diff --git a/cheatsheets/markdown b/cheatsheets/markdown
new file mode 100644
index 0000000..8b551a6
--- /dev/null
+++ b/cheatsheets/markdown
@@ -0,0 +1,41 @@
+# headers
+h1 header
+=========
+h2 header
+---------
+
+# blockquotes
+> first level and paragraph
+>> second level and first paragraph
+>
+> first level and second paragraph
+
+# lists
+## unordered - use *, +, or -
+        * Red
+        * Green
+        * Blue
+
+## ordered
+        1. First
+        2. Second
+        3. Third
+
+# code - use 4 spaces/1 tab
+regular text
+        code code code
+or:
+Use the `printf()` function
+
+# hr's - three or more of the following
+***
+---
+___
+
+# links
+This is [an example](http://example.com "Title") inline link.
+
+# emphasis
+*em* _em_
+
+**strong** __strong__
diff --git a/cheatsheets/ncat b/cheatsheets/ncat
new file mode 100644
index 0000000..cde25ba
--- /dev/null
+++ b/cheatsheets/ncat
@@ -0,0 +1,30 @@
+# Connect mode (ncat is client) | default port is 31337
+ncat <host> [<port>]
+
+# Listen mode (ncat is server) | default port is 31337
+ncat -l [<host>] [<port>]
+
+# Transfer file (closes after one transfer)
+ncat -l [<host>] [<port>] < file
+
+# Transfer file (stays open for multiple transfers)
+ncat -l --keep-open [<host>] [<port>] < file
+
+# Receive file
+ncat [<host>] [<port>] > file
+
+# Brokering | allows for multiple clients to connect
+ncat -l --broker [<host>] [<port>]
+
+# Listen with SSL | many options, use ncat --help for full list
+ncat -l --ssl [<host>] [<port>]
+
+# Access control
+ncat -l --allow <ip>
+ncat -l --deny <ip>
+
+# Proxying
+ncat --proxy <proxyhost>[:<proxyport>] --proxy-type {http | socks4} <host>[<port>]
+
+# Chat server | can use brokering for multi-user chat
+ncat -l --chat [<host>] [<port>]
diff --git a/cheatsheets/sqlmap b/cheatsheets/sqlmap
new file mode 100644
index 0000000..92287c5
--- /dev/null
+++ b/cheatsheets/sqlmap
@@ -0,0 +1,45 @@
+# Test URL and POST data and return database banner (if possible)
+./sqlmap.py --url="<url>" --data="<post-data>" --banner
+
+# Parse request data and test | request data can be obtained with burp
+./sqlmap.py -r <request-file> <options>
+
+# Fingerprint | much more information than banner
+./sqlmap.py -r <request-file> --fingerprint
+
+# Get database username, name, and hostname
+./sqlmap.py -r <request-file> --current-user --current-db --hostname
+
+# Check if user is a database admin
+./sqlmap.py -r <request-file> --is-dba
+
+# Get database users and password hashes
+./sqlmap.py -r <request-file> --users --passwords
+
+# Enumerate databases
+./sqlmap.py -r <request-file> --dbs
+
+# List tables for one database
+./sqlmap.py -r <request-file> -D <db-name> --tables
+
+# Other database commands
+./sqlmap.py -r <request-file> -D <db-name> --columns
+                                           --schema
+                                           --count
+# Enumeration flags
+./sqlmap.py -r <request-file> -D <db-name>
+                              -T <tbl-name>
+                              -C <col-name>
+                              -U <user-name>
+
+# Extract data
+./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump
+
+# Execute SQL Query
+./sqlmap.py -r <request-file> --sql-query="<sql-query>"
+
+# Append/Prepend SQL Queries
+./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"
+
+# Get backdoor access to sql server | can give shell access
+./sqlmap.py -r <request-file> --os-shell