Main Page

From pentestwiki.org

pentestwiki.org is a Red Team Operations and Penetration Testing wiki

DH logo.png

Infrastructure penetration testing

PHASE I: Reconnaissance
Passive reconnaissance
Active reconnaissance
PHASE II: Scanning
PHASE III: Enumeration
PHASE IV: Exploitation
Password cracking
Brute forcing
SQL Exploitation
msfvenom payloads
Network infrastructure
Cloud Providers Security
Exploiting Cloud Infrastructure
PHASE V: Post exploitation
Shells
Droppers
Privilege Escalation
Data exfiltration
Meterpreter
Sniffers
PowerShell frameworks
Password dumping
RATs
Escape environments
PHASE VI: Covering Tracks
PHASE VII: Lateral Movement
PTH: Pass the hash
PTT: Pass the ticket
Pivoting
Tunneling
RDP

Web application penetration testing


Mobile penetration testing


Links


SecDevOps

  • DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.

Frameworks

  • Kali Linux: The reference Linux-based VM for penetration testing
  • Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
  • PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
  • Metasploit: The world’s most used Penetration testing framework
  • PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
  • Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
  • Armitage: Cyber Attack Management for Metasploit
  • Cobalt Strike: Adversary Simulation and Red team Operations
  • OWTF: OWASP Offensive Web Testing Framework
  • ISF: Industrial Control System (ICS) Exploitation Framework based on Python

Calculators

Paper Frameworks

Test/Lab environments

  • HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
  • DVWA: Damn Vulnerable Web Application
  • Kevgir: Multi Vulnerable Virtual Machine
  • WebGoat A deliberately insecure Web Application
  • Metasploitable 2 Metasploitable login is “msfadmin”; the password is also “msfadmin”.
  • Metasploitable 3 Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.

HW things

  • syncStop SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station
  • USBninja

Other tools

  • Greenshot Screenshots for reports in Windows
  • MobaXterm All-in-one terminal for Windows
  • TraceWrangler Easy sanitization and anonymization of PCAP and PCAPng files
  • noVNC VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support
  • butterfly A web terminal based on websocket and tornado
  • https://github.com/cure53/XSSChallengeWiki
  • Mosh Mosh (mobile shell)
  • Ngrok ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
  • Serveo Expose local servers to the internet
  • ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
  • testssl testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more
  • httpie A Curl-like tool for humans
  • truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • Rumble Network discovery fast, simple and effective
  • jwt.io Auth0 JSON Web Tokens (JWT) debugger (encoder/decoder)
  • gyazo: Take ready-to-share screenshots, GIFs, and replay videos for free.
  • markright: WYSIWYG MarkDown editor for Mac
  • lolcat: Concatenate files with a rainbow
  • asciinema: Record and share your terminal sessions, the right way.
  • terminalizer: Record your terminal and generate animated gif images or share a web player

Contribute

The best way to contribute is to spread the word or if you contribute improving the content and quality of the wiki. Get an account and register with your email, that's it.