General

Structure

This gitbook is structured in order to fit well to a pentesting workflow. If you have ideas on how to improve it further, let me know!

General

This part contains general information about scripting, interacting with CLIs and the Metasploit Framework. Furthermore, the Resources page will contain useful links as they are collected.

Recon

Contains passive and active information gathering methods, ranging from open-source intelligence to port scanning and manual service enumeration

Vulnerability Analysis

This section focuses mainly on finding vulnerabilities and ways to exploit them. The most common services and ways to enumerate them are listed.

Gaining Access

Consists of a few different resources useful for exploitation: different kinds of reverse shells, Web Application Attack Techniques and (hopefully soon) some common vulnerability exploits

Post Exploitation

Once access to a system has been achieved, this part becomes useful. Possibilities to escape restricted shells, PrivEsc methods and interesting file locations are listed here, among other things.

Reporting

Most penetration tests involve writing reports after the assignment. I will collect some useful information and tools and put them here as I find them.

Methodology

This last part will contain a full write-up of a vulnerable machine in the future, with use cases for this repository. There's also a list of cool soft- and hardware that you might like!

Last updated