Web Cheat Sheet

Websites

Overall Reference

• 🚩Practical CTF - Reference Book
• HackTricks - Reference Book
• PortSwigger - Reference Book
• Google - Your Best Friend
• ChatGPT - Last Resort

Information Emumeration

• csp evaluator - evalute CSP
• FontDrop! - Web Font Inspector

Helpful Tools

• interactsh - OOB tool
• webhook.site - Another useful OOB tool
• CyperChef - en/decryption & en/decoding combination tool
• dCode - decoder and decrypter
• JWT.io - JWT manipulation
• ExploitDB - Exploits
• GTFOBins - GTFO Bins
• PayloadAllTheThings - Web Payloads
• [PyLingual] (https://pylingual.io/) - great pyc decompiler

Tools

Information Enumeration

• dirsearch - Directory Bruteforcing
  python3 dirsearch.py -e html -u https://target -w /path/to/wordlist
• GitTools - .git folder enumeration
  ./gitdumper.sh https://target/.git . && ./extractor.sh . .
• proxy.py - MITM Proxy proxy --log-level d
• mitmproxy - MITM Proxy mitmproxy
• Burp Suite - 👍Web Security Tool

Hash / Session Cracker

• HashCat - Password/Hash Cracker
  hashcat -m 0 -a 0 hash.txt wordlist.txt
• jwt-cracker - JWT Cracker
  jwtcrack -t <token> -w <wordlist>
• Flask-Unsign - Flask Session Cracker
  flask-unsign -u -c <cookie> --wordlist <wordlist>

SQL Injection

• SQLMap - Best SQL Injection Tool!
• NoSQLMap - NoSQL Injection Tool