All in one Pentest methodologies - Tools and commands
Where compiled all common materials for pentester
In this material, I will divide it into 2 phases and an overview is listed after below:
- Document
- Pentesting Stages ✔️
- Forensics (To do) ❌
- Cracking (To do) ❌
- Pre-Intrusion phase
- Windows (To do) ❌
- Linux ✔️
- Intrusion phase
- Windows (To do) ❌
- Linux ✔️
tree /usr/share/webshells/
├── asp
│ ├── cmd-asp-5.1.asp
│ └── cmdasp.asp
├── aspx
│ └── cmdasp.aspx
├── cfm
│ └── cfexec.cfm
├── jsp
│ ├── cmdjsp.jsp
│ └── jsp-reverse.jsp
├── laudanum -> /usr/share/laudanum
├── perl
│ ├── perlcmd.cgi
│ └── perl-reverse-shell.pl
└── php
├── findsocket
│ ├── findsock.c
│ └── php-findsock-shell.php
├── php-backdoor.php
├── php-reverse-shell.php
├── qsd-php-backdoor.php
└── simple-backdoor.phptree /usr/share/wordlists/
├── dirb -> /usr/share/dirb/wordlists
├── dirbuster -> /usr/share/dirbuster/wordlists
├── dnsmap.txt -> /usr/share/dnsmap/wordlist_TLAs.txt
├── fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
├── fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
├── metasploit -> /usr/share/metasploit-framework/data/wordlists
├── nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
├── rockyou.txt
└── wfuzz -> /usr/share/wfuzz/wordlist
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent