Pentesting Notes

A comprehensive collection of penetration testing commands, techniques, and methodologies organized for quick reference during security assessments.

Legal Disclaimer

These are my notes. These tools and techniques should only be used on systems you have explicit written permission to test. Unauthorized access to computer systems is illegal.

Coverage

This documentation contains practical guidance across 6 major penetration testing phases:

• Reconnaissance: Network scanning, web enumeration, DNS discovery
• Enumeration: Service-specific analysis for SMB, FTP, SSH, HTTP/HTTPS
• Exploitation: Web vulnerabilities, privilege escalation, password attacks
• Post-Exploitation: Persistence mechanisms, data exfiltration
• Tools: In-depth guides for Nmap, Metasploit, Burp Suite, SQLMap
• Cheat Sheets: Reverse shells, file transfers, OS command references

Documentation Structure

Reconnaissance

Information gathering and target identification techniques:

• Network Scanning - Nmap, Masscan, port discovery
• Web Enumeration - Directory brute forcing, technology identification
• DNS Enumeration - Subdomain discovery, zone transfers
• SMTP Enumeration - Email server reconnaissance and user enumeration
• SNMP Enumeration - Network management protocol enumeration
• Visual Reconnaissance - Screenshot tools and visual analysis
• Public Data Sources - OSINT and public information gathering
• Metadata Extraction - Document and file metadata analysis
• Cloud Discovery - Cloud infrastructure enumeration
• VPN Detection - VPN and remote access detection
• Credential Hunting - Searching for exposed credentials
• Advanced Reconnaissance - Advanced OSINT and recon techniques

Enumeration

Service and vulnerability discovery:

• SMB - Windows file sharing enumeration
• FTP - File transfer protocol analysis
• SSH - Secure shell enumeration
• HTTP/HTTPS - Web service testing

Exploitation

Gaining access and privilege escalation:

• Web Exploits - SQL injection, XSS, command injection, file inclusion
• Privilege Escalation - Linux and Windows escalation techniques
• Password Attacks - Hash cracking, password spraying, Kerberoasting
• Advanced Exploitation - Binary exploitation, SSTI, deserialization, AD attacks

Post-Exploitation

Maintaining access and data extraction:

• Persistence - Backdoors, scheduled tasks, registry keys
• Pivoting & Tunneling - Network pivoting and tunneling techniques
• Data Exfiltration - File transfers, compression, covert channels
• Red Team Operations - Advanced red team tactics and techniques

Tools

Detailed tool-specific guides:

• Nmap - Network discovery and security scanning
• Metasploit - Penetration testing framework
• Burp Suite - Web application security testing
• SQLMap - Automated SQL injection
• Gobuster - Directory and DNS brute forcing
• FFUF - Fast web fuzzer
• Impacket - Python network protocols library
• CrackMapExec - Network assessment and exploitation
• BloodHound - Active Directory attack path analysis

Cheat Sheets

Quick reference guides:

• Reverse Shells - All major languages and methods
• File Transfers - Cross-platform file transfer techniques
• Linux Commands - Essential Linux command reference
• Windows Commands - Essential Windows command reference