pentest-resources
  • Penetration Testing Resources
  • Repository & File Structure
  • General
    • Resources
      • Link collection
      • Toolkits
      • General guides
      • OSCP experience write-ups
      • Practice resources
    • OS basics
      • Users
        • User info
        • Add low-privilege user
        • Add admin user
        • Change privileges of existing user
        • Delete user
      • Filesystem
        • Find a file / directory
        • File Analysis
        • Services and Autostart
        • CLI tools: grep and friends
      • Network
        • Netcat
        • DNS tools
        • Web tools: curl / wget
    • Python scripting
    • Metasploit
  • Recon
    • Passive Recon
      • OSINT
        • Google operators
    • Active Recon
      • Port Scanning
      • Manual service enumeration
      • Enumeration with system access
  • Vulnerability analysis
    • Standard Ports & Common Services
      • 00 - Service unknown
      • 21 - FTP
      • 22 - SSH
      • 23 - Telnet
      • 25 - SMTP
      • 53 - DNS
      • 69 - TFTP
      • 80 - HTTP
      • 88 - Kerberos
      • 110 - POP3
      • 111 - RPCbind
      • 119 - NTP
      • 135 - MSRPC
      • 139 - SMB
      • 143 - IMAP
      • 161 - SNMP
      • 162 - SNMP
      • 199 - SMUX
      • 389 - LDAP
      • 443 - HTTPS
      • 445 - SMB
      • 554 - RTSP
      • 587 - Outgoing SMTP
      • 631 - CUPS
      • 636 - LDAP
      • 993 - IMAP (secure)
      • 993 - POP3
      • 1433 - MSSQL
      • 1521 - Oracle Database
      • 2049 - NFS
      • 3306 - MySQL
      • 3389 - RDP
      • 5432 - PostgreSQL
      • 5900 - VNC
    • Finding vulnerabilities
  • Gaining access
    • Physical Access
    • Client-side Attacks
    • Web Application Attacks
    • Reverse Shells
    • Common Vulnerabilities
      • MS17-010 - EternalBlue
  • Post Exploitation
    • Restricted Shell Escape
    • Privilege Escalation
      • Scripts & Tools
      • Further Enumeration
    • Persistence
    • Loot
    • Password Cracking
    • Reducing Forensic Evidence
  • Reporting
  • My methodology
    • Example Pentest
    • My Toolkit
      • Software
      • Hardware
Powered by GitBook
On this page
  • Introduction
  • Roadmap

Was this helpful?

Penetration Testing Resources

Introduction

This is my personal collection of useful tools, information and methodology for Penetration Testing.

It is meant to be a personal reference and has been collected from all over the internet. I try to provide sources for further reading where possible. Hopefully it can be useful for you too!

Read the gitbook (linked to this repository) here: https://alexanderbittner.gitbook.io/pentest-resources/

Or, if you come from the book, see the repository for additional tools here: https://github.com/alexanderbittner/pentest-resources/

If you have any tips on improving this collection or the methodology behind it, please let me know!

Roadmap

This document is still in a very early stage. There are many things still missing, but below is a roadmap with things that definitely should be added at some point (in no particular order):

  • Social Engineering

  • Mobile security

  • More common vulnerabilities

  • Buffer overflows

NextRepository & File Structure

Last updated 6 years ago

Was this helpful?