Curated tools, cheatsheets, wordlists and quick references for offensive and defensive cybersecurity operations.
Essential Linux commands for pentesters: navigation, permissions, network, processes, file search and useful one-liners.
CMD and PowerShell commands for internal recon, user management, services and Windows/AD environment enumeration.
Network tools: nmap, netcat, tcpdump, iptables, ss, dig and more. With usage examples and most common flags.
SQLi, XSS, SSRF, XXE, LFI/RFI and SSTI payloads. Quick reference for web application and API testing.
Collection of reverse shells in bash, Python, PHP, Perl, PowerShell and more. Includes one-liners and stabilized shells.
Best wordlists for brute force and fuzzing: SecLists, RockYou, dirbuster. How to generate them and when to use them.
Laboratorios de análisis forense, memoria RAM, artefactos del sistema, timelines, logs y evidencias digitales.
Entornos controlados para explotación, enumeración, escalada de privilegios, Active Directory y post-explotación.
Laboratorios defensivos para SIEM, detección, hardening, monitorización, alertas, reglas Sigma y respuesta a incidentes.
| TOOL ↕ | CATEGORY ↕ | USE | OS |
|---|---|---|---|
| Nmap | RECON | Port scanning and service detection | Win / Linux / Mac |
| Burp Suite | WEB | HTTP traffic interception and manipulation | Win / Linux / Mac |
| Metasploit | EXPLOIT | Vulnerability exploitation framework | Linux / Win |
| BloodHound | AD ATTACKS | Attack path analysis in Active Directory | Win / Linux |
| Volatility 3 | FORENSICS | Forensic analysis of RAM memory dumps | Linux / Win |
| Wireshark | NETWORK | Network traffic capture and analysis | Win / Linux / Mac |
| ffuf | FUZZING | Ultra-fast web fuzzer for directories and parameters | Linux / Win |
| Impacket | AD ATTACKS | Python suite for SMB/Kerberos protocol attacks | Linux |