Web is usually the entry point at security in general.
Here I'll be mainly covering some tools that can help you when you do things related to web pentesting.
In the future I plan to write a guide on what you should usually do in each situation, but remember that's not a rule.

Table of Contents

Initial Enumerating

  • nmap - Nmap is an utility for network discovery and security auditing
  • dirb, dirsearch and Gobuster are file and directories bruteforcers. Gobuster also scans for DNS subdomains.
  • WPScan - A black box WordPress vulnerability scanner.

Payloads and Reverse Shells


  • LinuxPrivChecker - Script made to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits.
  • LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks

Cheat Sheets

Last modified 4yr ago