Useful Pentesting Notes
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
CheatSheets
CEH Exercises.pdf
README.md
TroubleShoot
Websites.md
sample-penetration-testing-report.pdf

README.md

Pentesting CheatSheets

Hypervisor Lab Setup post VM Installation

Step-by-Step Guide

  • Verify the downloaded VM checksum for intergrity check under OSX

    • shasum
  • Ping machine to test for internet connectivity

  • apt-get update

  • apt-get upgrade

  • apt-get dist-upgrade

  • apt-get autoremove

  • Create user account, enlist in sudo group & change its default shell to bash shell

  • Date check/setup

  • Install vmware tools

  • Enable PostgreSQL and Metasploit system services

  • install openvpn

  • Finally, Take snapshot of the machine

  • Linux System Enumeration

  • Windows System Enumeration

  • Web Application

  • Infrastructure

  • Forensics

  • Test Scripts

OWASP TOP 10 Vulnerabilities

  1. Injections

    • SQLi
    • Code Injection
    • OS Command Execution
    • LDAP
    • XML
    • XPath
    • Content Injection
  2. Broken Authentication & Session Management

    • Test
  3. XSS

  4. Broken Access Control

    • Directory Traversal
    • Unrestricted File Upload
  5. Security Misconfiguration

  6. Sensitive Data Exposure

  7. Insufficient Attacks Protection

  8. CSRF

  9. Components with known Vulnerabilities i. ShellShock ii. HeartBleed

  10. Unprotected APIs

Other WebApp Attack Vectors

Partition & Filesystem

PenTest Practice Platform

Report Writing

Certs

MarkDown(.md) File Style Guide

  • Title #
  • Title Section ##
  • Subheadings **SH**
  • Code blocks ``` three ticks before and after a text
  • Links [clickable text](url-link-here)