Knowledge Base for Penetration Testing
WLAN basics Frequency / bands / Channels Overlapping channels for 2.4 GHz Non Overlapping channels for 2.4 GHz (to avoid interferences) with channel bonding Signal and attenuation 2.4GHz VS 5GHz –> The higher the frequency of a wireless signal the shorter the range.–> 2.4GHz (802.11g) covers a substantial larger range than that of 5.0GHz (802.11a)–> […]
Reconnaissance Passive External Network Reconnaissance Active External Network Reconnaissance NMAP Scanning /24 IP range with UDP and TCP scan using SMB NSE script. Recon-NG User account enumeration On web app portal Exposed services – Protocols HTTP/HTTPS SMTP DKIM / DMARC / SPF misconfiguration https://github.com/BishopFox/spoofcheck.git https://github.com/Mr-Un1k0d3r/SPFAbuse SNMP FTP SSH Databases (MySQL, MSSQL, Oracle, DB2, Postgre, MongoDB…) […]
A collection of notes and snippets for guiding an Internal Network Penetration Test. Commands, techniques, and walkthroughs of examples of weaknesses to identify.
Step by step guide on how to Root an Android Mobile Device. Google Pixel is used for demonstration. You can either connect the physical device through USB to the local computer or use Android Studio to run phone emulators.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics and checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Mobile Application Security Testing Distributions All-in-One Mobile Security Frameworks Android Application Penetration Testing Reverse Engineering and Static Analysis Dynamic […]
A comprehensive list of websites, add-ons, repositories, and other tools useful for finding information on a target vehicle. Image Tools (Identifying Targets via Images/Videos) Link Description Carnet.ai identifies make/model using image of target vehicle Remini cleans blurry/distorted images LetsEnhance enhances image resolution Media.io removes bright/large objects from images Replicate restores blurry/hazy/damaged photos of faces (potentially […]
FFuf is a fast web fuzzer written in Go. In, this article we will learn how to use FFuf to enumerate directories and break authentication in web applications. Note: All my articles are for educational purposes. If you use it illegally and get into trouble, I am not responsible. Always get permission from the owner […]
Nikto is an open-source scanner that helps find vulnerabilities in web servers. You can scan your web apps for vulnerabilities like misconfigured services, dangerous files, and thousands of other potential security issues using Nikto. Websites are a critical part of almost every business or organization in the world. From your nearby florist to global brands, […]
Wireshark is the best network traffic analyzer and packet sniffer around. In this article, we will look at Wireshark in detail. Wireshark is a network analyzer that lets you see what’s happening on your network. Wireshark lets you dissect your network packets at a microscopic level, giving you in-depth information on individual packets. Wireshark was […]
Social engineering is the technique by which an attacker can make a person do something that is not usually in their best interest. In this article, we will look at a few common ways Social Engineers try to manipulate you. Remember the Nigerian scammers sending you emails about the rich prince that needs your help? […]
by 
