How does it work?

HTWMCL for "How To Write My Command Line" is a personal hacking reference platform built by Quentin Texier (g0h4n) for pentesters, red team operators, or any IT person. Feel free to reach out on X/Twitter for any question or feedback.

It features a real-time search bar that instantly filters through a curated collection of cheat sheets, tools, commands, and definitions gathered during real-world engagements.

The search bar is also a powerful tool discovery engine, if you forgot the name of a tool but remember its purpose, just search by keyword. Try Active Directory or Azure to get all related tools and techniques.

Search filters
🔒 Privilege escalation
Search privesc by technique, OS or CVE.
priv:sudopriv:ESCpriv:ESC8priv:allpriv:windowspriv:linux
📖 Definitions
Look up vulnerability, attack or hash definitions.
def:xssdef:pthdef:asreproastingdef:kerberoastingdef:all
🔌 Ports
Find port descriptions by number or protocol.
port:22port:sshport:443port:tomcat
🏷️ Tags
Filter by category using the # prefix.
#RedTeam#PurpleTeam#Windows#Linux#Recon#Powershell#iOS#Android
Search filters special MITRE ATT&CK® Tactics, Techniques and Procedure
MITRE ATT&CK® (TTP)
Search for MITRE ATT&CK® Tactics, Techniques and Procedure with ttp: prefix.
ttp:initialttp:TA0001ttp:T1134ttp:tokenttp:bloodhoundttp:process injectionttp:all
Tips
Keyword search
No filter needed, just type any keyword. Try rusthound, mimikatz, LDAP, or bloodhound.
Real-time results
Results update instantly as you type, no need to press Enter.

Under the hood, HTWMCL is entirely built with PHP and a MySQL database, started back in 2018 during my early years of study as a personal cheat sheet. Over time it followed me through my career, and I decided to make it public to share the database content, which is still regularly updated today. The site has gone through many refactoring iterations to keep up with the times. If you encounter any bug or vulnerability, feel free to contact me, as we say in French, "Les cordonniers sont toujours les plus mal chaussés", so I may have missed a few things myself. Don't hesitate to reach out on X/Twitter.