Ethical Hacking Cheat Sheet

Updated 2026-04-27

Next Topic: Firewalls & VPNs Cheat Sheet

Ethical hacking is the practice of finding and validating security weaknesses in systems with explicit authorization and a defined scope. It matters because the same classes of flaws are exploited in the wild, and disciplined testing helps organizations prioritize fixes before incidents occur. A useful mental model is to treat every action as evidence-driven: if you can't justify it via scope, logging, and an auditable trail of what you touched and why, it doesn't belong in the engagement. In 2026, testing spans cloud-native infrastructure, APIs, containers, and AI-integrated systems — but the foundational principles of legal permission, careful documentation, and responsible disclosure remain unchanged.

What This Cheat Sheet Covers

This topic spans 21 focused tables and 240 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Engagement Setup and SafetyTable 2: Disclosure, Scoring, and IntelligenceTable 3: Passive Recon and OSINTTable 4: Active ReconnaissanceTable 5: Target Connectivity and Name ResolutionTable 6: Network Mapping with NmapTable 7: Vulnerability ScanningTable 8: Interception and DAST ToolingTable 9: Web Application VulnerabilitiesTable 10: Directory and Parameter FuzzingTable 11: Authentication and Session TestingTable 12: Password AttacksTable 13: Exploitation with MetasploitTable 14: Post-ExploitationTable 15: Social EngineeringTable 16: Wireless Security TestingTable 17: API Security TestingTable 18: Cloud Security TestingTable 19: Web Security Signals (Headers and Cookies)Table 20: Evidence, Notes, and ReportingTable 21: Core Protocol References for Testers

Table 1: Engagement Setup and Safety

Artifact	Example	Description
Authorization	`Written permission + named sponsor + dates`	• Establishes legal permission to test • without it, testing is a crime.
Scope	`In-scope: app.example.com; Out-of-scope: prod DB`	Defines what targets and actions are allowed.
RoE	`No DoS; no social engineering; max 5 req/s`	Documents operational constraints and prohibited actions.
TestWindow	`Tue 22:00–02:00 UTC`	Time boundary for disruptive changes and monitoring.
Contacts	`Security on-call + app owner + network team`	Escalation path for outages and unexpected discoveries.
StopSignal	`"STOP TEST" by phone → halt immediately`	Defines an unambiguous engagement kill switch.

Table 1: Engagement Setup and Safety

Artifact	Example	Description
Authorization	`Written permission + named sponsor + dates`	• Establishes legal permission to test • without it, testing is a crime.
Scope	`In-scope: app.example.com; Out-of-scope: prod DB`	Defines what targets and actions are allowed.
RoE	`No DoS; no social engineering; max 5 req/s`	Documents operational constraints and prohibited actions.
TestWindow	`Tue 22:00–02:00 UTC`	Time boundary for disruptive changes and monitoring.
Contacts	`Security on-call + app owner + network team`	Escalation path for outages and unexpected discoveries.
StopSignal	`"STOP TEST" by phone → halt immediately`	Defines an unambiguous engagement kill switch.