From d9eba9c1b78f9dba93c61d2d20ba1005d48ffb80 Mon Sep 17 00:00:00 2001
From: Magda Chelly <47398460+m49D4ch3lly@users.noreply.github.com>
Date: Sun, 7 Nov 2021 11:22:18 +0800
Subject: [PATCH] Update Readme.md
Update Readme.md
---
README.md | 4392 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 4392 insertions(+)
diff --git a/README.md b/README.md
index db3aac2..de38b8a 100644
--- a/README.md
+++ b/README.md
@@ -1106,6 +1106,4398 @@ performance of any of your sites from across the globe.
##### :black_small_square: Geeky Persons
+
+ :small_orange_diamond: Brendan Gregg's Blog - is an industry expert in computing performance and cloud computing.
+ :small_orange_diamond: Gynvael "GynDream" Coldwind - is a IT security engineer at Google.
+ :small_orange_diamond: Michał "lcamtuf" Zalewski - white hat hacker, computer security expert.
+ :small_orange_diamond: Mattias Geniar - developer, sysadmin, blogger, podcaster and public speaker.
+ :small_orange_diamond: Nick Craver - software developer and systems administrator for Stack Exchange.
+ :small_orange_diamond: Scott Helme - security researcher, speaker and founder of securityheaders.com and report-uri.com.
+ :small_orange_diamond: Brian Krebs - The Washington Post and now an Independent investigative journalist.
+ :small_orange_diamond: Bruce Schneier - is an internationally renowned security technologist, called a "security guru".
+ :small_orange_diamond: Chrissy Morgan - advocate of practical learning, Chrissy also takes part in bug bounty programs.
+ :small_orange_diamond: Andy Gill - is a hacker at heart who works as a senior penetration tester.
+ :small_orange_diamond: Daniel Miessler - cybersecurity expert and writer.
+ :small_orange_diamond: Samy Kamkar - is an American privacy and security researcher, computer hacker.
+ :small_orange_diamond: Javvad Malik - is a security advocate at AlienVault, a blogger event speaker and industry commentator.
+ :small_orange_diamond: Graham Cluley - public speaker and independent computer security analyst.
+ :small_orange_diamond: Kacper Szurek - detection engineer at ESET.
+ :small_orange_diamond: Troy Hunt - web security expert known for public education and outreach on security topics.
+ :small_orange_diamond: raymii.org - sysadmin specializing in building high availability cloud environments.
+ :small_orange_diamond: Robert Penz - IT security expert.
+
+ :small_orange_diamond: Magda Chelly - security professional, author, keynote speaker and entrepreneur.
+ :small_orange_diamond: Keren Elazari - security researcher, speaker and TED speaker.
+ :small_orange_diamond: Lidia Giuliano - security professional and member of Black Hat executive commity.
+ :small_orange_diamond: Tanya Janca - security researcher, author, speaker and founder of #WeHackPurple academy.
+
+##### :black_small_square: Geeky Blogs
+
+
+ :small_orange_diamond: Linux Audit - the Linux security blog about auditing, hardening and compliance by Michael Boelen.
+ :small_orange_diamond:
+Linux Security Expert - trainings, howtos, checklists, security tools, and more.
+ :small_orange_diamond: The Grymoire - collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
+ :small_orange_diamond: Secjuice - is the only non-profit, independent and volunteer led publication in the information security space.
+ :small_orange_diamond: Decipher - security news that informs and inspires.
+
+ :small_orange_diamond: Magda Chelly; Cybsersecurtiy Blog - cyber risk quantification, hacking, and much more.
+
+
+##### :black_small_square: Geeky Vendor Blogs
+
+
+ :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
+ :small_orange_diamond: Sophos - threat news room, giving you news, opinion, advice and research on computer security issues.
+ :small_orange_diamond: Tripwire State of Security - blog featuring the latest news, trends and insights on current security issues.
+ :small_orange_diamond: Malwarebytes Labs Blog - security blog aims to provide insider news about cybersecurity.
+ :small_orange_diamond: TrustedSec - latest news, and trends about cybersecurity.
+ :small_orange_diamond: PortSwigger Web Security Blog - about web app security vulns and top tips from our team of web security.
+ :small_orange_diamond: AT&T Cybersecurity blog - news on emerging threats and practical advice to simplify threat detection.
+ :small_orange_diamond: Thycotic - where CISOs and IT Admins come to learn about industry trends, IT security, and more.
+
+
+##### :black_small_square: Geeky Cybersecurity Podcasts
+
+
+ :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews.
+ :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
+ :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
+ :small_orange_diamond:
+Cybercrime Investigations - podcast by Geoff White about cybercrimes.
+ :small_orange_diamond: The many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
+ :small_orange_diamond: Darknet Diaries - true stories from the dark side of the Internet.
+ :small_orange_diamond: OSINTCurious Webcasts - is the investigative curiosity that helps people be successful in OSINT.
+ :small_orange_diamond: Security Weekly - the latest information security and hacking news.
+
+
+##### :black_small_square: Geeky Cybersecurity Video Blogs
+
+
+ :small_orange_diamond: rev3rse security - offensive, binary exploitation, web app security, hardening, red team, blue team.
+ :small_orange_diamond: LiveOverflow - a lot more advanced topics than what is typically offered in paid online courses - but for free.
+ :small_orange_diamond: J4vv4D - the important information regarding our internet security.
+ :small_orange_diamond:
+CyberTalks - talks, interviews, and article about cybersecurity.
+
+
+##### :black_small_square: Best Personal Twitter Accounts
+
+
+ :small_orange_diamond: @blackroomsec - a white-hat hacker/pentester. Intergalactic Minesweeper Champion 1990.
+ :small_orange_diamond: @MarcoCiappelli - Co-Founder @ITSPmagazine, at the intersection of IT security and society.
+ :small_orange_diamond: @binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
+ :small_orange_diamond: @joe_carson - an InfoSec Professional and Tech Geek.
+ :small_orange_diamond: @mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain.
+ :small_orange_diamond: @esrtweet - often referred to as ESR, is an American software developer, and open-source software advocate.
+ :small_orange_diamond: @gynvael - security researcher/programmer, @DragonSectorCTF founder/player, technical streamer.
+ :small_orange_diamond: @x0rz - Security Researcher & Cyber Observer.
+ :small_orange_diamond: @hasherezade - programmer, malware analyst. Author of PEbear, PEsieve, libPeConv.
+ :small_orange_diamond: @TinkerSec - tinkerer, cypherpunk, hacker.
+ :small_orange_diamond: @alisaesage - independent hacker and researcher.
+ :small_orange_diamond: @SwiftOnSecurity - systems security, industrial safety, sysadmin, author of decentsecurity.com.
+ :small_orange_diamond: @dakami - is one of just seven people with the authority to restore the DNS root keys.
+ :small_orange_diamond: @samykamkar - is a famous "grey hat" hacker, security researcher, creator of the MySpace "Samy" worm.
+ :small_orange_diamond: @securityweekly - founder & CTO of Security Weekly podcast network.
+ :small_orange_diamond: @jack_daniel - @SecurityBSides co-founder.
+ :small_orange_diamond: @thegrugq - Security Researcher.
+ :small_orange_diamond: @matthew_d_green - a cryptographer and professor at Johns Hopkins University.
+
+ :small_orange_diamond: @m49D4ch3lly - a cybersecurity entertainer.
+
+ :small_orange_diamond: @shehackspurple - a cybersecurity professional.
+
+ :small_orange_diamond: @k3r3n3 - a cybersecurity professional, researcher and hacker.
+
+
+##### :black_small_square: Best Commercial Twitter Accounts
+
+
+ :small_orange_diamond: @haveibeenpwned - check if you have an account that has been compromised in a data breach.
+ :small_orange_diamond: @bugcrowd - trusted by more of the Fortune 500 than any other crowdsourced security platform.
+ :small_orange_diamond: @Malwarebytes - most trusted security company. Unmatched threat visibility.
+ :small_orange_diamond: @sansforensics - the world's leading Digital Forensics and Incident Response provider.
+ :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, and more.
+ :small_orange_diamond: @TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life.
+ :small_orange_diamond: @hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm.
+ :small_orange_diamond: @NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online.
+ :small_orange_diamond: @Synacktiv - IT security experts.
+
+
+##### :black_small_square: A piece of history
+
+
+ :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other.*
+
+
+##### :black_small_square: Other
+
+
+ :small_orange_diamond: Diffie-Hellman Key Exchange (short version) - how Diffie-Hellman Key Exchange worked.
+
+
+#### Hacking/Penetration Testing [[TOC]](#anger-table-of-contents)
+
+##### :black_small_square: Pentesters arsenal tools
+
+
+ :small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
+ :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
+ :small_orange_diamond: Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
+ :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+ :small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
+ :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
+ :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
+ :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
+ :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
+ :small_orange_diamond: AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
+ :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
+ :small_orange_diamond: Photon - incredibly fast crawler designed for OSINT.
+ :small_orange_diamond: XSStrike - most advanced XSS detection suite.
+ :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
+ :small_orange_diamond: vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
+ :small_orange_diamond: tsunami - is a general purpose network security scanner with an extensible plugin system.
+ :small_orange_diamond: aquatone - a tool for domain flyovers.
+ :small_orange_diamond: BillCipher - information gathering tool for a website or IP address.
+ :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
+ :small_orange_diamond: Corsy - CORS misconfiguration scanner.
+ :small_orange_diamond: Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
+ :small_orange_diamond: dirhunt - find web directories without bruteforce.
+ :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
+ :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
+ :small_orange_diamond: p0f - is a tool to identify the players behind any incidental TCP/IP communications.
+ :small_orange_diamond: ssh_scan - a prototype SSH configuration and policy scanner.
+ :small_orange_diamond: LeakLooker - find open databases - powered by Binaryedge.io
+ :small_orange_diamond: exploitdb - searchable archive from The Exploit Database.
+ :small_orange_diamond: getsploit - is a command line utility for searching and downloading exploits.
+ :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
+ :small_orange_diamond: pwntools - CTF framework and exploit development library.
+ :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
+ :small_orange_diamond: pentestpackage - is a package of Pentest scripts.
+ :small_orange_diamond: python-pentest-tools - python tools for penetration testers.
+ :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
+ :small_orange_diamond: AFL - is a free software fuzzer maintained by Google.
+ :small_orange_diamond: AFL++ - is AFL with community patches.
+ :small_orange_diamond: syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
+ :small_orange_diamond: pwndbg - exploit development and reverse engineering with GDB made easy.
+ :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
+ :small_orange_diamond: IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
+ :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
+ :small_orange_diamond: routersploit - exploitation framework for embedded devices.
+ :small_orange_diamond: Ghidra - is a software reverse engineering (SRE) framework.
+ :small_orange_diamond: Cutter - is an SRE platform integrating Ghidra's decompiler.
+ :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
+ :small_orange_diamond: Mentalist - is a graphical tool for custom wordlist generation.
+ :small_orange_diamond: archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
+ :small_orange_diamond: Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
+ :small_orange_diamond: beef - the browser exploitation framework project.
+ :small_orange_diamond: AutoSploit - automated mass exploiter.
+ :small_orange_diamond: SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
+ :small_orange_diamond: yara - the pattern matching swiss knife.
+ :small_orange_diamond: mimikatz - a little tool to play with Windows security.
+ :small_orange_diamond: sherlock - hunt down social media accounts by username across social networks.
+ :small_orange_diamond: OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.
+
+
+##### :black_small_square: Pentests bookmarks collection
+
+
+ :small_orange_diamond: PTES - the penetration testing execution standard.
+ :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
+ :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
+ :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
+ :small_orange_diamond: XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
+ :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
+ :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+ :small_orange_diamond: Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
+ :small_orange_diamond: Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
+ :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
+ :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
+ :small_orange_diamond: Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
+ :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
+ :small_orange_diamond: blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
+ :small_orange_diamond: Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
+ :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
+ :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
+ :small_orange_diamond: Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
+ :small_orange_diamond: ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
+ :small_orange_diamond: Beginner-Network-Pentesting - notes for beginner network pentesting course.
+ :small_orange_diamond: OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
+ :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
+ :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
+ :small_orange_diamond: command-injection-payload-list - command injection payload list.
+ :small_orange_diamond: Awesome Shodan Search Queries - great search queries to plug into Shodan.
+ :small_orange_diamond: AwesomeXSS - is a collection of Awesome XSS resources.
+ :small_orange_diamond: php-webshells - common php webshells.
+ :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
+ :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
+ :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
+ :small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
+ :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
+ :small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
+ :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
+ :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
+ :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
+ :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
+ :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
+ :small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
+ :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
+ :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
+ :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
+ :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.
+ :small_orange_diamond: ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
+ :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
+ :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
+ :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
+ :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
+ :small_orange_diamond: securitum/research - various Proof of Concepts of security research performed by Securitum.
+ :small_orange_diamond: public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
+ :small_orange_diamond: awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
+ :small_orange_diamond: bug-bounty-reference - is a list of bug bounty write-ups.
+ :small_orange_diamond: Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
+ :small_orange_diamond: Bug bounty writeups - list of bug bounty writeups (2012-2020).
+ :small_orange_diamond: hackso.me - a great journey into security.
+
+
+##### :black_small_square: Backdoors/exploits
+
+
+ :small_orange_diamond: PHP-backdoors - a collection of PHP backdoors. For educational or testing purposes only.
+
+
+##### :black_small_square: Wordlists and Weak passwords
+
+
+ :small_orange_diamond: Weakpass - for any kind of bruteforce find wordlists or unleash the power of them all at once!
+ :small_orange_diamond: Hashes.org - is a free online hash resolving service incorporating many unparalleled techniques.
+ :small_orange_diamond: SecLists - collection of multiple types of lists used during security assessments, collected in one place.
+ :small_orange_diamond: Probable-Wordlists - sorted by probability originally created for password generation and testing.
+ :small_orange_diamond: skullsecurity passwords - password dictionaries and leaked passwords repository.
+ :small_orange_diamond: Polish PREMIUM Dictionary - official dictionary created by the team on the forum bezpieka.org.* 1
+ :small_orange_diamond: statistically-likely-usernames - wordlists for creating statistically likely username lists.
+
+
+##### :black_small_square: Bounty platforms
+
+
+ :small_orange_diamond: YesWeHack - bug bounty platform with infosec jobs.
+ :small_orange_diamond: Openbugbounty - allows any security researcher reporting a vulnerability on any website.
+ :small_orange_diamond: hackerone - global hacker community to surface the most relevant security issues.
+ :small_orange_diamond: bugcrowd - crowdsourced cybersecurity for the enterprise.
+ :small_orange_diamond: Crowdshield - crowdsourced security & bug bounty management.
+ :small_orange_diamond: Synack - crowdsourced security & bug bounty programs, crowd security intelligence platform, and more.
+ :small_orange_diamond: Hacktrophy - bug bounty platform.
+
+
+##### :black_small_square: Web Training Apps (local installation)
+
+
+ :small_orange_diamond: OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
+ :small_orange_diamond: DVWA - PHP/MySQL web application that is damn vulnerable.
+ :small_orange_diamond: metasploitable2 - vulnerable web application amongst security researchers.
+ :small_orange_diamond: metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
+ :small_orange_diamond: DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
+ :small_orange_diamond: OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
+ :small_orange_diamond: OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
+ :small_orange_diamond: OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
+ :small_orange_diamond: juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
+ :small_orange_diamond: SecurityShepherd - web and mobile application security training platform.
+ :small_orange_diamond: Security Ninjas - open source application security training program.
+ :small_orange_diamond: hackazon - a modern vulnerable web app.
+ :small_orange_diamond: dvna - damn vulnerable NodeJS application.
+ :small_orange_diamond: django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
+ :small_orange_diamond: Google Gruyere - web application exploits and defenses.
+ :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
+ :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
+ :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
+ :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design"
+AWS deployment tool.
+ :small_orange_diamond: secDevLabs - is a laboratory for learning secure web development in a practical manner.
+ :small_orange_diamond: CORS-vulnerable-Lab - sample vulnerable code and its exploit code.
+ :small_orange_diamond: RootTheBox - a Game of Hackers (CTF Scoreboard & Game Manager).
+ :small_orange_diamond: KONTRA - application security training (OWASP Top Web & Api).
+
+
+##### :black_small_square: Labs (ethical hacking platforms/trainings/CTFs)
+
+
+ :small_orange_diamond: Offensive Security - true performance-based penetration testing training for over a decade.
+ :small_orange_diamond: Hack The Box - online platform allowing you to test your penetration testing skills.
+ :small_orange_diamond: Hacking-Lab - online ethical hacking, computer network and security challenge platform.
+ :small_orange_diamond: pwnable.kr - non-commercial wargame site which provides various pwn challenges.
+ :small_orange_diamond: Pwnable.tw - is a wargame site for hackers to test and expand their binary exploiting skills.
+ :small_orange_diamond: picoCTF - is a free computer security game targeted at middle and high school students.
+ :small_orange_diamond: CTFlearn - is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge.
+ :small_orange_diamond: ctftime - CTF archive and a place, where you can get some another CTF-related info.
+ :small_orange_diamond: Silesia Security Lab - high quality security testing services.
+ :small_orange_diamond: Practical Pentest Labs - pentest lab, take your Hacking skills to the next level.
+ :small_orange_diamond: Root Me - the fast, easy, and affordable way to train your hacking skills.
+ :small_orange_diamond: rozwal.to - a great platform to train your pentesting skills.
+ :small_orange_diamond: TryHackMe - learning Cyber Security made easy.
+ :small_orange_diamond: hackxor - is a realistic web application hacking game, designed to help players of all abilities develop their skills.
+ :small_orange_diamond: Hack Yourself First - it's full of nasty app sec holes.
+ :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
+ :small_orange_diamond: Wizard Labs - is an online Penetration Testing Lab.
+ :small_orange_diamond: PentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities.
+ :small_orange_diamond: RingZer0 - tons of challenges designed to test and improve your hacking skills.
+ :small_orange_diamond: try2hack - several security-oriented challenges for your entertainment.
+ :small_orange_diamond: Ubeeri - preconfigured lab environments.
+ :small_orange_diamond: Pentestit - emulate IT infrastructures of real companies for legal pen testing and improving pentest skills.
+ :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
+ :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.
+ :small_orange_diamond: DomGoat - DOM XSS security learning and practicing platform.
+ :small_orange_diamond: Stereotyped Challenges - upgrade your web hacking techniques today!
+ :small_orange_diamond: Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security.
+ :small_orange_diamond: W3Challs - is a penetration testing training platform, which offers various computer challenges.
+ :small_orange_diamond: RingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills.
+ :small_orange_diamond: Hack.me - a platform where you can build, host and share vulnerable web apps for educational purposes.
+ :small_orange_diamond: HackThis! - discover how hacks, dumps and defacements are performed and secure your website.
+ :small_orange_diamond: Enigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project.
+ :small_orange_diamond: Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, and more.
+ :small_orange_diamond: 0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science.
+ :small_orange_diamond: We Chall - there are exist a lots of different challenge types.
+ :small_orange_diamond: Hacker Gateway - is the go-to place for hackers who want to test their skills.
+ :small_orange_diamond: Hacker101 - is a free class for web security.
+ :small_orange_diamond: contained.af - a stupid game for learning about containers, capabilities, and syscalls.
+ :small_orange_diamond: flAWS challenge! - a series of levels you'll learn about common mistakes and gotchas when using AWS.
+ :small_orange_diamond: CyberSec WTF - provides web hacking challenges derived from bounty write-ups.
+ :small_orange_diamond: CTF Challenge - CTF Web App challenges.
+ :small_orange_diamond: gCTF - most of the challenges used in the Google CTF 2017.
+ :small_orange_diamond: Hack This Site - is a free, safe and legal training ground for hackers.
+ :small_orange_diamond: Attack & Defense - is a browser-based cloud labs.
+ :small_orange_diamond: Cryptohack - a fun platform for learning modern cryptography.
+ :small_orange_diamond: Cryptopals - the cryptopals crypto challenges.
+
+
+##### :black_small_square: CTF platforms
+
+
+ :small_orange_diamond: fbctf - platform to host Capture the Flag competitions.
+ :small_orange_diamond: ctfscoreboard - scoreboard for Capture The Flag competitions.
+
+
+##### :black_small_square: Other resources
+
+
+ :small_orange_diamond: Bugcrowd University - open source education content for the researcher community.
+ :small_orange_diamond: OSCPRepo - a list of resources and scripts that I have been gathering in preparation for the OSCP.
+ :small_orange_diamond: OWASP Top 10: Real-World Examples - test your web apps with real-world examples (two-part series).
+ :small_orange_diamond: phrack.org - an awesome collection of articles from several respected hackers and other thinkers.
+ :small_orange_diamond: Practical-Ethical-Hacking-Resources - compilation of resources from TCM's Udemy Course.
+
+
+#### Your daily knowledge and news [[TOC]](#anger-table-of-contents)
+
+##### :black_small_square: RSS Readers
+
+
+ :small_orange_diamond: Feedly - organize, read and share what matters to you.
+ :small_orange_diamond: Inoreader - similar to feedly with a support for filtering what you fetch from rss.
+
+
+##### :black_small_square: IRC Channels
+
+
+ :small_orange_diamond: #hackerspaces - hackerspace IRC channels.
+
+
+##### :black_small_square: Security
+
+
+ :small_orange_diamond: The Hacker News - leading news source dedicated to promoting awareness for security experts and hackers.
+ :small_orange_diamond: Latest Hacking News - provides the latest hacking news, exploits and vulnerabilities for ethical hackers.
+ :small_orange_diamond: Security Newsletter - security news as a weekly digest (email notifications).
+ :small_orange_diamond: Google Online Security Blog - the latest news and insights from Google on security and safety on the Internet.
+ :small_orange_diamond: Qualys Blog - expert network security guidance and news.
+ :small_orange_diamond: DARKReading - connecting the Information Security Community.
+ :small_orange_diamond: Darknet - latest hacking tools, hacker news, cybersecurity best practices, ethical hacking & pen-testing.
+ :small_orange_diamond: publiclyDisclosed - public disclosure watcher who keeps you up to date about the recently disclosed bugs.
+ :small_orange_diamond: Reddit - Hacking - a subreddit dedicated to hacking and hackers.
+ :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, advisories and whitepapers.
+ :small_orange_diamond: Sekurak - about security, penetration tests, vulnerabilities and many others (PL/EN).
+ :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).
+
+
+##### :black_small_square: Other/All-in-one
+
+
+ :small_orange_diamond: Changelog - is a community of hackers; news & podcasts for developers and hackers.
+
+
+#### Other Cheat Sheets [[TOC]](#anger-table-of-contents)
+
+###### Build your own DNS Servers
+
+
+ :small_orange_diamond: Unbound DNS Tutorial - a validating, recursive, and caching DNS server.
+ :small_orange_diamond: Knot Resolver on Fedora - how to get faster and more secure DNS resolution with Knot Resolver on Fedora.
+ :small_orange_diamond: DNS-over-HTTPS - tutorial to setup your own DNS-over-HTTPS (DoH) server.
+ :small_orange_diamond: dns-over-https - a cartoon intro to DNS over HTTPS.
+ :small_orange_diamond: DNS-over-TLS - following to your DoH server, setup your DNS-over-TLS (DoT) server.
+ :small_orange_diamond: DNS Servers - how (and why) i run my own DNS Servers.
+
+
+###### Build your own Certificate Authority
+
+
+ :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL tools.
+ :small_orange_diamond: step-ca Certificate Authority - build your own certificate authority (CA) using open source step-ca.
+
+
+###### Build your own System/Virtual Machine
+
+
+ :small_orange_diamond: os-tutorial - how to create an OS from scratch.
+ :small_orange_diamond: Write your Own Virtual Machine - how to write your own virtual machine (VM).
+ :small_orange_diamond: x86 Bare Metal Examples - dozens of minimal operating systems to learn x86 system programming.
+ :small_orange_diamond: simple-computer - the scott CPU from "But How Do It Know?" by J. Clark Scott.
+ :small_orange_diamond: littleosbook - the little book about OS development.
+
+
+###### DNS Servers list (privacy)
+
+| IP | URL |
+| :--- | :--- |
+| **`84.200.69.80`** | [dns.watch](https://dns.watch/) |
+| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) |
+| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) |
+| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) |
+| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) |
+| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) |
+
+###### TOP Browser extensions
+
+| Extension name | Description |
+| :--- | :--- |
+| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. |
+| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. |
+| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. |
+| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. |
+| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. |
+| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. |
+| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. |
+| **`Clear Cache`** | Clear your cache and browsing data. |
+| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. |
+| **`Web Developer`** | Adds a toolbar button with various web developer tools. |
+| **`ThreatPinch Lookup`** | Add threat intelligence hover tool tips. |
+
+###### TOP Burp extensions
+
+| Extension name | Description |
+| :--- | :--- |
+| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. |
+| **`Autorize`** | Automatically detects authorization enforcement. |
+| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. |
+| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. |
+| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. |
+| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. |
+| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. |
+| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. |
+| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. |
+| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. |
+| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. |
+| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. |
+| **`Turbo Intruder`** | Is a powerful bruteforcing tool. |
+| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. |
+
+###### Hack Mozilla Firefox address bar
+
+In Firefox's address bar, you can limit results by typing special characters before or after your term:
+
+- `^` - for matches in your browsing history
+- `*` - for matches in your bookmarks.
+- `%` - for matches in your currently open tabs.
+- `#` - for matches in page titles.
+- `@` - for matches in web addresses.
+
+###### Chrome hidden commands
+
+- `chrome://chrome-urls` - list of all commands
+- `chrome://flags` - enable experiments and development features
+- `chrome://interstitials` - errors and warnings
+- `chrome://net-internals` - network internals (events, dns, cache)
+- `chrome://network-errors` - network errors
+- `chrome://net-export` - start logging future network activity to a file
+- `chrome://safe-browsing` - safe browsing options
+- `chrome://user-actions` - record all user actions
+- `chrome://restart` - restart chrome
+- `chrome://dino` - ERR_INTERNET_DISCONNECTED...
+- `cache:` - view the cached version of the web page
+
+###### Bypass WAFs by Shortening IP Address (by [0xInfection](https://twitter.com/0xInfection))
+
+IP addresses can be shortened by dropping the zeroes:
+
+```
+http://1.0.0.1 → http://1.1
+http://127.0.0.1 → http://127.1
+http://192.168.0.1 → http://192.168.1
+
+http://0xC0A80001 or http://3232235521 → 192.168.0.1
+http://192.168.257 → 192.168.1.1
+http://192.168.516 → 192.168.2.4
+```
+
+ > This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
+
+For more information please see [How to Obscure Any URL](http://www.pc-help.org/obscure.htm) and [Magic IP Address Shortcuts](https://stuff-things.net/2014/09/25/magic-ip-address-shortcuts/).
+
+###### Hashing, encryption and encoding (by [Michal Špaček](https://twitter.com/spazef0rze))
+
+_Hashing_
+
+plaintext :arrow_right: hash
+hash :no_entry: plaintext
+
+_Symmetric encryption_
+
+plaintext :arrow_right: :key: :arrow_right: ciphertext
+plaintext :arrow_left: :key: :arrow_left: ciphertext
+(:key: shared key)
+
+_Asymmetric encryption_
+
+plaintext :arrow_right: :key: :arrow_right: ciphertext
+plaintext :arrow_left: :part_alternation_mark: :arrow_left: ciphertext
+(:key: public key, :part_alternation_mark: private key)
+
+_Encoding_
+
+text :arrow_right: encoded
+text :arrow_left: encoded
+
+#### One-liners [[TOC]](#anger-table-of-contents)
+
+##### Table of Contents
+
+ * [terminal](#tool-terminal)
+ * [busybox](#tool-busybox)
+ * [mount](#tool-mount)
+ * [fuser](#tool-fuser)
+ * [lsof](#tool-lsof)
+ * [ps](#tool-ps)
+ * [top](#tool-top)
+ * [vmstat](#tool-vmstat)
+ * [iostat](#tool-iostat)
+ * [strace](#tool-strace)
+ * [kill](#tool-kill)
+ * [find](#tool-find)
+ * [diff](#tool-diff)
+ * [vimdiff](#tool-vimdiff)
+ * [tail](#tool-tail)
+ * [cpulimit](#tool-cpulimit)
+ * [pwdx](#tool-pwdx)
+ * [tr](#tool-tr)
+ * [chmod](#tool-chmod)
+ * [who](#tool-who)
+ * [last](#tool-last)
+ * [screen](#tool-screen)
+ * [script](#tool-script)
+ * [du](#tool-du)
+ * [inotifywait](#tool-inotifywait)
+ * [openssl](#tool-openssl)
+ * [secure-delete](#tool-secure-delete)
+ * [dd](#tool-dd)
+ * [gpg](#tool-gpg)
+ * [system-other](#tool-system-other)
+ * [curl](#tool-curl)
+ * [httpie](#tool-httpie)
+ * [ssh](#tool-ssh)
+ * [linux-dev](#tool-linux-dev)
+ * [tcpdump](#tool-tcpdump)
+ * [tcpick](#tool-tcpick)
+ * [ngrep](#tool-ngrep)
+ * [hping3](#tool-hping3)
+ * [nmap](#tool-nmap)
+ * [netcat](#tool-netcat)
+ * [socat](#tool-socat)
+ * [p0f](#tool-p0f)
+ * [gnutls-cli](#tool-gnutls-cli)
+ * [netstat](#tool-netstat)
+ * [rsync](#tool-rsync)
+ * [host](#tool-host)
+ * [dig](#tool-dig)
+ * [certbot](#tool-certbot)
+ * [network-other](#tool-network-other)
+ * [git](#tool-git)
+ * [awk](#tool-awk)
+ * [sed](#tool-sed)
+ * [grep](#tool-grep)
+ * [perl](#tool-perl)
+
+##### Tool: [terminal](https://en.wikipedia.org/wiki/Linux_console)
+
+###### Reload shell without exit
+
+```bash
+exec $SHELL -l
+```
+
+###### Close shell keeping all subprocess running
+
+```bash
+disown -a && exit
+```
+
+###### Exit without saving shell history
+
+```bash
+kill -9 $$
+unset HISTFILE && exit
+```
+
+###### Perform a branching conditional
+
+```bash
+true && echo success
+false || echo failed
+```
+
+###### Pipe stdout and stderr to separate commands
+
+```bash
+some_command > >(/bin/cmd_for_stdout) 2> >(/bin/cmd_for_stderr)
+```
+
+###### Redirect stdout and stderr each to separate files and print both to the screen
+
+```bash
+(some_command 2>&1 1>&3 | tee errorlog ) 3>&1 1>&2 | tee stdoutlog
+```
+
+###### List of commands you use most often
+
+```bash
+history | \
+awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | \
+grep -v "./" | \
+column -c3 -s " " -t | \
+sort -nr | nl | head -n 20
+```
+
+###### Sterilize bash history
+
+```bash
+function sterile() {
+
+ history | awk '$2 != "history" { $1=""; print $0 }' | egrep -vi "\
+curl\b+.*(-E|--cert)\b+.*\b*|\
+curl\b+.*--pass\b+.*\b*|\
+curl\b+.*(-U|--proxy-user).*:.*\b*|\
+curl\b+.*(-u|--user).*:.*\b*
+.*(-H|--header).*(token|auth.*)\b+.*|\
+wget\b+.*--.*password\b+.*\b*|\
+http.?://.+:.+@.*\
+" > $HOME/histbuff; history -r $HOME/histbuff;
+
+}
+
+export PROMPT_COMMAND="sterile"
+```
+
+ > Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go).
+
+###### Quickly backup a file
+
+```bash
+cp filename{,.orig}
+```
+
+###### Empty a file (truncate to 0 size)
+
+```bash
+>filename
+```
+
+###### Delete all files in a folder that don't match a certain file extension
+
+```bash
+rm !(*.foo|*.bar|*.baz)
+```
+
+###### Pass multi-line string to a file
+
+```bash
+# cat >filename ... - overwrite the file
+# cat >>filename ... - append to a file
+cat > filename << __EOF__
+data data data
+__EOF__
+```
+
+###### Edit a file on a remote host using vim
+
+```bash
+vim scp://user@host//etc/fstab
+```
+
+###### Create a directory and change into it at the same time
+
+```bash
+mkd() { mkdir -p "$@" && cd "$@"; }
+```
+
+###### Convert uppercase files to lowercase files
+
+```bash
+rename 'y/A-Z/a-z/' *
+```
+
+###### Print a row of characters across the terminal
+
+```bash
+printf "%`tput cols`s" | tr ' ' '#'
+```
+
+###### Show shell history without line numbers
+
+```bash
+history | cut -c 8-
+fc -l -n 1 | sed 's/^\s*//'
+```
+
+###### Run command(s) after exit session
+
+```bash
+cat > /etc/profile << __EOF__
+_after_logout() {
+
+ username=$(whoami)
+
+ for _pid in $(ps afx | grep sshd | grep "$username" | awk '{print $1}') ; do
+
+ kill -9 $_pid
+
+ done
+
+}
+trap _after_logout EXIT
+__EOF__
+```
+
+###### Generate a sequence of numbers
+
+```bash
+for ((i=1; i<=10; i+=2)) ; do echo $i ; done
+# alternative: seq 1 2 10
+
+for ((i=5; i<=10; ++i)) ; do printf '%02d\n' $i ; done
+# alternative: seq -w 5 10
+
+for i in {1..10} ; do echo $i ; done
+```
+
+###### Simple Bash filewatching
+
+```bash
+unset MAIL; export MAILCHECK=1; export MAILPATH='$FILE_TO_WATCH?$MESSAGE'
+```
+
+---
+
+##### Tool: [busybox](https://www.busybox.net/)
+
+###### Static HTTP web server
+
+```bash
+busybox httpd -p $PORT -h $HOME [-c httpd.conf]
+```
+
+___
+
+##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix))
+
+###### Mount a temporary ram partition
+
+```bash
+mount -t tmpfs tmpfs /mnt -o size=64M
+```
+
+ * `-t` - filesystem type
+ * `-o` - mount options
+
+###### Remount a filesystem as read/write
+
+```bash
+mount -o remount,rw /
+```
+
+___
+
+##### Tool: [fuser](https://en.wikipedia.org/wiki/Fuser_(Unix))
+
+###### Show which processes use the files/directories
+
+```bash
+fuser /var/log/daemon.log
+fuser -v /home/supervisor
+```
+
+###### Kills a process that is locking a file
+
+```bash
+fuser -ki filename
+```
+
+ * `-i` - interactive option
+
+###### Kills a process that is locking a file with specific signal
+
+```bash
+fuser -k -HUP filename
+```
+
+ * `--list-signals` - list available signal names
+
+###### Show what PID is listening on specific port
+
+```bash
+fuser -v 53/udp
+```
+
+###### Show all processes using the named filesystems or block device
+
+```bash
+fuser -mv /var/www
+```
+
+___
+
+##### Tool: [lsof](https://en.wikipedia.org/wiki/Lsof)
+
+###### Show process that use internet connection at the moment
+
+```bash
+lsof -P -i -n
+```
+
+###### Show process that use specific port number
+
+```bash
+lsof -i tcp:443
+```
+
+###### Lists all listening ports together with the PID of the associated process
+
+```bash
+lsof -Pan -i tcp -i udp
+```
+
+###### List all open ports and their owning executables
+
+```bash
+lsof -i -P | grep -i "listen"
+```
+
+###### Show all open ports
+
+```bash
+lsof -Pnl -i
+```
+
+###### Show open ports (LISTEN)
+
+```bash
+lsof -Pni4 | grep LISTEN | column -t
+```
+
+###### List all files opened by a particular command
+
+```bash
+lsof -c "process"
+```
+
+###### View user activity per directory
+
+```bash
+lsof -u username -a +D /etc
+```
+
+###### Show 10 largest open files
+
+```bash
+lsof / | \
+awk '{ if($7 > 1048576) print $7/1048576 "MB" " " $9 " " $1 }' | \
+sort -n -u | tail | column -t
+```
+
+###### Show current working directory of a process
+
+```bash
+lsof -p | grep cwd
+```
+
+___
+
+##### Tool: [ps](https://en.wikipedia.org/wiki/Ps_(Unix))
+
+###### Show a 4-way scrollable process tree with full details
+
+```bash
+ps awwfux | less -S
+```
+
+###### Processes per user counter
+
+```bash
+ps hax -o user | sort | uniq -c | sort -r
+```
+
+###### Show all processes by name with main header
+
+```bash
+ps -lfC nginx
+```
+
+___
+
+##### Tool: [find](https://en.wikipedia.org/wiki/Find_(Unix))
+
+###### Find files that have been modified on your system in the past 60 minutes
+
+```bash
+find / -mmin 60 -type f
+```
+
+###### Find all files larger than 20M
+
+```bash
+find / -type f -size +20M
+```
+
+###### Find duplicate files (based on MD5 hash)
+
+```bash
+find -type f -exec md5sum '{}' ';' | sort | uniq --all-repeated=separate -w 33
+```
+
+###### Change permission only for files
+
+```bash
+cd /var/www/site && find . -type f -exec chmod 766 {} \;
+cd /var/www/site && find . -type f -exec chmod 664 {} +
+```
+
+###### Change permission only for directories
+
+```bash
+cd /var/www/site && find . -type d -exec chmod g+x {} \;
+cd /var/www/site && find . -type d -exec chmod g+rwx {} +
+```
+
+###### Find files and directories for specific user/group
+
+```bash
+# User:
+find . -user -print
+find /etc -type f -user -name "*.conf"
+
+# Group:
+find /opt -group
+find /etc -type f -group -iname "*.conf"
+```
+
+###### Find files and directories for all without specific user/group
+
+```bash
+# User:
+find . \! -user -print
+
+# Group:
+find . \! -group
+```
+
+###### Looking for files/directories that only have certain permission
+
+```bash
+# User
+find . -user -perm -u+rw # -rw-r--r--
+find /home -user $(whoami) -perm 777 # -rwxrwxrwx
+
+# Group:
+find /home -type d -group -perm 755 # -rwxr-xr-x
+```
+
+###### Delete older files than 60 days
+
+```bash
+find . -type f -mtime +60 -delete
+```
+
+###### Recursively remove all empty sub-directories from a directory
+
+```bash
+find . -depth -type d -empty -exec rmdir {} \;
+```
+
+###### How to find all hard links to a file
+
+```bash
+find -xdev -samefile filename
+```
+
+###### Recursively find the latest modified files
+
+```bash
+find . -type f -exec stat --format '%Y :%y %n' "{}" \; | sort -nr | cut -d: -f2- | head
+```
+
+###### Recursively find/replace of a string with sed
+
+```bash
+find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/foo/bar/g'
+```
+
+###### Recursively find/replace of a string in directories and file names
+
+```bash
+find . -depth -name '*test*' -execdir bash -c 'mv -v "$1" "${1//foo/bar}"' _ {} \;
+```
+
+###### Recursively find suid executables
+
+```bash
+find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \;
+```
+
+___
+
+##### Tool: [top](https://en.wikipedia.org/wiki/Top_(software))
+
+###### Use top to monitor only all processes with the specific string
+
+```bash
+top -p $(pgrep -d , )
+```
+
+ * `` - process containing string (eg. nginx, worker)
+
+___
+
+##### Tool: [vmstat](https://en.wikipedia.org/wiki/Vmstat)
+
+###### Show current system utilization (fields in kilobytes)
+
+```bash
+vmstat 2 20 -t -w
+```
+
+ * `2` - number of times with a defined time interval (delay)
+ * `20` - each execution of the command (count)
+ * `-t` - show timestamp
+ * `-w` - wide output
+ * `-S M` - output of the fields in megabytes instead of kilobytes
+
+###### Show current system utilization will get refreshed every 5 seconds
+
+```bash
+vmstat 5 -w
+```
+
+###### Display report a summary of disk operations
+
+```bash
+vmstat -D
+```
+
+###### Display report of event counters and memory stats
+
+```bash
+vmstat -s
+```
+
+###### Display report about kernel objects stored in slab layer cache
+
+```bash
+vmstat -m
+```
+
+##### Tool: [iostat](https://en.wikipedia.org/wiki/Iostat)
+
+###### Show information about the CPU usage, and I/O statistics about all the partitions
+
+```bash
+iostat 2 10 -t -m
+```
+
+ * `2` - number of times with a defined time interval (delay)
+ * `10` - each execution of the command (count)
+ * `-t` - show timestamp
+ * `-m` - fields in megabytes (`-k` - in kilobytes, default)
+
+###### Show information only about the CPU utilization
+
+```bash
+iostat 2 10 -t -m -c
+```
+
+###### Show information only about the disk utilization
+
+```bash
+iostat 2 10 -t -m -d
+```
+
+###### Show information only about the LVM utilization
+
+```bash
+iostat -N
+```
+
+___
+
+##### Tool: [strace](https://en.wikipedia.org/wiki/Strace)
+
+###### Track with child processes
+
+```bash
+# 1)
+strace -f -p $(pidof glusterfsd)
+
+# 2)
+strace -f $(pidof php-fpm | sed 's/\([0-9]*\)/\-p \1/g')
+```
+
+###### Track process with 30 seconds limit
+
+```bash
+timeout 30 strace $(< /var/run/zabbix/zabbix_agentd.pid)
+```
+
+###### Track processes and redirect output to a file
+
+```bash
+ps auxw | grep '[a]pache' | awk '{print " -p " $2}' | \
+xargs strace -o /tmp/strace-apache-proc.out
+```
+
+###### Track with print time spent in each syscall and limit length of print strings
+
+```bash
+ps auxw | grep '[i]init_policy' | awk '{print " -p " $2}' | \
+xargs strace -f -e trace=network -T -s 10000
+```
+
+###### Track the open request of a network port
+
+```bash
+strace -f -e trace=bind nc -l 80
+```
+
+###### Track the open request of a network port (show TCP/UDP)
+
+```bash
+strace -f -e trace=network nc -lu 80
+```
+
+___
+
+##### Tool: [kill](https://en.wikipedia.org/wiki/Kill_(command))
+
+###### Kill a process running on port
+
+```bash
+kill -9 $(lsof -i : | awk '{l=$2} END {print l}')
+```
+
+___
+
+##### Tool: [diff](https://en.wikipedia.org/wiki/Diff)
+
+###### Compare two directory trees
+
+```bash
+diff <(cd directory1 && find | sort) <(cd directory2 && find | sort)
+```
+
+###### Compare output of two commands
+
+```bash
+diff <(cat /etc/passwd) <(cut -f2 /etc/passwd)
+```
+
+___
+
+##### Tool: [vimdiff](http://vimdoc.sourceforge.net/htmldoc/diff.html)
+
+###### Highlight the exact differences, based on characters and words
+
+```bash
+vimdiff file1 file2
+```
+###### Compare two JSON files
+
+```bash
+vimdiff <(jq -S . A.json) <(jq -S . B.json)
+```
+
+###### Compare Hex dump
+```bash
+d(){ vimdiff <(f $1) <(f $2);};f(){ hexdump -C $1|cut -d' ' -f3-|tr -s ' ';}; d ~/bin1 ~/bin2
+```
+
+###### diffchar
+
+Save [diffchar](https://raw.githubusercontent.com/vim-scripts/diffchar.vim/master/plugin/diffchar.vim) @ `~/.vim/plugins`
+
+Click `F7` to switch between diff modes
+
+Usefull `vimdiff` commands:
+
+* `qa` to exit all windows
+* `:vertical resize 70` to resize window
+* set window width `Ctrl+W [N columns]+(Shift+)<\>`
+
+___
+
+##### Tool: [tail](https://en.wikipedia.org/wiki/Tail_(Unix))
+
+###### Annotate tail -f with timestamps
+
+```bash
+tail -f file | while read ; do echo "$(date +%T.%N) $REPLY" ; done
+```
+
+###### Analyse an Apache access log for the most common IP addresses
+
+```bash
+tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail
+```
+
+###### Analyse web server log and show only 5xx http codes
+
+```bash
+tail -n 100 -f /path/to/logfile | grep "HTTP/[1-2].[0-1]\" [5]"
+```
+
+___
+
+##### Tool: [tar](https://en.wikipedia.org/wiki/Tar_(computing))
+
+###### System backup with exclude specific directories
+
+```bash
+cd /
+tar -czvpf /mnt/system$(date +%d%m%Y%s).tgz --directory=/ \
+--exclude=proc/* --exclude=sys/* --exclude=dev/* --exclude=mnt/* .
+```
+
+###### System backup with exclude specific directories (pigz)
+
+```bash
+cd /
+tar cvpf /backup/snapshot-$(date +%d%m%Y%s).tgz --directory=/ \
+--exclude=proc/* --exclude=sys/* --exclude=dev/* \
+--exclude=mnt/* --exclude=tmp/* --use-compress-program=pigz .
+```
+
+___
+
+##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program))
+
+###### System backup to file
+
+```bash
+dump -y -u -f /backup/system$(date +%d%m%Y%s).lzo /
+```
+
+###### Restore system from lzo file
+
+```bash
+cd /
+restore -rf /backup/system$(date +%d%m%Y%s).lzo
+```
+
+___
+
+##### Tool: [cpulimit](http://cpulimit.sourceforge.net/)
+
+###### Limit the cpu usage of a process
+
+```bash
+cpulimit -p pid -l 50
+```
+
+___
+
+##### Tool: [pwdx](https://www.cyberciti.biz/faq/unix-linux-pwdx-command-examples-usage-syntax/)
+
+###### Show current working directory of a process
+
+```bash
+pwdx
+```
+
+___
+
+##### Tool: [taskset](https://www.cyberciti.biz/faq/taskset-cpu-affinity-command/)
+
+###### Start a command on only one CPU core
+
+```bash
+taskset -c 0
+```
+
+___
+
+##### Tool: [tr](https://en.wikipedia.org/wiki/Tr_(Unix))
+
+###### Show directories in the PATH, one per line
+
+```bash
+tr : '\n' <<<$PATH
+```
+
+___
+
+##### Tool: [chmod](https://en.wikipedia.org/wiki/Chmod)
+
+###### Remove executable bit from all files in the current directory
+
+```bash
+chmod -R -x+X *
+```
+
+###### Restore permission for /bin/chmod
+
+```bash
+# 1:
+cp /bin/ls chmod.01
+cp /bin/chmod chmod.01
+./chmod.01 700 file
+
+# 2:
+/bin/busybox chmod 0700 /bin/chmod
+
+# 3:
+setfacl --set u::rwx,g::---,o::--- /bin/chmod
+```
+
+___
+
+##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix))
+
+###### Find last reboot time
+
+```bash
+who -b
+```
+
+###### Detect a user sudo-su'd into the current shell
+
+```bash
+[[ $(who -m | awk '{ print $1 }') == $(whoami) ]] || echo "You are su-ed to $(whoami)"
+```
+
+___
+
+##### Tool: [last](https://www.howtoforge.com/linux-last-command/)
+
+###### Was the last reboot a panic?
+
+```bash
+(last -x -f $(ls -1t /var/log/wtmp* | head -2 | tail -1); last -x -f /var/log/wtmp) | \
+grep -A1 reboot | head -2 | grep -q shutdown && echo "Expected reboot" || echo "Panic reboot"
+```
+
+___
+
+##### Tool: [screen](https://en.wikipedia.org/wiki/GNU_Screen)
+
+###### Start screen in detached mode
+
+```bash
+screen -d -m
+```
+
+###### Attach to an existing screen session
+
+```bash
+screen -r -d
+```
+
+___
+
+##### Tool: [script](https://en.wikipedia.org/wiki/Script_(Unix))
+
+###### Record and replay terminal session
+
+```bash
+### Record session
+# 1)
+script -t 2>~/session.time -a ~/session.log
+
+# 2)
+script --timing=session.time session.log
+
+### Replay session
+scriptreplay --timing=session.time session.log
+```
+
+___
+
+##### Tool: [du](https://en.wikipedia.org/wiki/GNU_Screen)
+
+###### Show 20 biggest directories with 'K M G'
+
+```bash
+du | \
+sort -r -n | \
+awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]"\t"$2}' | \
+head -n 20
+```
+
+___
+
+##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen)
+
+###### Init tool everytime a file in a directory is modified
+
+```bash
+while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done;
+```
+
+___
+
+##### Tool: [openssl](https://www.openssl.org/)
+
+###### Testing connection to the remote host
+
+```bash
+echo | openssl s_client -connect google.com:443 -showcerts
+```
+
+###### Testing connection to the remote host (debug mode)
+
+```bash
+echo | openssl s_client -connect google.com:443 -showcerts -tlsextdebug -status
+```
+
+###### Testing connection to the remote host (with SNI support)
+
+```bash
+echo | openssl s_client -showcerts -servername google.com -connect google.com:443
+```
+
+###### Testing connection to the remote host with specific ssl version
+
+```bash
+openssl s_client -tls1_2 -connect google.com:443
+```
+
+###### Testing connection to the remote host with specific ssl cipher
+
+```bash
+openssl s_client -cipher 'AES128-SHA' -connect google.com:443
+```
+
+###### Verify 0-RTT
+
+```bash
+_host="example.com"
+
+cat > req.in << __EOF__
+HEAD / HTTP/1.1
+Host: $_host
+Connection: close
+__EOF__
+
+openssl s_client -connect ${_host}:443 -tls1_3 -sess_out session.pem -ign_eof < req.in
+openssl s_client -connect ${_host}:443 -tls1_3 -sess_in session.pem -early_data req.in
+```
+
+###### Generate private key without passphrase
+
+```bash
+# _len: 2048, 4096
+( _fd="private.key" ; _len="2048" ; \
+openssl genrsa -out ${_fd} ${_len} )
+```
+
+###### Generate private key with passphrase
+
+```bash
+# _ciph: des3, aes128, aes256
+# _len: 2048, 4096
+( _ciph="aes128" ; _fd="private.key" ; _len="2048" ; \
+openssl genrsa -${_ciph} -out ${_fd} ${_len} )
+```
+
+###### Remove passphrase from private key
+
+```bash
+( _fd="private.key" ; _fd_unp="private_unp.key" ; \
+openssl rsa -in ${_fd} -out ${_fd_unp} )
+```
+
+###### Encrypt existing private key with a passphrase
+
+```bash
+# _ciph: des3, aes128, aes256
+( _ciph="aes128" ; _fd="private.key" ; _fd_pass="private_pass.key" ; \
+openssl rsa -${_ciph} -in ${_fd} -out ${_fd_pass}
+```
+
+###### Check private key
+
+```bash
+( _fd="private.key" ; \
+openssl rsa -check -in ${_fd} )
+```
+
+###### Get public key from private key
+
+```bash
+( _fd="private.key" ; _fd_pub="public.key" ; \
+openssl rsa -pubout -in ${_fd} -out ${_fd_pub} )
+```
+
+###### Generate private key and CSR
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; _len="2048" ; \
+openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
+```
+
+###### Generate CSR
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; \
+openssl req -out ${_fd_csr} -new -key ${_fd} )
+```
+
+###### Generate CSR (metadata from existing certificate)
+
+ > Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate.
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \
+openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} )
+```
+
+###### Generate CSR with -config param
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; \
+openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \
+-config <(
+cat << __EOF__
+[req]
+default_bits = 2048
+default_md = sha256
+prompt = no
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+C = ""
+ST = ""
+L = ""
+O = ""
+OU = ""
+CN = ""
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 =
+DNS.2 =
+DNS.3 =
+__EOF__
+))
+```
+
+Other values in `[ dn ]`:
+
+```
+countryName = "DE" # C=
+stateOrProvinceName = "Hessen" # ST=
+localityName = "Keller" # L=
+postalCode = "424242" # L/postalcode=
+postalAddress = "Keller" # L/postaladdress=
+streetAddress = "Crater 1621" # L/street=
+organizationName = "apfelboymschule" # O=
+organizationalUnitName = "IT Department" # OU=
+commonName = "example.com" # CN=
+emailAddress = "webmaster@example.com" # CN/emailAddress=
+```
+
+Example of `oids` (you'll probably also have to make OpenSSL know about the new fields required for EV by adding the following under `[new_oids]`):
+
+```
+[req]
+...
+oid_section = new_oids
+
+[ new_oids ]
+postalCode = 2.5.4.17
+streetAddress = 2.5.4.9
+```
+
+Full example:
+
+```bash
+( _fd="private.key" ; _fd_csr="request.csr" ; \
+openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \
+-config <(
+cat << __EOF__
+[req]
+default_bits = 2048
+default_md = sha256
+prompt = no
+distinguished_name = dn
+req_extensions = req_ext
+oid_section = new_oids
+
+[ new_oids ]
+serialNumber = 2.5.4.5
+streetAddress = 2.5.4.9
+postalCode = 2.5.4.17
+businessCategory = 2.5.4.15
+
+[ dn ]
+serialNumber=00001111
+businessCategory=Private Organization
+jurisdictionC=DE
+C=DE
+ST=Hessen
+L=Keller
+postalCode=424242
+streetAddress=Crater 1621
+O=AV Company
+OU=IT
+CN=example.com
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = example.com
+__EOF__
+))
+```
+
+For more information please look at these great explanations:
+
+- [RFC 5280](https://tools.ietf.org/html/rfc5280)
+- [How to create multidomain certificates using config files](https://apfelboymchen.net/gnu/notes/openssl%20multidomain%20with%20config%20files.html)
+- [Generate a multi domains certificate using config files](https://gist.github.com/romainnorberg/464758a6620228b977212a3cf20c3e08)
+- [Your OpenSSL CSR command is out of date](https://expeditedsecurity.com/blog/openssl-csr-command/)
+- [OpenSSL example configuration file](https://www.tbs-certificats.com/openssl-dem-server-cert.cnf)
+- [Object Identifiers (OIDs)](https://www.alvestrand.no/objectid/)
+- [openssl objects.txt](https://github.com/openssl/openssl/blob/master/crypto/objects/objects.txt)
+
+###### List available EC curves
+
+```bash
+openssl ecparam -list_curves
+```
+
+###### Print ECDSA private and public keys
+
+```bash
+( _fd="private.key" ; \
+openssl ec -in ${_fd} -noout -text )
+
+# For x25519 only extracting public key
+( _fd="private.key" ; _fd_pub="public.key" ; \
+openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
+```
+
+###### Generate ECDSA private key
+
+```bash
+# _curve: prime256v1, secp521r1, secp384r1
+( _fd="private.key" ; _curve="prime256v1" ; \
+openssl ecparam -out ${_fd} -name ${_curve} -genkey )
+
+# _curve: X25519
+( _fd="private.key" ; _curve="x25519" ; \
+openssl genpkey -algorithm ${_curve} -out ${_fd} )
+```
+
+###### Generate private key and CSR (ECC)
+
+```bash
+# _curve: prime256v1, secp521r1, secp384r1
+( _fd="domain.com.key" ; _fd_csr="domain.com.csr" ; _curve="prime256v1" ; \
+openssl ecparam -out ${_fd} -name ${_curve} -genkey ; \
+openssl req -new -key ${_fd} -out ${_fd_csr} -sha256 )
+```
+
+###### Generate self-signed certificate
+
+```bash
+# _len: 2048, 4096
+( _fd="domain.key" ; _fd_out="domain.crt" ; _len="2048" ; _days="365" ; \
+openssl req -newkey rsa:${_len} -nodes \
+-keyout ${_fd} -x509 -days ${_days} -out ${_fd_out} )
+```
+
+###### Generate self-signed certificate from existing private key
+
+```bash
+# _len: 2048, 4096
+( _fd="domain.key" ; _fd_out="domain.crt" ; _days="365" ; \
+openssl req -key ${_fd} -nodes \
+-x509 -days ${_days} -out ${_fd_out} )
+```
+
+###### Generate self-signed certificate from existing private key and csr
+
+```bash
+# _len: 2048, 4096
+( _fd="domain.key" ; _fd_csr="domain.csr" ; _fd_out="domain.crt" ; _days="365" ; \
+openssl x509 -signkey ${_fd} -nodes \
+-in ${_fd_csr} -req -days ${_days} -out ${_fd_out} )
+```
+
+###### Generate DH public parameters
+
+```bash
+( _dh_size="2048" ; \
+openssl dhparam -out /etc/nginx/ssl/dhparam_${_dh_size}.pem "$_dh_size" )
+```
+
+###### Display DH public parameters
+
+```bash
+openssl pkeyparam -in dhparam.pem -text
+```
+
+###### Extract private key from pfx
+
+```bash
+( _fd_pfx="cert.pfx" ; _fd_key="key.pem" ; \
+openssl pkcs12 -in ${_fd_pfx} -nocerts -nodes -out ${_fd_key} )
+```
+
+###### Extract private key and certs from pfx
+
+```bash
+( _fd_pfx="cert.pfx" ; _fd_pem="key_certs.pem" ; \
+openssl pkcs12 -in ${_fd_pfx} -nodes -out ${_fd_pem} )
+```
+
+###### Extract certs from p7b
+
+```bash
+# PKCS#7 file doesn't include private keys.
+( _fd_p7b="cert.p7b" ; _fd_pem="cert.pem" ; \
+openssl pkcs7 -inform DER -outform PEM -in ${_fd_p7b} -print_certs > ${_fd_pem})
+# or:
+openssl pkcs7 -print_certs -in -in ${_fd_p7b} -out ${_fd_pem})
+```
+
+###### Convert DER to PEM
+
+```bash
+( _fd_der="cert.crt" ; _fd_pem="cert.pem" ; \
+openssl x509 -in ${_fd_der} -inform der -outform pem -out ${_fd_pem} )
+```
+
+###### Convert PEM to DER
+
+```bash
+( _fd_der="cert.crt" ; _fd_pem="cert.pem" ; \
+openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} )
+```
+
+###### Verification of the private key
+
+```bash
+( _fd="private.key" ; \
+openssl rsa -noout -text -in ${_fd} )
+```
+
+###### Verification of the public key
+
+```bash
+# 1)
+( _fd="public.key" ; \
+openssl pkey -noout -text -pubin -in ${_fd} )
+
+# 2)
+( _fd="private.key" ; \
+openssl rsa -inform PEM -noout -in ${_fd} &> /dev/null ; \
+if [ $? = 0 ] ; then echo -en "OK\n" ; fi )
+```
+
+###### Verification of the certificate
+
+```bash
+( _fd="certificate.crt" ; # format: pem, cer, crt \
+openssl x509 -noout -text -in ${_fd} )
+```
+
+###### Verification of the CSR
+
+```bash
+( _fd_csr="request.csr" ; \
+openssl req -text -noout -in ${_fd_csr} )
+```
+
+###### Check the private key and the certificate are match
+
+```bash
+(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
+openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq
+```
+
+###### Check the private key and the CSR are match
+
+```bash
+(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
+openssl req -noout -modulus -in request.csr | openssl md5) | uniq
+```
+
+___
+
+##### Tool: [secure-delete](https://wiki.archlinux.org/index.php/Securely_wipe_disk)
+
+###### Secure delete with shred
+
+```bash
+shred -vfuz -n 10 file
+shred --verbose --random-source=/dev/urandom -n 1 /dev/sda
+```
+
+###### Secure delete with scrub
+
+```bash
+scrub -p dod /dev/sda
+scrub -p dod -r file
+```
+
+###### Secure delete with badblocks
+
+```bash
+badblocks -s -w -t random -v /dev/sda
+badblocks -c 10240 -s -w -t random -v /dev/sda
+```
+
+###### Secure delete with secure-delete
+
+```bash
+srm -vz /tmp/file
+sfill -vz /local
+sdmem -v
+swapoff /dev/sda5 && sswap -vz /dev/sda5
+```
+
+___
+
+##### Tool: [dd](https://en.wikipedia.org/wiki/Dd_(Unix))
+
+###### Show dd status every so often
+
+```bash
+dd status=progress
+watch --interval 5 killall -USR1 dd
+```
+
+###### Redirect output to a file with dd
+
+```bash
+echo "string" | dd of=filename
+```
+
+___
+
+##### Tool: [gpg](https://www.gnupg.org/)
+
+###### Export public key
+
+```bash
+gpg --export --armor "" > username.pkey
+```
+
+ * `--export` - export all keys from all keyrings or specific key
+ * `-a|--armor` - create ASCII armored output
+
+###### Encrypt file
+
+```bash
+gpg -e -r "" dump.sql
+```
+
+ * `-e|--encrypt` - encrypt data
+ * `-r|--recipient` - encrypt for specific
+
+###### Decrypt file
+
+```bash
+gpg -o dump.sql -d dump.sql.gpg
+```
+
+ * `-o|--output` - use as output file
+ * `-d|--decrypt` - decrypt data (default)
+
+###### Search recipient
+
+```bash
+gpg --keyserver hkp://keyserver.ubuntu.com --search-keys ""
+```
+
+ * `--keyserver` - set specific key server
+ * `--search-keys` - search for keys on a key server
+
+###### List all of the packets in an encrypted file
+
+```bash
+gpg --batch --list-packets archive.gpg
+gpg2 --batch --list-packets archive.gpg
+```
+
+___
+
+##### Tool: [system-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-system-other)
+
+###### Reboot system from init
+
+```bash
+exec /sbin/init 6
+```
+
+###### Init system from single user mode
+
+```bash
+exec /sbin/init
+```
+
+###### Show current working directory of a process
+
+```bash
+readlink -f /proc//cwd
+```
+
+###### Show actual pathname of the executed command
+
+```bash
+readlink -f /proc//exe
+```
+
+##### Tool: [curl](https://curl.haxx.se)
+
+```bash
+curl -Iks https://www.google.com
+```
+
+ * `-I` - show response headers only
+ * `-k` - insecure connection when using ssl
+ * `-s` - silent mode (not display body)
+
+```bash
+curl -Iks --location -X GET -A "x-agent" https://www.google.com
+```
+
+ * `--location` - follow redirects
+ * `-X` - set method
+ * `-A` - set user-agent
+
+```bash
+curl -Iks --location -X GET -A "x-agent" --proxy http://127.0.0.1:16379 https://www.google.com
+```
+
+ * `--proxy [socks5://|http://]` - set proxy server
+
+```bash
+curl -o file.pdf -C - https://example.com/Aiju2goo0Ja2.pdf
+```
+
+ * `-o` - write output to file
+ * `-C` - resume the transfer
+
+###### Find your external IP address (external services)
+
+```bash
+curl ipinfo.io
+curl ipinfo.io/ip
+curl icanhazip.com
+curl ifconfig.me/ip ; echo
+```
+
+###### Repeat URL request
+
+```bash
+# URL sequence substitution with a dummy query string:
+curl -ks https://example.com/?[1-20]
+
+# With shell 'for' loop:
+for i in {1..20} ; do curl -ks https://example.com/ ; done
+```
+
+###### Check DNS and HTTP trace with headers for specific domains
+
+```bash
+### Set domains and external dns servers.
+_domain_list=(google.com) ; _dns_list=("8.8.8.8" "1.1.1.1")
+
+for _domain in "${_domain_list[@]}" ; do
+
+ printf '=%.0s' {1..48}
+
+ echo
+
+ printf "[\\e[1;32m+\\e[m] resolve: %s\\n" "$_domain"
+
+ for _dns in "${_dns_list[@]}" ; do
+
+ # Resolve domain.
+ host "${_domain}" "${_dns}"
+
+ echo
+
+ done
+
+ for _proto in http https ; do
+
+ printf "[\\e[1;32m+\\e[m] trace + headers: %s://%s\\n" "$_proto" "$_domain"
+
+ # Get trace and http headers.
+ curl -Iks -A "x-agent" --location "${_proto}://${_domain}"
+
+ echo
+
+ done
+
+done
+
+unset _domain_list _dns_list
+```
+
+___
+
+##### Tool: [httpie](https://httpie.org/)
+
+```bash
+http -p Hh https://www.google.com
+```
+
+ * `-p` - print request and response headers
+ * `H` - request headers
+ * `B` - request body
+ * `h` - response headers
+ * `b` - response body
+
+```bash
+http -p Hh https://www.google.com --follow --verify no
+```
+
+ * `-F, --follow` - follow redirects
+ * `--verify no` - skip SSL verification
+
+```bash
+http -p Hh https://www.google.com --follow --verify no \
+--proxy http:http://127.0.0.1:16379
+```
+
+ * `--proxy [http:]` - set proxy server
+
+##### Tool: [ssh](https://www.openssh.com/)
+
+###### Escape Sequence
+
+```
+# Supported escape sequences:
+~. - terminate connection (and any multiplexed sessions)
+~B - send a BREAK to the remote system
+~C - open a command line
+~R - Request rekey (SSH protocol 2 only)
+~^Z - suspend ssh
+~# - list forwarded connections
+~& - background ssh (when waiting for connections to terminate)
+~? - this message
+~~ - send the escape character by typing it twice
+```
+
+###### Compare a remote file with a local file
+
+```bash
+ssh user@host cat /path/to/remotefile | diff /path/to/localfile -
+```
+
+###### SSH connection through host in the middle
+
+```bash
+ssh -t reachable_host ssh unreachable_host
+```
+
+###### Run command over SSH on remote host
+
+```bash
+cat > cmd.txt << __EOF__
+cat /etc/hosts
+__EOF__
+
+ssh host -l user $(&1 | tee -a "${_sesdir}/$(date +%Y%m%d).log"
+
+}
+
+# Alias:
+alias ssh='_ssh_sesslog'
+```
+
+###### Using Keychain for SSH logins
+
+```bash
+### Delete all of ssh-agent's keys.
+function _scl() {
+
+ /usr/bin/keychain --clear
+
+}
+
+### Add key to keychain.
+function _scg() {
+
+ /usr/bin/keychain /path/to/private-key
+ source "$HOME/.keychain/$HOSTNAME-sh"
+
+}
+```
+
+###### SSH login without processing any login scripts
+
+```bash
+ssh -tt user@host bash
+```
+
+###### SSH local port forwarding
+
+Example 1:
+
+```bash
+# Forwarding our local 2250 port to nmap.org:443 from localhost through localhost
+host1> ssh -L 2250:nmap.org:443 localhost
+
+# Connect to the service:
+host1> curl -Iks --location -X GET https://localhost:2250
+```
+
+Example 2:
+
+```bash
+# Forwarding our local 9051 port to db.d.x:5432 from localhost through node.d.y
+host1> ssh -nNT -L 9051:db.d.x:5432 node.d.y
+
+# Connect to the service:
+host1> psql -U db_user -d db_dev -p 9051 -h localhost
+```
+
+ * `-n` - redirects stdin from `/dev/null`
+ * `-N` - do not execute a remote command
+ * `-T` - disable pseudo-terminal allocation
+
+###### SSH remote port forwarding
+
+```bash
+# Forwarding our local 9051 port to db.d.x:5432 from host2 through node.d.y
+host1> ssh -nNT -R 9051:db.d.x:5432 node.d.y
+
+# Connect to the service:
+host2> psql -U postgres -d postgres -p 8000 -h localhost
+```
+
+___
+
+##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html)
+
+###### Testing remote connection to port
+
+```bash
+timeout 1 bash -c "//" >/dev/null 2>&1 ; echo $?
+```
+
+ * `` - set remote host
+ * `` - set destination port
+
+###### Read and write to TCP or UDP sockets with common bash tools
+
+```bash
+exec 5<>/dev/tcp//; cat <&5 & cat >&5; exec 5>&-
+```
+
+___
+
+##### Tool: [tcpdump](http://www.tcpdump.org/)
+
+###### Filter incoming (on interface) traffic (specific )
+
+```bash
+tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443
+```
+
+ * `-n` - don't convert addresses (`-nn` will not resolve hostnames or ports)
+ * `-e` - print the link-level headers
+ * `-i [iface|any]` - set interface
+ * `-Q|-D [in|out|inout]` - choose send/receive direction (`-D` - for old tcpdump versions)
+ * `host [ip|hostname]` - set host, also `[host not]`
+ * `[and|or]` - set logic
+ * `port [1-65535]` - set port number, also `[port not]`
+
+###### Filter incoming (on interface) traffic (specific ) and write to a file
+
+```bash
+tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 -c 5 -w tcpdump.pcap
+```
+
+ * `-c [num]` - capture only num number of packets
+ * `-w [filename]` - write packets to file, `-r [filename]` - reading from file
+
+###### Capture all ICMP packets
+
+```bash
+tcpdump -nei eth0 icmp
+```
+
+###### Check protocol used (TCP or UDP) for service
+
+```bash
+tcpdump -nei eth0 tcp port 22 -vv -X | egrep "TCP|UDP"
+```
+
+###### Display ASCII text (to parse the output using grep or other)
+
+```bash
+tcpdump -i eth0 -A -s0 port 443
+```
+
+###### Grab everything between two keywords
+
+```bash
+tcpdump -i eth0 port 80 -X | sed -n -e '/username/,/=ldap/ p'
+```
+
+###### Grab user and pass ever plain http
+
+```bash
+tcpdump -i eth0 port http -l -A | egrep -i \
+'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' \
+--color=auto --line-buffered -B20
+```
+
+###### Extract HTTP User Agent from HTTP request header
+
+```bash
+tcpdump -ei eth0 -nn -A -s1500 -l | grep "User-Agent:"
+```
+
+###### Capture only HTTP GET and POST packets
+
+```bash
+tcpdump -ei eth0 -s 0 -A -vv \
+'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' or 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'
+```
+
+or simply:
+
+```bash
+tcpdump -ei eth0 -s 0 -v -n -l | egrep -i "POST /|GET /|Host:"
+```
+
+###### Rotate capture files
+
+```bash
+tcpdump -ei eth0 -w /tmp/capture-%H.pcap -G 3600 -C 200
+```
+
+ * `-G ` - pcap will be created every `` seconds
+ * `-C ` - close the current pcap and open a new one if is larger than ``
+
+###### Top hosts by packets
+
+```bash
+tcpdump -ei enp0s25 -nnn -t -c 200 | cut -f 1,2,3,4 -d '.' | sort | uniq -c | sort -nr | head -n 20
+```
+
+###### Excludes any RFC 1918 private address
+
+```bash
+tcpdump -nei eth0 'not (src net (10 or 172.16/12 or 192.168/16) and dst net (10 or 172.16/12 or 192.168/16))'
+```
+
+___
+
+##### Tool: [tcpick](http://tcpick.sourceforge.net/)
+
+###### Analyse packets in real-time
+
+```bash
+while true ; do tcpick -a -C -r dump.pcap ; sleep 2 ; clear ; done
+```
+
+___
+
+##### Tool: [ngrep](http://ngrep.sourceforge.net/usage.html)
+
+```bash
+ngrep -d eth0 "www.domain.com" port 443
+```
+
+ * `-d [iface|any]` - set interface
+ * `[domain]` - set hostname
+ * `port [1-65535]` - set port number
+
+```bash
+ngrep -d eth0 "www.domain.com" src host 10.240.20.2 and port 443
+```
+
+ * `(host [ip|hostname])` - filter by ip or hostname
+ * `(port [1-65535])` - filter by port number
+
+```bash
+ngrep -d eth0 -qt -O ngrep.pcap "www.domain.com" port 443
+```
+
+ * `-q` - quiet mode (only payloads)
+ * `-t` - added timestamps
+ * `-O [filename]` - save output to file, `-I [filename]` - reading from file
+
+```bash
+ngrep -d eth0 -qt 'HTTP' 'tcp'
+```
+
+ * `HTTP` - show http headers
+ * `tcp|udp` - set protocol
+ * `[src|dst] host [ip|hostname]` - set direction for specific node
+
+```bash
+ngrep -l -q -d eth0 -i "User-Agent: curl*"
+```
+
+ * `-l` - stdout line buffered
+ * `-i` - case-insensitive search
+
+___
+
+##### Tool: [hping3](http://www.hping.org/)
+
+```bash
+hping3 -V -p 80 -s 5050 www.google.com
+```
+
+ * `-V|--verbose` - verbose mode
+ * `-p|--destport` - set destination port
+ * `-s|--baseport` - set source port
+ * `` - set scan type
+ * `-F|--fin` - set FIN flag, port open if no reply
+ * `-S|--syn` - set SYN flag
+ * `-P|--push` - set PUSH flag
+ * `-A|--ack` - set ACK flag (use when ping is blocked, RST response back if the port is open)
+ * `-U|--urg` - set URG flag
+ * `-Y|--ymas` - set Y unused flag (0x80 - nullscan), port open if no reply
+ * `-M 0 -UPF` - set TCP sequence number and scan type (URG+PUSH+FIN), port open if no reply
+
+```bash
+hping3 -V -c 1 -1 -C 8 www.google.com
+```
+
+ * `-c [num]` - packet count
+ * `-1` - set ICMP mode
+ * `-C|--icmptype [icmp-num]` - set icmp type (default icmp-echo = 8)
+
+```bash
+hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 --flood --rand-source
+```
+
+ * `--flood` - sent packets as fast as possible (don't show replies)
+ * `--rand-source` - random source address mode
+ * `-d --data` - data size
+ * `-w|--win` - winsize (default 64)
+
+___
+
+##### Tool: [nmap](https://nmap.org/)
+
+###### Ping scans the network
+
+```bash
+nmap -sP 192.168.0.0/24
+```
+
+###### Show only open ports
+
+```bash
+nmap -F --open 192.168.0.0/24
+```
+
+###### Full TCP port scan using with service version detection
+
+```bash
+nmap -p 1-65535 -sV -sS -T4 192.168.0.0/24
+```
+
+###### Nmap scan and pass output to Nikto
+
+```bash
+nmap -p80,443 192.168.0.0/24 -oG - | nikto.pl -h -
+```
+
+###### Recon specific ip:service with Nmap NSE scripts stack
+
+```bash
+# Set variables:
+_hosts="192.168.250.10"
+_ports="80,443"
+
+# Set Nmap NSE scripts stack:
+_nmap_nse_scripts="+dns-brute,\
+ +http-auth-finder,\
+ +http-chrono,\
+ +http-cookie-flags,\
+ +http-cors,\
+ +http-cross-domain-policy,\
+ +http-csrf,\
+ +http-dombased-xss,\
+ +http-enum,\
+ +http-errors,\
+ +http-git,\
+ +http-grep,\
+ +http-internal-ip-disclosure,\
+ +http-jsonp-detection,\
+ +http-malware-host,\
+ +http-methods,\
+ +http-passwd,\
+ +http-phpself-xss,\
+ +http-php-version,\
+ +http-robots.txt,\
+ +http-sitemap-generator,\
+ +http-shellshock,\
+ +http-stored-xss,\
+ +http-title,\
+ +http-unsafe-output-escaping,\
+ +http-useragent-tester,\
+ +http-vhosts,\
+ +http-waf-detect,\
+ +http-waf-fingerprint,\
+ +http-xssed,\
+ +traceroute-geolocation.nse,\
+ +ssl-enum-ciphers,\
+ +whois-domain,\
+ +whois-ip"
+
+# Set Nmap NSE script params:
+_nmap_nse_scripts_args="dns-brute.domain=${_hosts},http-cross-domain-policy.domain-lookup=true,"
+_nmap_nse_scripts_args+="http-waf-detect.aggro,http-waf-detect.detectBodyChanges,"
+_nmap_nse_scripts_args+="http-waf-fingerprint.intensive=1"
+
+# Perform scan:
+nmap --script="$_nmap_nse_scripts" --script-args="$_nmap_nse_scripts_args" -p "$_ports" "$_hosts"
+```
+
+___
+
+##### Tool: [netcat](http://netcat.sourceforge.net/)
+
+```bash
+nc -kl 5000
+```
+
+ * `-l` - listen for an incoming connection
+ * `-k` - listening after client has disconnected
+ * `>filename.out` - save receive data to file (optional)
+
+```bash
+nc 192.168.0.1 5051 < filename.in
+```
+
+ * `< filename.in` - send data to remote host
+
+```bash
+nc -vz 10.240.30.3 5000
+```
+
+ * `-v` - verbose output
+ * `-z` - scan for listening daemons
+
+```bash
+nc -vzu 10.240.30.3 1-65535
+```
+
+ * `-u` - scan only udp ports
+
+###### Transfer data file (archive)
+
+```bash
+server> nc -l 5000 | tar xzvfp -
+client> tar czvfp - /path/to/dir | nc 10.240.30.3 5000
+```
+
+###### Launch remote shell
+
+```bash
+# 1)
+server> nc -l 5000 -e /bin/bash
+client> nc 10.240.30.3 5000
+
+# 2)
+server> rm -f /tmp/f; mkfifo /tmp/f
+server> cat /tmp/f | /bin/bash -i 2>&1 | nc -l 127.0.0.1 5000 > /tmp/f
+client> nc 10.240.30.3 5000
+```
+
+###### Simple file server
+
+```bash
+while true ; do nc -l 5000 | tar -xvf - ; done
+```
+
+###### Simple minimal HTTP Server
+
+```bash
+while true ; do nc -l -p 1500 -c 'echo -e "HTTP/1.1 200 OK\n\n $(date)"' ; done
+```
+
+###### Simple HTTP Server
+
+ > Restarts web server after each request - remove `while` condition for only single connection.
+
+```bash
+cat > index.html << __EOF__
+
+
+
+
+
+
+
+
+
+
+
+
+ Hello! It's a site.
+
+
+
+
+