My Hacking Cheat Sheet

Charlie Fligg
Aug 18 · 1 min read

A lot of people ask me, “How do I start hacking?” Simple, you start learning. Here is a list of sites, tools, and tips I’ve used. This is just a starter list, so I’m sure you’ll find more sites and tools as you go. Good Luck.

Practice:

  • canyoupwn.me
  • microcorruption.com
  • hackthissite.org
  • picoctf.com
  • hackthebox.eu
  • ctftime.org

→ Another List: canyoupwn.me/en-ctf-lists

Guides:

  • www.owasp.org (Their WebGoat Project is awesome)
  • resources.infosecinstitute.com/dumping-a-database-using-sql-injection
  • pentestmonkey.net
  • medium.com/@brannondorsey/d̶dos-apache-servers-from-a-single-machine-f23e91f5d28
  • github.com/WebBreacher/offensiveinterview
  • brutelogic.com.br/blog
  • fuzzingbook.org
  • www.netsparker.com/blog/web-security/sql-injection-cheat-sheet
  • hacksplaining.com
  • liveoverflow.com

Tools Sites:

  • makeinternetnoise.com
  • grabify.link
  • temp-sms.org
  • privacy.com
  • changelly.com
  • cybersquirrel1.com
  • cvedetails.com
  • hackingscripts.com
  • crackstation.net
  • www.base64decode.org
  • codebeautify.org
  • writephponline.com
  • codepen.io
  • sqlfiddle.com

Hacking Tools:

  • Kali Linux: There are a bunch of tools included with Kali, from Burp to Metasploit to Dirbuster they each serve a purpose.
  • Tamper Monkey: addons.mozilla.org/en-US/firefox/addon/tampermonkey
  • RainbowCrack: project-rainbowcrack.com
  • github.com/D4Vinci/PyFlooder
  • github.com/swisskyrepo/SSRFmap
  • github.com/h0mbre/CTP/tree/master/Boo-Gen
  • github.com/sleventyeleven/linuxprivchecker
  • github.com/gkbrk/slowloris
  • gist.github.com/kurobeats/9a613c9ab68914312cbb415134795b45
  • github.com/minimaxir/big-list-of-naughty-strings
  • github.com/diogomonica/py-cookieJsInjection/

General Tools:

  • stackoverflow.com
  • duckduckgo.com
  • mozilla.org/en-US/firefox/new
  • atom.io
  • vim
  • torproject.org/download
  • maartenbaert.be/simplescreenrecorder

Tips:

  • Google is your friend
  • Google indexes cameras and insecure home applications that can be used in a botnet.
  • You can use packages with atom: my favorite is ftp-remote-edit
  • In Vim, Escape takes you out of Insert mode
  • At least for me, A lot of hacking is just researching how things interact with each other.

Bug Bounty Sites:

  • hackerone.com
Charlie Fligg

Written by

Full Stack Developer and Cyber Security Enthusiast, Website: https://charliefligg.cf

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade