Thanks to visit codestin.com
Credit goes to github.com

Skip to content

halilibrahimd27/cheat-sheet

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🛡️ Offensive Security & DevSecOps Cheat Sheet

Interactive command reference for penetration testing, certification prep & DevSecOps

OSCP+ · OSWE · OSEP · OSDA · OSWA · PNPT · CPTS · HTB CPTS · Docker · Kubernetes · Terraform · CI/CD

GitHub Stars GitHub Forks License Docker

Commands Categories

⭐ If this saved you time, please leave a star. It's the simplest way to support this work.


5040 commands across 53 categories and 320 subcategories — bilingual interface (English + Türkçe).

Runs 100% locally. No account, no telemetry, no cloud — your data never leaves your machine.

Features

  • Offensive Security + DevSecOps — full penetration-testing lifecycle and container / Kubernetes / IaC / CI-CD security
  • Full CRUD — Add, edit, and delete your own categories, subcategories, and commands
  • Fuzzy command paletteCtrl+K opens a ranked search across every command, every category, and each individual machine & write-up (search by name / IP / OS / tags), plus jump-to actions (Favorites, Write-ups, Machines, History)
  • One-click copy on every command block; multi-line commands copy as a single chained script
  • Command history — every copied command is logged locally with a timestamp, for reporting and quick re-copy
  • Dark / Light theme — follows your OS preference, with a manual toggle
  • Safe placeholders — All IPs and sensitive values use <TARGET_IP>, <ATTACKER_IP>, <DOMAIN>, etc.
  • Variable Fill Bar + Quick IP Changer with saved profiles — fill <PLACEHOLDER> values once and auto-apply them to every command; save a named profile per target box and switch instantly
  • Multi-select tag filter by essential / tool / advanced (chips combine), plus Favorites (id-stable, survive reordering)
  • MITRE ATT&CK tags~1,160 offensive commands are mapped to 72 ATT&CK techniques (every id verified against attack.mitre.org), shown as chips linking to the technique page, with a sidebar ATT&CK facet to filter by technique. Mapping is generated by a curated, idempotent tagger (npm run tag:attack) that only tags offensive commands — DevSecOps/ops/detection commands stay untagged. Commands can also carry reference links (HackTricks, GTFOBins, docs)
  • Script basket — collect commands from anywhere into an ordered scratch buffer, reorder them, then copy or export as one runnable .sh script (placeholders resolved)
  • Machines — a full box-solving workspace: 12 situation-aware playbooks plus rich metadata (platform · difficulty · status · tags), user/root flag capture, time-to-own tracking, a dashboard (aggregate stats + search/filter/sort) with a Kanban board view (drag cards between status columns), a structured services table with one-click nmap import (paste -sCV output → parsed rows) and quick-scan chips, a credential vault (structured, per-secret copy, validity toggle), an activity timeline that auto-logs every command you copy while a box is the active target, evidence (paste/drop screenshots), an editable checklist, per-phase "copy all", a live Report tab built from the machine's current data (export MD/HTML/PDF or save to Write-ups), and an AD engagement mode (attach hosts, draggable node-link schematic with progress rings, per-host checklists/loot/notes)
  • Write-ups — split live-preview Markdown editor with a formatting toolbar, an offline CVSS 3.1 base-score calculator (insert score/severity/vector), 8 professional report templates and 13 insertable sections (findings table, CVSS scale, attack narrative, ATT&CK map, remediation matrix, tooling, timeline, scope/RoE, evidence, references…), rich Markdown (nested lists, strikethrough, autolinked URLs, per-block code copy), tables, task lists, auto TOC, reading time, list search / tag-filter / sort / pin, a linked machine that auto-fills target placeholders, image upload (paste & drag-and-drop) and MD / HTML / PDF export — both HTML and Markdown are fully self-contained (images inlined as data URIs)
  • Notes — per-category sticky notes
  • Deep links & PWA — bookmarkable views (#machines, #cat/<id>), installable, works offline
  • Runs with or without a server — the full app also builds to a static, server-less bundle (npm run build:static) backed by an in-browser IndexedDB store, ready to publish on GitHub Pages (see Static build)
  • Export / Import your database as JSON; a content validator keeps the seed data structurally sound (wired into CI)
  • Mobile responsive sidebar navigation, accessible (keyboard-operable, ARIA, reduced-motion)
  • TR / EN bilingual interface
  • Docker ready & hardened — single-command deploy, runs non-root with a healthcheck, binds to 127.0.0.1, optional HTTP Basic Auth, magic-byte-validated uploads

Categories

# Category Commands Description
1 🔍 Target Profiling & Network Mapping 171 Enumerate targets through passive intelligence gathering, active scanning, and service…
2 ⚡ Weakness Identification & Scanning 47 Identify known vulnerabilities and misconfigurations across network services and web ap…
3 🌐 Web Attack Techniques 136 Exploit web application vulnerabilities including directory traversal, injection, file…
4 🗃️ Database Exploitation via Injection 101 Detect and exploit SQL injection vulnerabilities to extract data, escalate privileges,…
5 📜 Browser-Side Exploitation 47 Exploit cross-site scripting, cross-site request forgery, and DOM-based vulnerabilities…
6 🖥️ Payload Engineering & Delivery 47 Generate reverse shells, bind shells, web shells, and custom payloads for various platf…
7 🐚 Shells, Listeners & Stabilization 61 Establish reverse shells, bind shells, and web shells across platforms, then upgrade to…
8 ⬆️ Windows Privilege Escalation 105 Escalate privileges on Windows hosts through service misconfigurations, token abuse, cr…
9 🐧 Linux Privilege Escalation 121 Escalate privileges on Linux systems through SUID binaries, sudo misconfigurations, cap…
10 🔑 Credential Attacks & Hash Cracking 146 Perform online brute force, offline hash cracking, credential dumping, and password spr…
11 🛡️ Defense Evasion & AV Bypass 49 Bypass antivirus, AMSI, AppLocker, Constrained Language Mode, and other security contro…
12 🔀 Network Pivoting & Traffic Routing 69 Route traffic through compromised hosts to reach internal networks using SSH tunnels, S…
13 🔧 Metasploit Operations 110 Metasploit Framework for exploitation, post-exploitation, and pivoting
14 🏢 Active Directory Reconnaissance 71 Enumerate Active Directory domains, users, groups, trusts, and attack paths
15 🎯 Active Directory Exploitation 78 Attack Active Directory with Kerberos, NTLM relay, delegation, and persistence techniques
16 ↔️ Lateral Movement Techniques 48 Move laterally across the network using remote execution and Windows protocols
17 ☁️ AWS Cloud Security Testing 65 Enumerate and exploit AWS cloud services, IAM, S3, EC2, and more
18 📁 File Transfer Arsenal 53 Techniques for transferring files to and from targets across different protocols
19 🔐 Protocol Tunneling & Firewall Evasion 29 Bypass firewalls and deep packet inspection using protocol tunneling techniques
20 🎣 Social Engineering & Phishing 34 Phishing infrastructure, credential harvesting, and social engineering tools
21 💣 Exploit Research & Development 44 Find, adapt, compile, and develop exploits for penetration testing
22 🧩 Engagement Methodology & Playbook 73 Structured pentest workflow, service checklists, and engagement methodology
23 🐳 Container & Infrastructure Testing 78 Test Docker, Kubernetes, and CI/CD pipeline security
24 🕸️ NetExec / CrackMapExec 80 NetExec (nxc) and CrackMapExec for Active Directory enumeration, lateral movement, and…
25 🐕 BloodHound & SharpHound 39 BloodHound AD attack path analysis, SharpHound collection, and useful Cypher queries fo…
26 📜 ADCS — Certificate Services Attacks 22 Active Directory Certificate Services exploitation — ESC1 through ESC8 using Certipy, C…
27 🔌 Network Service Exploitation 127 Service-specific exploitation techniques for common ports found during OSCP-style engag…
28 ⚡ PowerShell for Pentesters 51 PowerShell commands for Active Directory enumeration, exploitation, and post-exploitati…
29 🐍 Impacket Toolsuite 34 Comprehensive Impacket tools for Windows/AD protocol attacks, credential dumping, and l…
30 🐱 Mimikatz Commands 25 Mimikatz credential extraction, Kerberos ticket manipulation, and Windows credential at…
31 🪟 Windows Post-Exploitation 55 Windows post-exploitation — situational awareness, persistence, data gathering, and pri…
32 🐧 Linux Post-Exploitation 35 Linux post-exploitation — situational awareness, credential hunting, persistence, and l…
33 📡 Wireless Security Testing 19 WiFi security testing — WPA/WPA2 cracking, WPS attacks, evil twin, and wireless reconna…
34 🔶 Burp Suite 41 Burp Suite web application security testing — proxy setup, scanning, intruder attacks,…
35 💉 MSFVenom Payload Reference 28 Comprehensive msfvenom payload generation for various platforms, formats, and encoders.
36 🐳 Docker — Engine & CLI 224 Day-to-day Docker operations: image build/manage, container lifecycle, volumes, network…
37 🛡️ Docker Security 220 Securing Docker: image scanning, Dockerfile hardening, runtime security, secrets, rootl…
38 ☸️ Kubernetes — kubectl Operations 222 Operating Kubernetes with kubectl: workloads, services, config, debugging, contexts, an…
39 🔐 Kubernetes Security 215 Securing and attacking Kubernetes: RBAC, Pod Security, network policies, admission cont…
40 🏗️ Terraform / IaC Core 190 Terraform workflow: init, plan, apply, state management, workspaces, modules, providers…
41 🔎 IaC Security Scanning 190 Static analysis and policy enforcement for infrastructure-as-code: Terraform, CloudForm…
42 ⚙️ Ansible Automation 189 Ansible for configuration management and automation: ad-hoc commands, playbooks, invent…
43 🔁 CI/CD Pipeline Security 192 Securing CI/CD pipelines: GitHub Actions / GitLab CI hardening, secrets scanning, SAST/…
44 ⛓️ Software Supply Chain Security 136 Supply chain integrity: SBOM generation, artifact signing, provenance/attestation, and…
45 🗝️ Secrets Management 139 Managing and protecting secrets: HashiCorp Vault, SOPS, sealed-secrets, cloud secret ma…
46 🦅 Cloud-Native Runtime Security 137 Runtime threat detection and enforcement for containers and hosts using eBPF-based and…
47 🌩️ Cloud Security Posture (Multi-Cloud) 197 Auditing cloud posture across AWS, Azure, and GCP with CSPM and IAM tooling.
48 ⎈ Helm & Package Management 110 Helm chart operations and security: install, upgrade, templating, repositories, and cha…
49 🔗 Service Mesh & Network Security 108 Service mesh operations and zero-trust networking: Istio, Linkerd, Cilium, and mTLS.
50 📊 Observability & Detection Engineering 136 Security observability and detection: log pipelines, SIEM queries, and detection-as-cod…
51 📱 Mobile Application Security 40 Android and iOS application security testing: static reversing, dynamic instrumentation…
52 🤖 LLM / AI Security 32 Testing LLM-powered applications: prompt injection and jailbreaks, automated red-team s…
53 🟣 Purple Team & Detection Validation 24 Adversary emulation and detection validation: Atomic Red Team, MITRE Caldera, ATT&CK ma…

Quick Start

Docker (Recommended)

git clone https://github.com/halilibrahimd27/cheat-sheet.git
cd cheat-sheet
docker compose up -d

Open http://localhost:8899 in your browser.

The container publishes only to 127.0.0.1:8899 by default and persists data in a Docker volume — your custom commands survive restarts and updates.

Without Docker

git clone https://github.com/halilibrahimd27/cheat-sheet.git
cd cheat-sheet
npm install
npm start

Open http://localhost:3000 in your browser.

By default the server binds to 127.0.0.1 (localhost only). See Configuration to expose it on your network safely.

Static build (GitHub Pages — no server)

The whole app can run with no backend at all: an in-browser adapter (public/local-backend.js) mirrors the REST API against IndexedDB, so your data still persists locally in the browser. This is what makes it publishable to GitHub Pages.

npm run build:static     # emits a self-contained ./docs folder

Then push and, in your repo, go to Settings → Pages → Source: Deploy from a branch → main / /docs. Your cheat sheet is live at https://<user>.github.io/<repo>/.

The static build bundles the seed into docs/seed-data.js, uses relative paths (works under a project subpath), and stores everything (categories, notes, write-ups, machines, uploaded screenshots as inline data URIs) in IndexedDB. Export/Import still work. Re-run npm run build:static after changing seed.js or the frontend.

Update to Latest Commands

If you already have the app running and want to pull the latest seed commands:

git pull
# Then hit the reset endpoint (this will overwrite your custom data!)
curl -X POST http://localhost:8899/api/reset

Warning: Reset overwrites your data. Export a backup first via the ⬇ Export button.

Configuration

All configuration is via environment variables (a .env is not auto-loaded — pass them inline or via your process manager / Docker):

Variable Default Description
PORT 3000 Port to listen on
HOST 127.0.0.1 Bind address. Set to 0.0.0.0 to expose on your network (the Docker image does this; the port mapping is the boundary there).
AUTH_USER admin Basic Auth username (only used when AUTH_PASS is set)
AUTH_PASS (unset) When set, all requests require HTTP Basic Auth. The browser prompts once and the SPA keeps working.
JSON_LIMIT 12mb Max request body size (covers image uploads + full DB import)

See .env.example for a copy-paste template.

Security

This is a local-first, single-user tool. Defaults are chosen so it is safe out of the box:

  • Binds to 127.0.0.1 — not reachable from your network unless you explicitly set HOST=0.0.0.0.
  • Optional HTTP Basic Auth — set AUTH_PASS (and optionally AUTH_USER) before exposing it anywhere beyond localhost. If you bind to 0.0.0.0 without a password, the server logs a warning.
  • Hardened uploads — image uploads are validated by magic bytes (not the filename), capped at 5 MB, served with X-Content-Type-Options: nosniff and a restrictive CSP. SVG is rejected (it can carry script).
  • Output escaping — all user-supplied text (category/command names, tags, write-ups) is HTML-escaped before rendering.
  • Atomic writes — JSON files are written via a temp-file + rename with a .bak fallback, so a crash mid-write can't corrupt your database.
  • Validated import/api/import rejects malformed payloads before touching your data.

Even with auth, treat /api/reset and /api/import with care — they overwrite data. Keep backups (⬇ Export).

Usage

Browsing Commands

  • Click any category in the sidebar to filter
  • Use Ctrl+K to open search, type any keyword
  • Click Copy on any command block to copy to clipboard
  • Toggle dark/light theme with the button

Keyboard Shortcuts

Ctrl+K command palette · Ctrl+I Quick IP Changer · ? shortcuts · j/k navigate · Enter copy focused · g h/f/w/m go Home/Favorites/Write-ups/Machines · in the write-up editor Ctrl+B/Ctrl+I/Ctrl+K = bold/italic/link

Adding Your Own Commands

  1. Click + New Category in the sidebar to create a category
  2. Click + Sub on a category header to add a subcategory
  3. Click + Cmd on a subcategory to add a new command
  4. Use to edit and to delete any item

Placeholder Convention

All commands use safe placeholders instead of real IPs:

Placeholder Meaning
<TARGET_IP> Target machine IP
<ATTACKER_IP> / <LHOST> Your attack machine IP
<DOMAIN> Target domain name
<PORT> / <LPORT> Port number
<USERNAME> / <USER> Username
<PASSWORD> / <PASS> Password
<NETWORK>/<CIDR> Network range (e.g., 192.168.1.0/24)
<TARGET_URL> Full target URL
<DC_IP> Domain Controller IP

API Endpoints

Method Endpoint Description
GET /api/categories List all categories
POST /api/categories Create a category
POST /api/categories/reorder Reorder categories by id list
PUT /api/categories/:id Update a category
DELETE /api/categories/:id Delete a category
POST /api/categories/:id/subcategories Add subcategory
PUT /api/categories/:id/subcategories/:subIdx Update subcategory
DELETE /api/categories/:id/subcategories/:subIdx Delete subcategory
POST .../subcategories/:subIdx/commands Add command
PUT .../commands/:cmdIdx Update command
DELETE .../commands/:cmdIdx Delete command
GET/POST/PUT/DELETE /api/notes/:catId/:noteId? Per-category notes
GET/POST/PUT/DELETE /api/writeups/:id? Write-ups
GET/POST/PUT/DELETE /api/machines/:id? Machine tracker
POST /api/upload Upload a write-up image (base64, magic-byte validated)
GET /api/export Download full backup (JSON)
POST /api/import Import from JSON (validated)
POST /api/reset Reset to default commands
GET /api/health Liveness probe (used by the Docker HEALTHCHECK)

Tech Stack

  • Frontend: Vanilla HTML/CSS/JS (no framework, no build step)
  • Backend: Node.js + Express (single dependency)
  • Storage: JSON files (atomic writes, persisted via Docker volume)
  • Fonts: Inter + JetBrains Mono (Google Fonts)

Project Structure

cheat-sheet/
├── docker-compose.yml      # Docker orchestration
├── Dockerfile              # Container build
├── package.json            # Node.js dependencies
├── server.js               # Express REST API (exports app; testable)
├── seed.js                 # Default commands (seed data)
├── .env.example            # Configuration template
├── scripts/
│   ├── update-readme.js    # Regenerate stats + category table from seed.js
│   ├── validate-content.js # Seed structure/quality validator (runs in CI)
│   ├── build-static.js     # Emit ./docs — a server-less build for GitHub Pages
│   ├── tag-attack.js       # Map offensive commands → MITRE ATT&CK ids (idempotent)
│   └── merge-category.js   # Merge a category JSON into seed.js
├── test/                   # API tests (node:test)
├── public/
│   ├── index.html          # Main HTML
│   ├── style.css           # Dark/Light theme styles
│   ├── app.js              # Frontend logic + CRUD
│   ├── checklist-templates.js  # Static HTB/THM/OSCP machine playbooks
│   ├── local-backend.js    # In-browser IndexedDB API (static / offline build)
│   ├── manifest.json       # PWA manifest
│   └── service-worker.js   # Offline cache (stale-while-revalidate)
├── docs/                   # Static build output (npm run build:static) — GitHub Pages
└── data/                   # Persistent data (auto-generated, git-ignored)

Disclaimer

This tool is intended for educational purposes only. All commands and techniques are meant for use in authorized penetration testing, CTF competitions, and security certification preparation. Always ensure you have proper authorization before testing any system.

Contributing

Contributions are welcome! See CONTRIBUTING.md. In short:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feat/add-commands)
  3. Add your commands to seed.js following the existing structure (include desc_tr for the Turkish description)
  4. Run npm test and node scripts/update-readme.js
  5. Submit a pull request

License

MIT License — Feel free to use, modify, and distribute. See LICENSE for full text.


🌟 Support this project

Time How you can help
5 seconds Click the ⭐ Star button at the top
30 seconds Share on Twitter / LinkedIn / your Discord
5 minutes Open an issue for a missing command
30 minutes Submit a PR with new commands or fixes
2 hours Add a whole new category

Star history:

Star History Chart


Screenshots

alt text alt text alt text alt text alt text alt text alt text alt text

About

Interactive offensive security cheat sheet — 5000+ pentest commands across 50+ categories with instant search, full CRUD, write-ups, favorites and variable fill-bar. OSCP/OSWE/OSEP/CPTS/CKS/CKA/DCA exam prep ready. Docker deployable.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

38 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages