syntax reference and commands for scheduling jobs on Linux — plus persistence and privesc angles for pentesters.

Generate custom wordlists from charset and length rules.

Versatile CLI for HTTP(S), file transfer, headers, and scripting web/API tests during pentests.

Fast parameter-based XSS scanner and proof-of-concept generator for web apps.

DNS lookup utility for querying record types, tracing resolution, and debugging DNSSEC.

Classic web content scanner using wordlists to discover hidden directories and files.

Perl DNS enumerator for zone transfers, subdomain brute force, reverse lookups, and WHOIS.

Python DNS enumeration tool for records, zone transfers, brute force, and cache snooping.

Container runtime CLI for building images, inspecting deployments, and testing container breakout and misconfiguration paths.

CMS scanner focused on Drupal, Silverstripe, and WordPress plugin enumeration.

Modern SMB/LDAP/RPC enumerator for Windows and Samba hosts—users, groups, shares, and policies.

LAN MITM framework for ARP poisoning, sniffing, and filter-based traffic manipulation on authorized networks.

WinRM shell and file transfer for post-exploitation on Windows hosts.

Read and write metadata in images, documents, and media — GPS, camera info, author fields, and hidden tags.

Recursive content discovery tool with smart filtering, backups, and automatic extraction of new URLs.

Fast web fuzzer for directories, parameters, vhosts, and header injection with flexible matchers.

DNS reconnaissance tool that locates non-contiguous IP space near target domains.

Identify file types from magic bytes — essential before choosing exploit, extraction, or analysis tools.

Move files to and from compromised Linux and Windows hosts — HTTP, SMB, netcat, base64, and living-off-the-land binaries.

File carving tool that recovers files from disk images by header/footer signatures when filesystem metadata is missing.

GNU debugger for binary analysis with GEF or Pwndbg for heap, registers, and exploit-oriented views.

Version control CLI for cloning repos, hunting exposed secrets in history, and recovering source during web assessments.

Fast directory, DNS, vhost, and S3 bucket brute-forcer written in Go.

GCP command-line tool for project enumeration, IAM review, compute instances, and storage access testing.

GnuPG commands for encrypting files, signing, and managing keys — symmetric and public-key workflows.

Interactive helper to guess hash type for cracking tools.

GPU-accelerated offline password and hash recovery.

Custom TCP/UDP/ICMP packet crafting for firewall testing, traceroute, and port probing on authorized hosts.

Fast HTTP probe for live URLs, status codes, titles, and tech fingerprinting from host lists.