A structured knowledge base for penetration testers.
Browse by service or platform, navigate through attack phases — Reconnaissance, Enumeration, Exploitation, Privilege Escalation — and find the exact cheatsheet or technique you need.
690+
Cheatsheets, blogs & guides
61+
Services & platforms
49+
CTF writeups
31+
CVEs PoC's
Services & Platforms
Each service contains attack phases and individual technique cheatsheets. This is a horizontally scrolling list of services. You can tab through items.
HTTP/HTTPS
Web services serving sites and APIs
Linux
Practical command-first pentest notes for targets running Linux, grouped by technique.
Windows
Practical command-first pentest notes for Windows targets and AD-adjacent operations, grouped by technique.
Wireless
AI Platforms
Active Directory
Active Directory is Microsoft's directory service for managing users, computers, and policies in Windows networks. It is the central authentication and authorization backbone of most enterprise environments.
FTP
File transfer service
SSH
Secure remote shell access
Recent Writeups
Detailed walkthroughs of HTB machines and CTF challenges.
Exploit Index
Search our vulnerability database
Browse CVEs, GHSA advisories, and PoC exploits curated by our team.
CVE-2026-44262 - dedoc/scramble Unauthenticated RCE
CVE-2026-2991 KiviCare authentication bypass
CVE-2026-3891 - Pix for WooCommerce Unauthenticated File Upload
CVE-2025-66398 - SignalK Server RCE
CVE-2024-56348 - JetBrains TeamCity Authentication Bypass + RCE
Join the HackIndex community
Ask questions, and stay current with techniques.