GoPhish Template Cheatsheet

Variable Description
{{.FirstName}} Target’s first name
{{.LastName}} Target’s last name
{{.Position}} Target’s position
{{.Email}} Target’s e-mail
{{.From}} Source e-mail address
{{.TrackingURL}} URL to tracking handler (per engagement)
{{.Tracker}} Alias for inserting img tag to read tracking URL
{{.URL}} URL to the phishing destination

[Read More]

OpenSSL Cheatsheet

Generating Certificates

Generate RSA Private Key + CSR

openssl req -out newkey.csr -new -newkey rsa:[bits] -nodes -keyout priv.key

Generate Self Signed Certificate + Priv Key

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:[bits] -keyout priv.key -out cert.crt

Generate CSR for existing Cert

openssl x509 -x509toreq -in cert.crt -out newreq.csr -signkey priv.key

[Read More]

SSH Cheatsheet

Base Usage

ssh [user]@[host]

Use Specific Key

ssh -i ~/.ssh/id_rsa [user]@[host]

Use Alternative Port

ssh -i ~/.ssh/id_rsa -p [port] [user]@[host]

Dynamic SOCKS Proxy

This can be used with proxychains to forward client traffic through the remote server.

ssh -D8080 [user]@[host]

[Read More]

Dns Recon Cheatsheet

DNS BruteForcing

DNS Wordlists

Description URL
Top 1000 https://github.com/bitquark/dnspop/tree/master/results
Top 10000 https://github.com/bitquark/dnspop/tree/master/results
Top 100000 https://github.com/bitquark/dnspop/tree/master/results
Top 1000000 https://github.com/bitquark/dnspop/tree/master/results
Various Others https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS

DNSRecon

$ dnsrecon -d <domain> -D <dir/wordlist> -t brt

Output Formats

  • –xml
  • –json
  • –csv
  • –db # SQLite file

[Read More]