Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lucthienphong1120/aio-pentesting
All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
https://github.com/lucthienphong1120/aio-pentesting
all-in-one cve enumeration exploitation guide hacker hacking library methodology nmap oscp oscp-cheatsheet penetration-testing pentest pentest-tools pentesting privilege-escalation reconnaissance vulnerability
Last synced: about 8 hours ago
JSON representation
All in one Pentest methodologies - Tools and commands | Where compiled all common materials for pentester
- Host: GitHub
- URL: https://github.com/lucthienphong1120/aio-pentesting
- Owner: lucthienphong1120
- Created: 2022-10-13T06:27:53.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-21T04:02:03.000Z (19 days ago)
- Last Synced: 2024-10-21T13:30:15.645Z (19 days ago)
- Topics: all-in-one, cve, enumeration, exploitation, guide, hacker, hacking, library, methodology, nmap, oscp, oscp-cheatsheet, penetration-testing, pentest, pentest-tools, pentesting, privilege-escalation, reconnaissance, vulnerability
- Language: PHP
- Homepage:
- Size: 49.9 MB
- Stars: 24
- Watchers: 3
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AIO-Pentesting
> All in one Pentest methodologies - **Tools and commands**
>
> *Where compiled all common materials for pentester*
>
> :star: If you feel it helpful, please contribute, otherwise start it! :star:
In this material, I will divide it into 2 phases and an overview is listed after below:
+ Documents:
- [0. Pentesting Stages](./0-Pentesting-Stages.md) :heavy_check_mark:
- [0. Forensics](./0-Forensics.md) :heavy_check_mark:
- [0. Cracking](./0-Cracking.md) :heavy_check_mark:
- [0. Sniffing](./0-Sniffing.md) :heavy_check_mark:
- [0. SQL Injection](./0-SQL-Injection.md) :heavy_check_mark:
+ Pre-Intrusion phase:
- [1. Linux Pre Intrusion](./1-Linux-Pre-Intrusion.md) :heavy_check_mark:
- [3. Windows Pre Intrusion](./3-Windows-Pre-Intrusion.md) (In Progress) :x:
+ Intrusion phase
- [2. Linux Intrusion](./2-Linux-Intrusion.md) :heavy_check_mark:
- [4. Windows Intrusion](./4-Windows-Intrusion.md) (In Progress) :x:
+ Others:
- [OSCP-Notes](./OSCP-Notes/) :heavy_check_mark:
- [OSWE-Notes](./OSWE-Notes/) :heavy_check_mark:
## Useful documents
### CVE Databases
1. [NVD (National Vulnerability Database)](https://nvd.nist.gov/vuln/full-listing)
2. [Exploit-DB](http://exploit-db.com/)
3. [CVE MITRE](https://cve.mitre.org/cve/)
### OS binaries libraries
1. [GTFOBins of Unix binaries](https://gtfobins.github.io/)
2. [LOLBAS of Windows binaries](https://lolbas-project.github.io/)
### Build-in shell & wordlist
```sh
tree /usr/share/webshells/
├── asp
│ ├── cmd-asp-5.1.asp
│ └── cmdasp.asp
├── aspx
│ └── cmdasp.aspx
├── cfm
│ └── cfexec.cfm
├── jsp
│ ├── cmdjsp.jsp
│ └── jsp-reverse.jsp
├── laudanum -> /usr/share/laudanum
├── perl
│ ├── perlcmd.cgi
│ └── perl-reverse-shell.pl
└── php
├── findsocket
│ ├── findsock.c
│ └── php-findsock-shell.php
├── php-backdoor.php
├── php-reverse-shell.php
├── qsd-php-backdoor.php
└── simple-backdoor.php
```
```sh
tree /usr/share/wordlists/
├── dirb -> /usr/share/dirb/wordlists
├── dirbuster -> /usr/share/dirbuster/wordlists
├── dnsmap.txt -> /usr/share/dnsmap/wordlist_TLAs.txt
├── fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
├── fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
├── metasploit -> /usr/share/metasploit-framework/data/wordlists
├── nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
├── rockyou.txt
└── wfuzz -> /usr/share/wfuzz/wordlist
```