# Pentest Links

## Pentest Docs, Authorization Template, Get Out of Jail Letter

* <http://www.counterhack.net/permission_memo.html>
* <https://www.trustedsec.com/tools/physical-security-assessment-documentation/>
* <https://github.com/trustedsec/physical-docs>

## **PenTest Cheat Sheets**

* [PentestingCheatsheet](https://anhtai.me/pentesting-cheatsheet/)
* [KaliCheatsheet-HSploit](https://hsploit.com/kali-linux-ultimate-cheat-sheet/)
* [PentestingTools-HighOnCoffee](https://highon.coffee/blog/penetration-testing-tools-cheat-sheet)
* [PenTest Methodology-hacktricks ](https://book.hacktricks.xyz/pentesting-methodology)\*\*\*
* [Zero to OSCP in 292 Days](https://blog.mallardlabs.com/zero-to-oscp-in-292-days-or-how-i-accidentally-the-whole-thing-part-2/)
* \*\*\*\*[**areyou1or0-OSCP-CommandsForOSCP**](https://github.com/areyou1or0/OSCP) **\*\*\***
* [MiesslerSecLists-Docs,PrivescsPpwlist](https://github.com/danielmiessler/SecLists)
* [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) .. "All the Tools you could ever want"
* [MetasploitCheatSheet-SANS](https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf)
* [Big-List-of-Naughty-Strings](https://github.com/minimaxir/big-list-of-naughty-strings)
* [Restricted-Linux-Shell-Escaping-Techniques](https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/)
* [PassingTheOSCP](https://medium.com/@Tib3rius/59-hosts-to-glory-passing-the-oscp-acf0fd384371)
* \*\*\*\*[**HttpStaticServer-OneLiners**](https://gist.github.com/willurd/5720255)\*\*\*\*
* \*\*\*\*[google-nmap-robots-lfi-rce](https://www.google.com/search?ei=gJM2YISlIqyk5NoP5uCv0Aw\&q=path+nmap+dirb+robots+lfi+config+default+version+exploit-db+searchsploit\&oq=path+nmap+dirb+robots+lfi+config+default+version+exploit-db+searchsploit\&gs_lcp=Cgdnd3Mtd2l6EANQ0D1YjkFgjkRoAHACeACAAfsBiAGGBpIBBTAuNC4xmAEAoAEBqgEHZ3dzLXdpesABAQ\&sclient=gws-wiz\&ved=0ahUKEwiE5dGhjIPvAhUsElkFHWbwC8oQ4dUDCA0\&uact=5) ..need more research
* <https://six2dez.gitbook.io/pentest-book/>

### PrivEsc

* \*\*\*\*[**gtfobins.github.io** ](https://gtfobins.github.io)**\*\*\***
* \*\*\*\*[**lolbas-project.github.io**](https://lolbas-project.github.io/) - for windows
* [PentestMonkey.net\_ReverseShells](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)
* [PrivEsc1N3](https://github.com/1N3/PrivEsc) ..PrivEsc Win/Linux/Mac

### Exploits/CVE

* [Mitre CVE Search](https://cve.mitre.org/cve/search_cve_list.html)
* [Github CVE-Search](https://github.com/cve-search/cve-search)
* [OffensiveSecurity-BinSploits ](https://github.com/offensive-security/exploitdb-bin-sploits/tree/master/bin-sploits)..this is blowing my mind here!!

### Move Files

* [Files from Kali to Windows (Easy: SMB, FTP, TFTP)](https://blog.ropnop.com/transferring-files-from-kali-to-windows)

### Buffer Overflows

* <https://github.com/Mrnmap/OSCP2020/tree/master/BufferOverflow>
* CyberMentor: <https://www.youtube.com/playlist?list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G>
* CyberMentor Guide: <https://github.com/johnjhacking/Buffer-Overflow-Guide>
* <https://assassinukg.github.io/bufferoverflow/bufferoverflow-vulnserver/>
* [https://github.com/justinsteven/dostackbufferoverflowgood/](https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.md)
* gh0x0st Method: <https://github.com/gh0x0st/Buffer_Overflow>

### Python

* Google's Python Class: <https://developers.google.com/edu/python>
* Python First Steps <https://docs.microsoft.com/en-us/learn/paths/python-first-steps/>
* Python for Everybody <https://www.youtube.com/watch?v=8DvywoWv6fI>
* Violent Python3: <https://github.com/EONRaider/violent-python3>
* Black Hat Python3: <https://github.com/EONRaider/blackhat-python3>
* Ethical Hacking: <https://github.com/The-Art-of-Hacking/h4cker>
* Network-Cookbook <https://github.com/PacktPublishing/Python-Network-Programming>
* Offensive Pentest <https://github.com/PacktPublishing/Python-for-Offensive-PenTest>
* Python for Pentesters: <https://www.pentesteracademy.com/course?id=1> (with paid subscription)
* WebDevPro: <https://www.youtube.com/channel/UCFhHkl9miEIaxNLjSYPBsMg/search?query=python>
* NSA Training: <https://twitter.com/0xdeeb/status/1226388929626202112>
* The Coder's Apprentice <https://www.spronck.net/pythonbook/>

### Hacking Challenges

* [overthewire.com](http://overthewire.com)
* [HackingChallengeList(blackroomsec)](http://www.blackroomsec.com/updated-hacking-challenge-site-links/)
* [PracticeLabs(mindmap)](https://amanhardikar.com/mindmaps/Practice.html)
* [CTF Resources(github)](https://github.com/pwneip/ctf-resources)
* [CTF Notes (nopresearcher)](https://github.com/nopresearcher/ctf_notes)
* [CTF Resources(r00k)](https://gitlab.com/r00k/ctf-resources/)

## OSCP Study Guides:

* [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
* [Useful Oscp Notes and Commands](https://falconspy.medium.com/useful-oscp-notes-commands-d71b5eda7b02)
* [johnjhacking prep guide](https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/)
* [PenTest Methodology hacktricks](https://book.hacktricks.xyz/pentesting-methodology)
* [Zero to OSCP in 292 Days](https://blog.mallardlabs.com/zero-to-oscp-in-292-days-or-how-i-accidentally-the-whole-thing-part-2/)
* [Falconspy OSCP Approved Tools](https://falconspy.medium.com/unofficial-oscp-approved-tools-b2b4e889e707)
* [OSCP-Human-Guide](https://github.com/six2dez/OSCP-Human-Guide/blob/master/oscp_human_guide.md) ..tons of stuff, including wp-scan options
* [OSCP-Commands](https://saleem144.gitbooks.io/oscp-saleem/oscp-commands.html)
* [OSCP-Enum-StrongCourage](http://strongcourage.github.io/2020/05/03/enum.html)
* <https://refabr1k.gitbook.io/oscp/>
* <https://sushant747.gitbooks.io/total-oscp-guide/content/>
* <https://sushant747.gitbooks.io/total-oscp-guide/content/list_of_common_ports.html> --Great!!
* <https://github.com/cepxeo/pentest_notes/blob/master/offensive_sec.txt>

## Best HTB Walkthroughs

* <https://dm7500.github.io/oscp-prep/> ..David Martinez
* [https://ranakhalil101.medium.com/](https://ranakhalil101.medium.com/hack-the-box-tartarsauce-writeup-w-o-metasploit-e73393d4a0cd) ..Rana Khalil
* <https://int0x33.medium.com/day-73-oscp-notes-from-ippsec-oscp-style-videos-b6522a8d875a>