Web

Web is usually the entry point at security in general.

Here I'll be mainly covering some tools that can help you when you do things related to web pentesting.

In the future I plan to write a guide on what you should usually do in each situation, but remember that's not a rule.

Table of Contents

1. Enumerating

2. Payloads and Reverse Shells

3. Scripts

4. Cheat Sheets

Initial Enumerating

• nmap - Nmap is an utility for network discovery and security auditing

• dirb, dirsearch and Gobuster are file and directories bruteforcers. Gobuster also scans for DNS subdomains.

• WPScan - A black box WordPress vulnerability scanner.

Payloads and Reverse Shells

• PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF.

• PHP Web Shells - Common PHP shells.

Scripts

• LinuxPrivChecker - Script made to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits.

• LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks

Cheat Sheets

• Local Linux Enumeration & Privilege Escalation

• Pentest Monkey Reverse Shell Cheat Sheet

• SQL Injection Cheat Sheet - Netsparker