Offensive CyberSec Cheat Sheet

April 13, 2026 · View on GitHub

A highly dynamic, single-file HTML cheat sheet designed for Red Teamers, Pentesters, and CTF players.

Tired of typing the same Reverse Shell payloads and constantly replacing your local IP and port? This tool eliminates the "Typo Fatigue" and cognitive load during engagements by auto-injecting your target and attacker variables directly into industry-standard commands.

Key Features

  • Mission Control (Auto-Injection): Enter your Attacker IP, Target IP, and Port at the top of the screen. Every single command in the cheat sheet updates instantly. No more manual edits.

  • OS-Aware RevShell Generator: A built-in payload arsenal. Select your target's shell (e.g., /bin/bash, cmd.exe), and the generator automatically disables incompatible payloads and injects the correct shell into your commands.

  • Smart Copy Buttons: Copy commands with a single click. The tool is smart enough to copy only the command, ignoring terminal prompts ($), comments, and tool outputs.

  • Spotlight Search: Press / anywhere on the page to open a quick search. Find the exact tool or syntax you need in milliseconds.

  • Zero Dependencies (Offline Ready): It's a single .html file. No backend, no API keys, no internet connection required. Perfect for air-gapped exam environments or isolated lab networks.

How to Use

  1. Download the index.html file .
  2. Open it in any modern web browser (Chrome, Firefox, Edge).
  3. Set your IPs in the Mission Control header.
  4. Attack!

Built-in Methodologies

The cybersec cheat sheet follows a practical, 7-phase pentesting methodology:

  1. Reconnaissance (Nmap, Gobuster, ffuf, Nikto)
  2. Weaponize & Auth (CUPP, msfvenom)
  3. Exploitation (Hydra, SQLMap, Responder, Metasploit)
  4. Shells & C2 (Dynamic RevShells, Bind Shells, Netcat)
  5. Post-Exploitation (File Transfers, LinPEAS, TTY stabilization)
  6. Credential Cracking (Hashcat, John the Ripper)
  7. AD & Lateral Movement (BloodHound, NetExec, Pivoting)
  8. Threat Intel & Resources (ExploitDB, GTFOBins, LOLBAS, etc.)

Screenshots

Mission Control (Auto-Injection in action):

mission-control

OS-Aware RevShell Generator (Linux vs Windows selection): reverse-shell-1

reverse-shell-2

Mission Control with auto-injection and the OS-Aware RevShell Generator in action.

The Cybersec cheat sheet was built for Educational and Authorized Testing Purposes ONLY.

This project is designed to assist security professionals and students in authorized penetration testing, CTF challenges, and educational environments.

The creator of this tool assumes NO responsibility for any unauthorized, illegal, or malicious use of this software. By using this cheat sheet, you agree to comply with all applicable local, state, and federal laws. Do not use these commands against systems you do not explicitly own or have explicit, written permission to test.

Contributing

Found a typo? Want to add a new tool or payload? Pull requests are highly welcome! Please ensure that any new additions follow the existing HTML structure and dynamic variable classes (dyn-attacker, dyn-target, dyn-port).

License

This project is licensed under the MIT License — see the LICENSE file for details.