Hacktricks.xyz
Generic Methodologies & Resources
Python Sandbox Escape & Pyscript
Shells (Linux, Windows, MSFVenom)
Linux Hardening
Checklist - Linux Privilege Escalation
MacOS Hardening
macOS Security & Privilege Escalation
Windows Hardening
Checklist - Local Windows Privilege Escalation
Windows Local Privilege Escalation
Basic PowerShell for Pentesters
Mobile Pentesting
Android Applications Pentesting
Network Services Pentesting
Pentesting JDWP - Java Debug Wire Protocol
25,465,587 - Pentesting SMTP/s
69/UDP TFTP/Bittorrent-tracker
80,443 - Pentesting Web Methodology
88tcp/udp - Pentesting Kerberos
111/TCP/UDP - Pentesting Portmapper
137,138,139 - Pentesting NetBios
161,162,10161,10162/udp - Pentesting SNMP
194,6667,6660-7000 - Pentesting IRC
264 - Pentesting Check Point FireWall-1
389, 636, 3268, 3269 - Pentesting LDAP
500/udp - Pentesting IPsec/IKE VPN
515 - Pentesting Line Printer Daemon (LPD)
548 - Pentesting Apple Filing Protocol (AFP)
631 - Internet Printing Protocol(IPP)
1098/1099/1050 - Pentesting Java RMI - RMI-IIOP
1433 - Pentesting MSSQL - Microsoft SQL Server
1521,1522-1529 - Pentesting Oracle TNS Listener
1883 - Pentesting MQTT (Mosquitto)
2301,2381 - Pentesting Compaq/HP Insight Manager
3690 - Pentesting Subversion (svn server)
3702/UDP - Pentesting WS-Discovery
4369 - Pentesting Erlang Port Mapper Daemon (epmd)
5000 - Pentesting Docker Registry
5353/UDP Multicast DNS (mDNS) and DNS-SD
5432,5433 - Pentesting Postgresql
5800,5801,5900,5901 - Pentesting VNC
5984,6984 - Pentesting CouchDB
8009 - Pentesting Apache JServ Protocol (AJP)
8333,18333,38333,18444 - Pentesting Bitcoin
9042/9160 - Pentesting Cassandra
9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
9200 - Pentesting Elasticsearch
10000 - Pentesting Network Data Management Protocol (ndmp)
15672 - Pentesting RabbitMQ Management
24007,24008,24009,49152 - Pentesting GlusterFS
27017,27018 - Pentesting MongoDB
44134 - Pentesting Tiller (Helm)
44818/UDP/TCP - Pentesting EthernetIP
50030,50060,50070,50075,50090 - Pentesting Hadoop
Pentesting Web
Web Vulnerabilities Methodology
Reflecting Techniques - PoCs and Polygloths CheatSheet
Cache Poisoning and Cache Deception
Client Side Template Injection (CSTI)
Content Security Policy (CSP) Bypass
CORS - Misconfigurations & Bypass
CSRF (Cross Site Request Forgery)
Dangling Markup - HTML scriptless injection
Formula/CSV/Doc/LaTeX Injection
HTTP Connection Request Smuggling
HTTP Request Smuggling / HTTP Desync Attack
HTTP Response Smuggling / Desync
JWT Vulnerabilities (Json Web Tokens)
Registration & Takeover Vulnerabilities
Regular expression Denial of Service - ReDoS
Reset/Forgotten Password Bypass
Server Side Inclusion/Edge Side Inclusion Injection
SSRF (Server Side Request Forgery)
SSTI (Server Side Template Injection)
XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
XXE - XEE - XML External Entity
XSSI (Cross-Site Script Inclusion)
Cloud Security
Pentesting Cloud (AWS, GCP, Az...)
Pentesting CI/CD (Github, Jenkins, Terraform...)
Hardware/Physical Access
Reversing & Exploiting
Reversing Tools & Basic Methods
Linux Exploiting (Basic) (SPA)
Windows Exploiting (Basic Guide - OSCP lvl)
Crypto & Stego
Cryptographic/Compression Algorithms
Blockchain & Crypto Currencies
External Platforms Reviews/Writeups
C2
TODO
6881/udp - Pentesting BitTorrent
Last updated