Main Page

From is a wiki dedicated to professional penetration testing, offensive security and ethical hacking. Based on standards such as PTES, CEH, OSSTMM among others.

Infrastructure penetration testing

PHASE I: Reconnaissance
Passive reconnaissance
Active reconnaissance
PHASE II: Scanning
PHASE III: Enumeration
PHASE IV: Exploitation
Password cracking
Brute forcing
SQL Exploitation
msfvenom payloads
Network infrastructure
Cloud Providers Security
Exploiting Cloud Infrastructure
PHASE V: Post exploitation
Privilege Escalation
Data exfiltration
PowerShell frameworks
Password dumping
Escape environments
PHASE VI: Covering Tracks
PHASE VII: Lateral Movement
PTH: Pass the hash
PTT: Pass the ticket

Web application penetration testing

Mobile penetration testing

Tools and frameworks

AppSec / Product Security

  • DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
  • ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
  • Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
  • HackerOne Hacktivity: See the latest hacker activity on HackerOne
  • Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy

Red Team

  • Kali Linux: The reference Linux-based VM for penetration testing
  • Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
  • PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
  • Metasploit: The world’s most used Penetration testing framework
  • PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
  • Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
  • Armitage: Cyber Attack Management for Metasploit
  • Cobalt Strike: Adversary Simulation and Red team Operations
  • OWTF: OWASP Offensive Web Testing Framework
  • Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV

Purple Team

Blue Team


  • ISF: Industrial Control System (ICS) Exploitation Framework based on Python
  • smod: MODBUS Penetration Testing Framework
  • PLCscan: Siemens S7 PLC scanner
  • IEC62443
  • NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
  • conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols
  • modscan: Modbus OT devices scanner for Windows

Social Engineering tools

  • gophish: Open-Source Phishing Toolkit
  • SET: Open-source penetration testing framework designed for social engineering

Standards, Guidelines, Frameworks


Blue Team

Application Security & pentesting

Test/Lab environments

  • HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
  • DVWA: Damn Vulnerable Web Application
  • Kevgir: Multi Vulnerable Virtual Machine
  • WebGoat A deliberately insecure Web Application
  • Metasploitable 2 Metasploitable login is “msfadmin”; the password is also “msfadmin”.
  • Metasploitable 3 Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.

Hardware hacking

  • syncStop SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station
  • USBninja

Other tools

  • Greenshot Screenshots for reports in Windows
  • MobaXterm All-in-one terminal for Windows
  • TraceWrangler Easy sanitization and anonymization of PCAP and PCAPng files
  • noVNC VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support
  • butterfly A web terminal based on websocket and tornado
  • Mosh Mosh (mobile shell)
  • Ngrok ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
  • Serveo Expose local servers to the internet
  • ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
  • testssl is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more
  • httpie A Curl-like tool for humans
  • truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • Rumble Network discovery fast, simple and effective
  • gyazo: Take ready-to-share screenshots, GIFs, and replay videos for free.
  • markright: WYSIWYG MarkDown editor for Mac
  • lolcat: Concatenate files with a rainbow
  • asciinema: Record and share your terminal sessions, the right way.
  • terminalizer: Record your terminal and generate animated gif images or share a web player