Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/satunix/methodology


https://github.com/satunix/methodology

Last synced: 3 months ago
JSON representation

Awesome Lists containing this project

README 

          
# **Pentesting Methodology and Notation**



Documented my notes, process, and techniques used previously. 

Feel free to follow my process, take my tips, make sure not to use tools listed just because i said so. Dont be a skid. 

Understand, develop, test, be ethical. Use the listing documents especially just as a process guide to assist and backtrack if you become stuck in tests. 



--- 



## **Overview**

This repository contains **methodologies** for penetration testing, CTFs HTBs etc across various domains, including **Active Directory, Web Applications, Networks, and more**. The structure of this library ensures that methodologies are organized, and easy to follow.

This is broken down into the methods I have used in past for testing and provide an overview to help structure your planning and playbooks. 

Each methodology consists of:

- **Overview & Preliminary Basics** – General knowledge, prerequisites, and example commands.

- **Detailed Methodology Listings** – Step-by-step approaches.

- **External Resources** – Links to manuals, official documentation, and advanced reading materials. (use the main resources.md)



---



## **🛠 How to Use This Library**

1. Start with the **overview.md** file to understand **general pentesting concepts & common commands**.

2. Navigate to the relevant **category directory** for a specific methodology.

3. Each category contains **detailed methodology documents**, overview for basics and initial tests, and then listings for everything i could think of, just doesnt have example syntax. 

4. Refer to the **resources.md** for further reading, including official documentation, whitepapers, and detailed guides.



---



## **📚 External Resources & References**

For each methodology, consult the following references:

- **MITRE ATT&CK** – Adversarial tactics, techniques, and procedures ([attack.mitre.org](https://attack.mitre.org/))

- **HackTricks** – Practical penetration testing methodologies ([book.hacktricks.xyz](https://book.hacktricks.xyz/))

- **OWASP Web Security Testing Guide** – Best practices for web application testing ([owasp.org](https://owasp.org/www-project-web-security-testing-guide/))

- **PayloadsAllTheThings** – Comprehensive payload repository ([github.com/swisskyrepo/PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings))

- **Offensive Security PWK Labs** – OSCP methodology ([help.offensive-security.com](https://help.offensive-security.com/))



---



I strongly recommend you develop your own methodologies, you will otherwise find yourself stuck. Beyond technical understanding there is the the knowledge of the what and when. (Beyond the 'how'). 

Only this will develop the best tester out of someone. There is no use in knowing 'how' to do everything if you dont know when and where to do it. 

(Skids be gone)



---



> "Those who know, don't tell; Those who tell, don't know."



> "True knowledge or enlightenment is beyond the capacity of words to fully express, and those who truly understand it are aware of its ineffability."



---



While tools are an essential part of penetration testing, they should never be relied upon blindly. Understanding how the underlying technology works is critical, as tools evolve, become obsolete, or may not function as expected in real-world scenarios. To stay ahead, you must continuously learn, experiment, and practice—developing your own scripts and techniques rather than depending solely on automation. Throughout this guide, various tools may be listed as examples, but they may not be accurate or relevant at the time of reading. 



It is also encouraged not to just blindly use these command examples on step by step as these examples are just that, an example. The commands and tools listed provide an idea of what the step and objective is, understand the method, the tecnique, and how it intertwines with following methods and steps. Take notes and practice. 



Instead of relying on predefined tools, focus on understanding the documentation, read the PTES, and NIST guides on pentesting, understand the technology and how it can be used, understand the technical details, and step-by-step methods and techniques behind them. Adapt your approach based on the objectives required, ensuring you are not just a tool user but a true security practitioner capable of thinking critically and adapting to new challenges.