My-pentest-book
  • My-pentest-book
  • Index
  • Recon
    • Public info gathering
    • AIO Recon Tools
    • Domain Enum
    • Subdomain Enum
      • Subdomain Takeover
    • Network Scanning
    • Host Scanning
    • Packet Scanning
  • Enumeration
    • Files
    • SSL/TLS
    • Ports
    • Web Attacks
      • General Info
      • Quick tricks
      • Header injections
      • Bruteforcing
      • Online hashes cracked
      • Crawl/Fuzz
      • LFI/RFI
      • File upload
      • SQLi
      • SSRF
      • Open redirects
      • XSS
      • CSP
      • XXE
      • Cookie Padding
      • Webshells
      • CORS
      • CSRF
      • Web Cache Poisoning
      • Broken Links
      • Clickjacking
      • HTTP Request Smuggling
      • Web Sockets
      • CRLF
      • IDOR
      • Web Cache Deception
      • Session fixation
      • Email attacks
      • Pastejacking
      • HTTP Parameter pollution
      • SSTI
      • Prototype Pollution
      • Command Injection
      • Deserialization
    • Web Technologies
      • APIs
      • JS
      • ASP.NET
      • JWT
      • GitHub
      • GitLab
      • WAFs
      • Firebird
      • Wordpress
      • WebDav
      • Joomla
      • Jenkins
      • IIS
      • VHosts
      • Firebase
      • OWA
      • OAuth
      • Flask
      • Symfony && Twig
      • Drupal
      • NoSQL (MongoDB, CouchDB)
      • PHP
      • RoR (Ruby on Rails)
      • JBoss - Java Deserialization
      • OneLogin - SAML Login
      • Flash SWF
      • Nginx
      • Python
      • Tomcat
      • Adobe AEM
      • Magento
      • SAP
      • MFA
      • GWT
      • Jira
      • OIDC (Open ID Connect)
      • ELK
      • Others
    • Cloud
      • General
      • Cloud Info Gathering
      • AWS
      • Azure
      • GCP
      • Docker && Kubernetes
      • CDN - Comain Fronting
  • Exploitation
    • Payloads
    • Reverse Shells
    • File transfer
  • Post Exploitation
    • Linux
    • Pivoting
    • Windows
      • AD
        • Kerberos
      • PS tips & tricks
  • Mobile
    • General
    • Android
    • iOS
  • Others
    • Burp Suite
    • Password cracking
    • VirtualBox
    • Code review
    • Pentesting Web checklist
    • Internal Pentest
    • Web fuzzers review
    • Recon suites review
    • Subdomain tools review
    • Random
    • Master assessment mindmaps
    • BugBounty
    • Exploiting
    • tools everywhere
Powered by GitBook
On this page

Was this helpful?

My-pentest-book

This book contains a bunch of info, scripts and knowledge used during my pentesting.

NextIndex

Last updated 2 years ago

Was this helpful?

Thanks to visit this site, please consider enhance this book with some awesome tools or techniques you know, you can contact me by Twitter or Discord(a6du1h4q#9225), GitHub pull request is welcomed too ;)

Don't you know where to go now? Let me introduce you to some of the most popular pages in this book:

  • Windows and

  • Mobile - and

  • .

Important note: I am using this book daily for my work, etc and I will be constantly updating it. I'm very sorry if a link to a page changes or I move it.

Credits: I am reusing some content from other git repos/gitbooks and the credit goes to the original creator.

@a6du1h4q
recon
ports
web pentest
Pentesting Web Checklist
cloud
Kerberos
Android
iOS
Burp Suite
preferred extensions
comparison