Logo
latest

Virtual machines

  • Introduction
    • What?
    • Why?
    • How?
  • Kali VM
    • Which hypervisor?
    • Installing hypervisor
    • Installing Kali box
    • Dockers
  • Windows VM
    • Using VMWare
    • Using KVM

Reconnaissance

  • Introduction
    • What?
    • Why?
    • How?
  • Recon-ng
    • Resources
  • Using whois
    • Whois CLI
    • Hacking WHOIS for more info
    • Whois history
    • Reverse lookup
    • Resources
  • Passive DNS recon with Shodan
    • Shodan online
    • Shodan CLI
  • Tools for DNS zone transfers
    • dig
    • fierce
    • host
    • nslookup
    • dnsrecon
    • Mitigations
  • Researching certificates
    • Tools
  • Finding ASN numbers
  • Listing subdomains
    • Amass
    • Subfinder
    • Findomain
    • OneForAll
    • assetfinder
    • Sudomy
    • vita
    • theHarvester
    • Crobat
    • gau
    • SubDomainizer
    • Shodan
    • Censys subdomain finder
    • securitytrails.com
    • chaos.projectdiscovery.io
    • Resources
  • Tracing routes
  • Advanced searching
    • Resources
  • Google dorking
  • Searching by image
    • Resources
  • People search
  • Website footprinting
    • Resources
  • Custom Word List Generator (CeWL)
  • DirBuster
  • Discover vulnerabilities
    • Ports
    • Vulnerability databases

Enumeration

  • Introduction
    • What?
    • Why?
    • How?
  • Network scanning
    • nmap
    • zenmap
  • NetBios enumeration
    • nbtstat
    • Hyena
    • Winfingerprint
  • SNMP enumeration
    • OpUtils
    • SNScan
    • NS auditor
  • LDAP enumeration
    • Bloodhound
  • NTP enumeration
    • ntptrace
    • ntpdc
    • ntpq
  • SMTP enumeration
    • smtp-user-enum
    • Metasploit modules
    • nmap nse scripts
  • DNS enumeration
    • dnsenum
    • dnsrecon
    • nslookup
    • nmap
    • dig
    • host
    • fierce
    • AltDNS
    • DNSdumpster
  • macOS enumeration
    • swiftbelt
  • Linux enumeration
    • LinEnum
    • enum4linux
    • netcat
  • Windows enumeration
    • Sysinternals
    • net
    • smbmap
  • Automated vulnerability scanning
    • Nessus
    • Greenbone (OpenVAS)
    • Nikto
    • Resources
  • Web application scanners
    • Burp Suite scanner
    • Wapiti
    • ZAP
    • w3af
    • WPScan
  • Database enumeration
    • sqlmap
  • API scanners
    • Burp API scanner
    • ZAP API Scanner
  • Cloud enumeration

Web applications

  • Introduction
    • What?
    • Why?
    • How?
  • Setting up Burp Suite (Kali)
    • Resources
  • Setting up ZAP (Kali)
    • Installing Zap on Kali
    • Usage Zap
    • Resources
  • Using firefox as proxy for Burp and Zap
    • FoxyProxy
    • Burp certificate
    • Zap certificate
  • HTTP proxies and traffic analysers
    • Burp Suite
      • Proxy
      • Intruder
      • Repeater
      • Extensions
    • Zap
    • Fiddler
    • Wireshark
    • Firebug
    • Installing Firefox’s Developer edition
    • Other useful developer tools
  • Vulnerability discovery tools
  • Target recognition
    • Knockpy
    • HostileSubBruteforcer
    • FFuf
    • Assetfinder
    • Nmap
    • Rustscan
    • Shodan
    • What CMS
    • Recon-ng
  • Browser extensions
    • FoxyProxy
    • User-Agent Switcher
    • HackBar
    • Cookies Manager+
  • Create recon scripts

APIs

  • Introduction
    • What?
    • Why?
    • How?
  • Arjun
  • wfuzz
  • Postman’s Collection Runner
  • Burp intruder

Cloud

  • Introduction
    • What?
    • Why?
    • How?
  • CloudSploit
  • AWS tools
  • Azure tools
  • GCP tools
  • truffleHog
  • Gitleaks
  • PACU
    • Usage
  • MSOLSpray
  • Scout Suite
  • CloudCustodian
  • Bloodhound

Shellcoding tools

  • Introduction
    • What?
    • Why?
    • How?
  • MSFvenom
    • Note on meterpreter shells
  • MSFvenom Payload Creator (MSFPC)
  • Donut
  • Online shellcode resources

Assemblers and compilers

  • Introduction
    • What?
    • Why?
    • How?
  • GNU Compiler (GCC)
  • Netwide Assembler (NASM)
  • Microsoft Assembler (MASM)

Disassemblers and decompilers

  • Introduction
    • What?
    • Why?
    • How?
  • Command-line tools (Kali)
    • file
    • readelf
    • GNU nm
    • strace
    • xxd
  • GNU Debugger (Kali)
    • Usage examples
  • Ghidra
  • Radare2
  • IDA
  • Immunity Debugger (Windows)
    • Installation
    • Mona
    • Configuration
  • x64dbg (Windows)
  • APK Studio
  • ApkX

Steganography

  • Introduction
    • What?
    • Why?
    • How?
  • Steghide
  • TinEye
  • Coagula
  • Snow

Additional hardware

  • Introduction
    • What?
    • Why?
    • How?
  • USB sticks
  • Mischievous network hardware
  • Wireless adapters for monitoring
    • Alternative adapters
      • Atheros chipset AR9271
      • Realtek chipset RTL8812AU
    • Kali VM notes

Social engineering

  • Introduction
    • What?
    • Why?
    • How?
  • BeEF
  • The Social-Engineer Toolkit (SET)
  • Wifiphisher

Network

  • Introduction
    • What?
    • Why?
    • How?
  • tcpdump
  • Wireshark
  • hping3
    • Cheatsheets
  • nmap
  • netcat
  • proxychains
  • Ettercap
  • Impacket
  • Responder
  • CrackMapExec (CME)
  • Mimikatz

Wireless

  • Introduction
    • What?
    • Why?
    • How?
  • Kismet
  • Aircrack-ng Suite
  • Reaver
  • Wifite
  • Fern
  • MDK4
  • EAPHammer

Mobile devices

  • Introduction
    • What?
    • Why?
    • How?
  • The Mobile Security Framework
  • Spooftooph
  • Drozer
  • Android SDK
  • Frida
  • Objection

Exploitation tools

  • Introduction
    • What?
    • Why?
    • How?
  • Metasploit
    • Multi-handler
    • Resources
  • Netcat
    • Netcat bind shell
    • Netcat reverse shell
    • Stabilising netcat shells
  • Socat
    • Socat reverse shells
    • Socat bind shells
    • Socat encrypted shells
  • Windows escalation tools
  • Linux escalation tools

Data exfiltration

  • Introduction
    • What?
    • Why?
    • How?
  • TryHackMe nodes
  • TryHackMe DNS configurations
  • PyExfil
  • Meek

Cryptanalysis

  • Introduction
    • What?
    • Why?
    • How?
  • Sagemath
    • Troubleshooting
  • Ganzúa
  • John the Ripper
  • Hashcat
  • Cain
  • RsaCtfTool
  • RSArmageddon
  • THC-Hydra
  • Cryptol
The lodge
  • The lodge
  • Red Team
  • Improbability Blog
  • About
  • Register

Introduction

What?

Build a virtual local testlab with tools for web application pentesting.

Why?

Labs, challenges, CTFs, and application pentesting.

How?

  • Setting up Burp Suite (Kali)

  • Setting up ZAP (Kali)

  • Using firefox as proxy for Burp and Zap

  • HTTP proxies and traffic analysers

  • Vulnerability discovery tools

  • Target recognition

  • Browser extensions

  • Create recon scripts

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds