Cool Stuff
This is the drawer of useful security stuff that doesn't quite fit anywhere else. Cheat sheets, reference wikis, payload collections, wordlists, exploit databases, and the kind of links you bookmark, forget about, and then desperately re-google three months later when you actually need them.
Everything here is free, well-maintained, and the kind of thing working bug bounty hunters and pentesters use weekly. None of it is "learn-the-basics" material, that's on the learning tools page. These are the references you reach for once you already know what you're doing.
The drawer
- HackTricks Carlos Polop's pentesting wiki, the closest thing to a single reference for web, cloud, and AD attack technique
- PayloadsAllTheThings The de facto reference for web attack payloads, bypasses, and exploitation tricks, organized by bug class
- SecLists The standard wordlist collection for content discovery, fuzzing, brute forcing, and password attacks
- GTFOBins Curated index of Unix binaries that can be abused for privilege escalation and shell escapes
- LOLBAS The Windows equivalent of GTFOBins, mapping built-in binaries to their offensive uses
- OWASP Cheat Sheet Series Concise, scannable reference cards for both attackers and defenders, covering specific vulnerability classes
- OWASP Top 10 The canonical reference list of the most critical web application security risks, with examples and prevention notes
- CWE Top 25 MITRE's annual ranking of the most dangerous software weaknesses, useful as a lookup index
- Hacking the Cloud Encyclopedic reference of offensive cloud security techniques across AWS, Azure, and GCP
- Exploit-DB OffSec's public exploit archive, the canonical place to find and verify proof-of-concept code
- CVE.org The official CVE program site, the source of truth for tracking publicly disclosed vulnerabilities
- OSINT Framework Long-running tree of OSINT tools and resources, organized by what you are trying to find
- CTFtime The hub for finding upcoming CTFs, browsing past challenges, and reading writeups from competing teams
What each thing is good for
- Reference wikis. HackTricks is the closest thing the pentest world has to a single source of truth, covering web, cloud, Active Directory, and more. Hacking the Cloud is the cloud-focused counterpart, with detailed AWS, Azure, and GCP attack notes.
- Payloads and bypasses. PayloadsAllTheThings is where you go when you need a working XSS payload for a weird filter, an SSRF bypass for a specific cloud metadata endpoint, or any of a hundred other things you didn't memorize.
- Wordlists. SecLists is the standard collection used by almost every fuzzing, brute-forcing, and content-discovery tool. If you have ever wondered "where do those default wordlists come from", it's here.
- Living off the land. GTFOBins covers Unix binaries you can abuse for privilege escalation. LOLBAS is the Windows equivalent. Both are essential when you have a shell and need to do something useful with what's already on the box.
- Cheat sheets and reference lists. The OWASP Cheat Sheet Series, OWASP Top 10, and CWE Top 25 are reference cards you consult to quickly answer "what bug class is this and what does impact look like?".
- Vulnerability databases. CVE.org tracks the canonical list of disclosed vulnerabilities. Exploit-DB hosts working proof-of-concept code. Use them together when you find a service version and want to know if there's a known exploit.
- Hubs. OSINT Framework is a tree of OSINT tools organized by what you're trying to find. CTFtime is where you find upcoming CTF events and the writeups of past ones.