In this repository, we collected bunch of tools and commands, you can use during your pentesting. You can always comeback here, to check if you forgot any step. This will be focused only on Linux machines, we'll create another repository for Windows machines.

• Introduction
  • What you need to know.
  • Where to practice ?
    • Youtubers
    • Platforms
• Before Hacking
• Steps of Pen-Testing
• Enumeration
  • NMAP
  • Fuzzing
  • Sub Domains
  • DNS
  • Logs
• Privilege Escalation
• Tools

The goal of this repository is to help out beginners-medium hackers. Practicing is the only way to improve in this domain, and there are plenty of websites where you can learn, and hack at the same time. But before that, let's talk a bit about what you will find in the repository.

To become a great pentester you have to be patient. Learning and practicing are definetly your way into this domain. But it will take some time. Here's a simple list of things you should and shouldn't do in order to imporve :

• You have to master at least one programming language. And if you still haven't learn a single programming language, I would advise you to start with C.
• Don't just use tools without knowing how they work. Here's a list of tools you will need.
• You're not ready for real targets, just focus on practicing and learning and you will get there. Hopefully in a lawful way.
• Learning doesn't only rely on videos on youtube, reading could be a great way as well. From books to manuals and articles.
• Don't be a script kiddie, not having any idea on what you're doing means you're a script kiddie.
• Assembly language is far important than you think, specially if you're into Reverse engineeering or PWN. It would be easier to learn it if you master C language before.
• You have to know how computers and operating system works. Do you know what a kernel is ? If not you should do some googling.
• Twitter, as dumb as this idea looks, but I'd really recommend you to have a twitter account, and follow communities related to cyber security. Staying up to date with the world is not such a bad idea after all.
• Last but not least, don't learn hacking for wrong reasons. Don't waste your time if your goal is to hack your girlfriends Facebook account. Set a goal, no matter how big it looks like, and chase it. Dreams without goals are the ultimate fuel of disappointment.

Here you will find multiple resources to learn and practice hacking.

Here's a list of one the best youtubers I personally follow.

Here's where you can learn and practice at the same time.

Go ahead a knock yourself out.

There are certain things you need to learn before even diving into hacking. Here's a list you should definetly check out.

Many might think that programming is not really necessary in hacking, they're not just wrong they're stupid. But you need to know that not all programming languages serve the same purpose. There are different types, you should learn at least one language in each category. Let's go ahead and check them out.

These are the languages that will on a daily basis in your hacking journey.

• C / Assembly : Low level language, for binary exploitation.
• Bash : Linux scripting language.
• Powershell : Windows scripting language.
• Python : Easy to learn language, that can help you automate lot of work you do frequently.
• PHP : You cannot do bug bounty without knowing PHP.
• Javascript : Learning Javascript is as important as learning PHP, specially if you are into Bug Bounty.

• C++
• Ruby
• Lua
• Java
• Perl

In this section, We'll give you a certain steps you should always follow when you're pentesting.

Learn more

Now since we're finished with the introduction, let's go ahead and hack a box for the sake of an example. The Box I chose, is Boot2Root, a project in 42 Cursus.

The first step you should think of, is trying to identify what exactly you're attacking(hopefully in a lawful way). You need to gather maximum of informations from this target. A great way to do so, is to use a tool called NMAP. It's used to to scan ip addresses, it can also be used to identify ip addresses connected to your network. Since we do not know the ip address of our box, we have to scan our network in order to identify its ip address.

Depending on what's your network class, you can use the following command in order to scan a certain subnet.

$> nmap 10.12.100.x/24

You will get an output similar to this :

In order to use the following commands, you have to specify -A tag on your scan. It for aggressive scanning.

$> nmap -A 10.12.11.100

Using nmap, you can detect what Operatin System the target uses. Note that this is not always accurate, and also you will need root privelege. Here's an example :

$> sudo nmap -o 10.12.11.100

You can also detect what services are running on that target, the version of those services as well. Note that -sV is for the version scanning.

$> nmap -sV 10.12.11.100

How about running a scan on all the ports from in a total of 65,535 ports.

$> nmap -p- 10.12.11.100

You want only one port ?

$> nmap -p 80 10.22.11.100

How about multiple ports ?

$> nmap -p 80,443 10.22.11.100

A range of ports ?

$> nmap -p 80-8080 10.22.11.100

There is also timing templates, if you want your scan to take more or less time.

$> nmap -T[ID] 10.22.11.100

Sometimes you will counter targets that blocks your pings. Use the -Pn tag to skip the host discovery. This treats your target as an online target.

$> nmap -Pn 10.22.11.100

If you want to save the results of your scan you can do it like this :

$> nmap 10.22.11.100 -oA output.name

Let's go ahead and gather all the tags, under one powerful command, you have to know that a command like this would take ~20-30 minutes :

$> sudo nmap -A -O -Pn -p- -T4 -sV 10.22.11.100

There are a lot more commands than this, you should visit the nmap man page or their Docs to learn even more about this tool.

There are lot of other tools that you can use in order to dir bust, and each tools gives you different options.

Let's say you scanned a target and you found a web application, this web application can contains a multiple subdomains that you should check.

You might ask what a subdomain is. It's simply a good way to seperate the content of you website. It's piece of additional information added to the beginning of a website’s domain name. It allows websites to separate and organize content for a specific function — such as a blog or an online store — from the rest of your website.

Like sub-directories, you can also search for sub-domains , using a wordlist and a tool. In this case we'll be using as an example gobuster

Using the following command :

$> gobuster dns -d google.com  -w /path/to/wordlist.txt
-d : To specify the domain name
-w : To specify a wordlist

Thus you will get something like this(don't take this example seriously, it's not true... or maybe ?).

www.google.com
blog.google.com
store.google.com
etc...

This can help you find more information about a certain website that you didn't know. Maybe even find login pannels or so.

After generating a list of subdomain and hosts, it's time to check those who work. Doing it manualy will take a long time if a long list was generated, so here's a tools httpx that make that task easy for us. Using the following command :

$> cat hosts.txt | httpx

httpx have more other intersting functionality, check the repo for more info.

You find a web app and its subdomains too, so what can you do with it. For instance you can try and find directories or files. There are lot of tools you can use to do that. But for now let's use dirb.

You'll need wordlist, in order to test on multiple directories or files. Check wordlists for more infos. This is an example on how to use dirb command.

$> dirb http://ip_add/ /path/to/wordlist

A good thing to do is to pay attention to the request you make on a website. Some websites can show you different outputs depending on what domain name you requested. Specially when you're playing challenges on websites like HackTheBox or TryHackMe, always change your host file to whatever you find while scanning or while enumerating in general.

$> nano /etc/hosts
10.1.1.1	1337.htb #example

Logs are really important when it comes to tracing one's moves. You can even find credentials on them. We will talk more about it in the Privilege Escalation part

Using HackTricks, we can use multiple commands to monitor a system and thus finding an exploit we can use to privesc the system.

uname -a
cat /etc/os-release
cat /proc/version

uname -r

sudo -v (might not work sometimes if you don't have the password of the user)

ps aux
ps -ef
top -n 1

crontab -l
ls -al /etc/cron* /etc/at*
cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root 2>/dev/null | grep -v "^#"

Since we were inspired by this readme to do one where we can always contribute to it, and it won't be just the usual stuff you read online. Here you will find a list of tools by category. You can also visit the official website of Kali Linux for more information.

Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.

Crack passwords and create wordlists.

Used for intrusion detection and wifi attacks.

Acesss systems and data with service-oriented exploits.

Listen to network traffic or fake a network entity.

Exploit popular CMSs that are hosted online.

Exploits for after you have already gained access.

Frameworks are packs of pen testing tools with custom shell navigation and documentation.

• Devbreak on Twitter
• The Life of a Security Researcher
• Find an awesome hacking spots in your country
• Awesome-Hacking Lists
• Crack Station
• Exploit Database
• Hackavision
• Hackmethod
• Packet Storm Security
• SecLists
• SecTools
• Smash the Stack
• Don't use VPN services
• How to Avoid Becoming a Script Kiddie
• 2017 Top 10 Application Security Risks
• Starting in cybersecurity ?

I would highly advise you guys to go and checkout sundowndev.

The idea behind this repository is to create a source for hackers to comeby whenever they need something. From tools to docs to youtube channels. Anyone that's interested in contributing in this repository should pm me on my discord mza7a#5415 This is not yet finished, we'll be adding more resources in the future.