Skip to content

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

License

Notifications You must be signed in to change notification settings

ZishanAdThandar/pentest

Repository files navigation

Pentester Guide

A Comprehensive Resource for Pentesters: Tools, Methodologies, Scripts, Certifications, Learning Resources, Labs, Career Opportunities, Entertainment, and Freelancing Tips.

Sponser ZishanAdThandar's Pentest Repo stars License: GPL v3 YouTube LinkTree

Banner Pentester Guide

Contents

Important Notes

  1. Tools
  2. Active Directory
  3. All about Pentesting
  4. Bug Bounty Hunting Methodology
  5. HackiFy Wordlist and Tool Installer Script
  6. Cyber Security / Bug Bounty Hunting Roadmap

Certifications

  1. INE eJPT $249
  2. AlteredSecurity CRTP $249
  3. HTB CPTS With Annual Silver Plan $490
  4. TCM Security PNPT $499
  5. INE eCPPT $599
  6. Offensive Security - PEN-200 (OSCP) $1649
  7. Offensive Security - PEN-300 (OSEP) $1649
  8. Google Cybersecurity Professional Certificate Almost Free (Less than $20 for one month)
  9. Microsoft Certified: Azure Security Engineer Associate (Cloud) $146
  10. CompTIA Security+ $500 Exam Voucher
  11. CREST CRT $500
  12. ISC2 CISSP $750
  13. ISC2 CCSP $599
  14. SANS SEC560: Enterprise Penetration Testing (GPEN) $2,499
  15. SANS SEC660: GIAC Exploit Researcher and Advanced Penetration Tester $2,499

Note: Price may vary.

Pentesting Practice Platforms

  1. VulnHub (Offsec) Free
  2. VulnMachines (BlackHat) Free
  3. Web Security Academy (PortSwigger Labs) Free
  4. TryHackMe Free + Paid
  5. pwnable.kr Free
  6. pwnable.tw Free
  7. HackTheBox Free + Paid
  8. https://sec-dojo.com/en Paid
  9. root-me Free
  10. PentesterAcademy (Attackdefence) Free + Paid
  11. Pentester Lab Free + Paid

FOSS Labs

  1. Vulhub
  2. Metasploitable3 Box
  3. OWASP Juice (WEB)
  4. DVWA (WEB)
  5. WebGOAT (WEB)
  6. Kubernetes GOAT
  7. Wrong Secrets (WEB)
  8. SQLi Lab
  9. HackerOne CTF
  10. For More Check: Awesome Vulnerable App List

Bug Bounty Hunting Platforms

  1. Hackerone
  2. Bugcrowd
  3. Intigriti
  4. YesWeHack
  5. RedStorm
  6. Zerocopter
  7. OpenBugBounty
  8. Immunify Web3
  9. HackenProof WEB3

Independent Pentesting Platforms

  1. Yogosha
  2. Synack
  3. Cobalt

0Day Market

  1. CrowdFense
  2. Zerodium (0day Bounty)

Best OS for Hacking

  1. ParrotSec Security Edition
  2. Kali Linux (OFFSEC)
  3. BlackArch
  4. BackBox

Awesome Links

  1. The Book of Secret Knowledge
  2. Sirensecurity.io Windows Privilege Escalation Resources
  3. Awesome Link List by Sindre Sorhus
  4. cheatography.com cheatsheets

Hackers Manuals

  1. HackTricks
  2. HackingArticles.in
  3. InternalAllTheThings by swisskyrepo
  4. eloypgz.org Active Directory
  5. ExplainShell (Command Manual)
  6. Reverse Shell making Tool
  7. Hashcat Example Hashes
  8. GTFObins Priviledge Escalation Cheetsheet
  9. LOLBAS Binaries, Scripts and Libraries Exploit
  10. loldrivers Drivers Exploits
  11. WADComs Windows AD Cheetsheat
  12. Exploit List haxx.it

Books

  1. The Web Applicaiton Hacker's Handbook
  2. Web Hacking Arsenal
  3. Brute XSS Payload Collection By Rodolfo Assis
  4. THERCEMAN Bug Bounty CheetSheat Book

About Me

Platform Link
LinkedIn LinkedIn.com/in/ZishanAdThandar
YouTube YouTube.com/ZishanAdThandar
LinkTree ZishanAdThandar.github.io/linktree
Twitter twitter.com/ZishanAdThandar
Telegram ZishanAdThandar.t.me
GitHub GitHub.com/ZishanAdThandar
Portfolio ZishanAdThandar.github.io
Resume ZishanAdThandar.github.io/CV.pdf

Sponsor

  1. https://github.com/sponsors/ZishanAdThandar
  2. https://ZishanAdThandar.github.io/sponsor/