A lot of bloggers will throw any and all resources they can find which might be of use to others, but here I want to do things a little differently. I know you can find those sites everywhere (some of which I’ll link in due course), but all the resources here will have been genuinely used by myself and I’ll be able to personally vouch for them!

OSINT

Jeffreys Image Metadata Viewer - a great tool, particular props to the built in GPS coordinate linking (where that data is provided).

Yandex Image Search - an OSINT staple, their reverse image searching, particularly for facial searches, is second to none.

Google Earth - great for lining up shots found on Google Maps, offline versions also available (including linux)

PENTESTING

Name-That-Hash - a tool that will take a given hash and be able to tell you what kind of hash it is likely to be. There is also a web app version with no install, however, I found the command line interface to be a lot more intuitive, showing likelihoods of each type.

suid3num - a tool which enumerates SUIDs and gives some good attack vectors. Very handy!

pentestmonkey reverse shell cheatsheet - a great site with pointers for reverse shelling, their script for PHP reverse shelling is linked on that page and is particularly useful.

Nmap cheatsheet - this awesome cheatsheet by Nathan House over at StationX is a really nicely formatted cheatsheet with everything you could need, and some nice diagrams of the different types of scans.

PayloadsAllTheThings - a great GitHub repo with lots of resources for pentesting, including but not limited to reverse shells, injection commands and most usefully, cheatsheets and guides on privilege escalation.

GTFOBins - self described as a ‘curated list of unix binaries that can be used to bypass local security restrictions in misconfigured systems’. The GTFO is for ‘get the fuck out’!