{"id":13362319,"url":"https://github.com/Voorivex/pentest-guide","last_synced_at":"2025-03-12T15:30:52.764Z","repository":{"id":40346207,"uuid":"157955819","full_name":"Voorivex/pentest-guide","owner":"Voorivex","description":"Penetration tests guide based on OWASP including test cases, resources and examples.","archived":false,"fork":false,"pushed_at":"2022-03-23T14:40:01.000Z","size":181,"stargazers_count":2523,"open_issues_count":2,"forks_count":551,"subscribers_count":110,"default_branch":"master","last_synced_at":"2025-01-28T14:47:21.851Z","etag":null,"topics":["bugbounty","bypass","owasp-tests","payload","penetration-testing","pentest","vulnerability","writeup"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Voorivex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-17T06:01:39.000Z","updated_at":"2025-01-24T21:59:51.000Z","dependencies_parsed_at":"2022-07-13T15:59:17.968Z","dependency_job_id":null,"html_url":"https://github.com/Voorivex/pentest-guide","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Voorivex%2Fpentest-guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Voorivex%2Fpentest-guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Voorivex%2Fpentest-guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Voorivex%2Fpentest-guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Voorivex","download_url":"https://codeload.github.com/Voorivex/pentest-guide/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243242695,"owners_count":20259804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bypass","owasp-tests","payload","penetration-testing","pentest","vulnerability","writeup"],"created_at":"2024-07-29T23:00:42.041Z","updated_at":"2025-03-12T15:30:52.385Z","avatar_url":"https://github.com/Voorivex.png","language":null,"funding_links":[],"categories":["Pentest","Others","Pentesting","Others (1002)","bypass"],"sub_categories":["ARM"],"readme":"# Penetration Test Guide based on the OWASP + Extra\nThis guide is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents) from my point of view including `9 Test Classes` and each class has several `Test Cases` to conduct against the target. Each `Test Case` covers several OWASP tests which also is useful for the report document. I've also added `15 extra Tests Cases` marked by the `EXTRA-TEST`. I hope it will be useful in both penetration test projects and bug-bounty.\n\n### TODO: \n1. Add resources for each test.\n\n## Information Gathering\n*   *    **Fingerprint Technologies**\n    *    Fingerprint Web Server (OTG-INFO-002)\n    *    Enumerate Applications on Webserver (OTG-INFO-004)\n    *    Fingerprint Web Application Framework (OTG-INFO-008)\n    *    Fingerprint Web Application (OTG-INFO-009)\n*   *    **Information Leakage**\n    *    [Conduct Search Engine Discovery and Reconnaissance for Information Leakage (OTG-INFO-001)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakage)\n    *    [Review Webserver Metafiles for Information Leakage (OTG-INFO-003)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakage)\n    *    [Review Webpage Comments and Metadata for Information Leakage (OTG-INFO-005)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakage)\n    *    [Analysis of Error Codes (OTG-ERR-001)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakage)\n    *    [Analysis of Stack Traces (OTG-ERR-002)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakag)\n    *    [Conduct a Fuzzing for Hidden and Sensitive Files or Directories (EXTRA-TEST-014)](https://github.com/Voorivex/pentest-guide/tree/master/Information-Leakage)\n*   *    **Directory Indexing**\n    *    Search for Directory Indexing (EXTRA-TEST-001)\n*   *    **Storing Sensitive Information on Client Side**\n    *    Test Local Storage (OTG-CLIENT-012)\n\n## Configuration and Deployment Management\n*   *    **Enumerate Infrastructure and Application Admin Interfaces**\n    *    Enumerate Infrastructure and Application Admin Interfaces (OTG-CONFIG-005)\n    *    Test Network/Infrastructure Configuration (OTG-CONFIG-001)\n*   *    **Hidden Resources Discovery**\n    *    Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004)\n*   *    **HTTP Security Headers**\n    *    Testing for Lack of HTTP Security Headers (EXTRA-TEST-002)\n\n## Identity Management and Authentication\n*   *    **Secure Authentication Class**\n    *    [Test User Registration Process (OTG-IDENT-002)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Weak Lock Out Mechanism (OTG-AUTHN-003)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Bypassing Authentication Schema (OTG-AUTHN-004)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Test Remember Password Functionality (OTG-AUTHN-005)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Browser Cache Weakness (OTG-AUTHN-006)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Weak Security Question/Answer (OTG-AUTHN-008)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Weak Password Change or Reset Functionalities (OTG-AUTHN-009)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Weaker Authentication in Alternative Channel (OTG-AUTHN-010)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Weak or Unenforced Username Policy (OTG-IDENT-005)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Default Credentials (OTG-AUTHN-002)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n    *    [Testing for Two Factor Authentication Bypass (EXTRA-TEST-012)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Authentication-Class)\n*   *    **Username Enumeration**\n    *    Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004)\n*   *    **Testing for Recovering Sensitive Information**\n    *    Testing for Recovering Sensitive Information from Database (EXTRA-TEST-003)\n*   *    **Testing against Brute Force attack**\n    *    [Testing against Brute Force attack (EXTRA-TEST-004)](https://github.com/Voorivex/pentest-guide/tree/master/Brute-Force)\n*   *    **Password policy**\n    *    Testing for Weak password policy (OTG-AUTHN-007)\n*   *    **Testing for SSL over User Authentication**\n    *    Testing for Credentials Transported over an Encrypted Channel (OTG-AUTHN-001)\n\n## Authorization and Boundary Test\n*   *    **User Access Control**\n    *    Test Role Definitions (OTG-IDENT-001)\n    *    Test Account Provisioning Process (OTG-IDENT-003)\n    *    Testing for Bypassing Authorization Schema (OTG-AUTHZ-002)\n    *    [Testing for Privilege Escalation (OTG-AUTHZ-003)](https://github.com/Voorivex/pentest-guide/tree/master/Privilege-Escalation)\n    *    [Testing for HTTP Verb Tampering (OTG-INPVAL-003)](https://github.com/Voorivex/pentest-guide/tree/master/HTTP_Verb_Tampering)\n    *    [Testing for JSON Web Token Flaw (EXTRA-TEST-006)](https://github.com/Voorivex/pentest-guide/tree/master/JSON-Web-Token-Flaw)\n    *    [Test Cross Origin Resource Sharing (OTG-CLIENT-007)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Origin-Resource-Sharing)\n*   *    **File Inclusions**\n    *    [Testing Directory Traversal/File Include (OTG-AUTHZ-001)](https://github.com/Voorivex/pentest-guide/tree/master/Directory-Traversal-File-Include)\n*   *    **Execution after Redirect**\n    *    Execution after Redirect (EXTRA-TEST-005)\n*   *    **Cross Site Request Forgery**\n    *    [Testing for Cross Site Request Forgery (CSRF) (OTG-SESS-005)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Request-Forgery)\n*   *    **Secured File Upload**\n    *    [Test Upload of Unexpected File Types (OTG-BUSLOGIC-008)](https://github.com/Voorivex/pentest-guide/tree/master/Secured-File-Upload)\n    *    [Test Upload of Malicious Files (OTG-BUSLOGIC-009)](https://github.com/Voorivex/pentest-guide/tree/master/Secured-File-Upload)\n*   *    **Insecure Direct Object References**\n    *    [Testing for Insecure Direct Object References (OTG-AUTHZ-004)](https://github.com/Voorivex/pentest-guide/tree/master/Insecure-Direct-Object-References)\n*   *    **Secured Captcha implementation**\n    *    Test for Secured Captcha Workflow (EXTRA-TEST-007)\n    \n## Cookie and Session Management\n*   *    **Testing for Cookies attributes**\n    *    [Testing for Cookies attributes (OTG-SESS-002)](https://github.com/Voorivex/pentest-guide/tree/master/Cookies-Attributes)\n*   *    **Secure Session Management**\n    *    Testing for Bypassing Session Management Schema (OTG-SESS-001)\n    *    Testing for Session Fixation (OTG-SESS-003)\n    *    Testing for Exposed Session Variables (OTG-SESS-004)\n    *    Testing for Logout functionality (OTG-SESS-006)\n    *    Test Session Timeout (OTG-SESS-007)\n    *    Testing for Session puzzling (OTG-SESS-008)\n\n## Accessibility\n*   *    **Denial of Service**\n    *    Test for Denial of Service (EXTRA-TEST-008)\n    \n## Input/Output Validation\n*   *    **Cross Site Scripting**\n    *    [Testing for Reflected Cross Site Scripting (OTG-INPVAL-001)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for Stored Cross Site Scripting (OTG-INPVAL-002)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for DOM based Cross Site Scripting (OTG-CLIENT-001)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for JavaScript Execution (OTG-CLIENT-002)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for HTML Injection (OTG-CLIENT-003)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for CSS Injection (OTG-CLIENT-005)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for Client Side Resource Manipulation (OTG-CLIENT-006)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n    *    [Testing for Clickjacking (OTG-CLIENT-009)](https://github.com/Voorivex/pentest-guide/tree/master/Cross-Site-Scripting)\n*   *    **SQL Injection**\n    *    [Testing for SQL Injection (OTG-INPVAL-005)](https://github.com/Voorivex/pentest-guide/tree/master/SQL-Injection)\n    *    Testing for Incubated Vulnerabilities (OTG-INPVAL-015)\n*   *    **NoSQL Injection**\n    *    Testing for XPath Injection (OTG-INPVAL-010)\n    *    Testing for XML Injection (OTG-INPVAL-008)\n    *    Testing for MongoDB Injection (EXTRA-TEST-011)\n*   *    **Server Side Code Injection**\n    *    Testing for LDAP Injection (OTG-INPVAL-006)\n    *    Testing for ORM Injection (OTG-INPVAL-007)\n    *    Testing for SSI Injection (OTG-INPVAL-009)\n    *    IMAP/SMTP Injection (OTG-INPVAL-011)\n    *    [Testing for Code Injection (OTG-INPVAL-012)](https://github.com/Voorivex/pentest-guide/tree/master/Command-Injection)\n    *    [Testing for Server Side Template Injection (EXTRA-TEST-013)](https://github.com/Voorivex/pentest-guide/tree/master/Server-Side-Template-Injection)\n*   *    **Remote Command Execution**\n    *    [Testing for Command Injection (OTG-INPVAL-013)](https://github.com/Voorivex/pentest-guide/tree/master/Command-Injection)\n*   *    **Buffer Overflow**\n    *    Testing for Buffer Overflow (OTG-INPVAL-014)\n*   *    **XML External Entity (XXE)**\n    *    [Testing for XML External Entity (XXE) (EXTRA-TEST-009)](https://github.com/Voorivex/pentest-guide/tree/master/XML-External-Entity)\n*   *    **Server Side Request Forgery (SSRF)**\n    *    [Testing for Server Side Request Forgery (SSRF) (EXTRA-TEST-010)](https://github.com/Voorivex/pentest-guide/tree/master/Server-Side-Request-Forgery)\n*   *    **Open Redirect**\n    *    [Testing for Client Side URL Redirect (OTG-CLIENT-004)](https://github.com/Voorivex/pentest-guide/tree/master/Open-Redirect)\n*   *    **HTTP Splitting/Smuggling**\n    *    [Testing for HTTP Splitting/Smuggling (OTG-INPVAL-016)](https://github.com/Voorivex/pentest-guide/tree/master/HTTP-Smuggling)\n*   *    **Race Condition**\n    *    [Testing for Race Condition (EXTRA-TEST-15)](https://github.com/Voorivex/pentest-guide/tree/master/Race-Condition)\n    \n## Testing for weak Cryptography\n*   *    **Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection**\n    *    Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (OTG-CRYPST-001)\n*   *    **Testing for Sensitive Information Sent via Unencrypted Channels**\n    *    Testing for Sensitive Information Sent via Unencrypted Channels (OTG-CRYPST-003)\n    *    Testing for Padding Oracle (OTG-CRYPST-002)\n\n## Workflow/Dataflow Tests\n*   *    **Business Logic Testing**\n    *    [Test Business Logic Data Validation (OTG-BUSLOGIC-001)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test Ability to Forge Requests (OTG-BUSLOGIC-002)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test Integrity Checks (OTG-BUSLOGIC-003)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test for Process Timing (OTG-BUSLOGIC-004)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test Number of Times a Function Can be Used Limits (OTG-BUSLOGIC-005)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test for the Circumvention of Work Flows (OTG-BUSLOGIC-006)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n    *    [Test Defenses Against Application Mis-use (OTG-BUSLOGIC-007)](https://github.com/Voorivex/pentest-guide/tree/master/Business-Logic)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FVoorivex%2Fpentest-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FVoorivex%2Fpentest-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FVoorivex%2Fpentest-guide/lists"}