Pentest Book
  • /home/six2dez/.pentest-book
  • Contribute/Donate
  • Recon
    • Public info gathering
    • Root domains
    • Subdomain Enum
      • Subdomain Takeover
    • Webs recon
    • Network Scanning
    • Host Scanning
    • Packet Scanning
  • Enumeration
    • Files
    • SSL/TLS
    • Ports
    • Web Attacks
      • General Info
      • Quick tricks
      • Header injections
      • Bruteforcing
      • Online hashes cracked
      • Crawl/Fuzz
      • LFI/RFI
      • File upload
      • SQLi
      • SSRF
      • Open redirects
      • XSS
      • CSP
      • XXE
      • Cookie Padding
      • Webshells
      • CORS
      • CSRF
      • Web Cache Poisoning
      • Broken Links
      • Clickjacking
      • HTTP Request Smuggling
      • Web Sockets
      • CRLF
      • IDOR
      • Web Cache Deception
      • Session fixation
      • Email attacks
      • Pastejacking
      • HTTP Parameter pollution
      • SSTI
      • Prototype Pollution
      • Command Injection
      • Deserialization
      • DNS rebinding
    • Web Technologies
      • APIs
      • JS
      • ASP.NET
      • JWT
      • GitHub
      • GitLab
      • WAFs
      • Firebird
      • Wordpress
      • WebDav
      • Joomla
      • Jenkins
      • IIS
      • VHosts
      • Firebase
      • OWA
      • OAuth
      • Flask
      • Symfony && Twig
      • Drupal
      • NoSQL (MongoDB, CouchDB)
      • PHP
      • RoR (Ruby on Rails)
      • JBoss - Java Deserialization
      • OneLogin - SAML Login
      • Flash SWF
      • Nginx
      • Python
      • Tomcat
      • Adobe AEM
      • Magento
      • SAP
      • MFA/2FA
      • GWT
      • Jira
      • OIDC (Open ID Connect)
      • ELK
      • Sharepoint
      • Others
    • Cloud
      • General
      • Cloud Info Gathering
      • AWS
      • Azure
      • GCP
      • Docker && Kubernetes
      • CDN - Comain Fronting
  • Exploitation
    • Payloads
    • Reverse Shells
    • File transfer
  • Post Exploitation
    • Linux
    • Pivoting
    • Windows
      • AD
        • Kerberos
      • PS tips & tricks
  • Mobile
    • General
    • Android
    • iOS
  • Others
    • Burp Suite
    • Password cracking
    • VirtualBox
    • LLM/AI/ML/prompt testing
    • Code review
    • Pentesting Web checklist
    • Internal Pentest
    • Web fuzzers review
    • Recon suites review
    • Subdomain tools review
    • Random
    • Master assessment mindmaps
    • BugBounty
    • Exploiting
    • tools everywhere
    • RT/EDR
Powered by GitBook
On this page
  • Usage: Just use the search bar at the upper or navigate through the sections of the left zone. Enjoy it
  • Stargazers over time

Was this helpful?

Edit on GitHub
Export as PDF

/home/six2dez/.pentest-book

This book contains a bunch of info, scripts and knowledge used during my pentests.

NextPublic info gathering

Last updated 9 months ago

Was this helpful?

Thanks to visit this site, please consider enhance this book with some awesome tools or techniques you know, you can contact me by Telegram(), Twitter() or Discord(six2dez#8201), GitHub pull request is welcomed too ;) Hack 'em all

Usage: Just use the search bar at the upper or navigate through the sections of the left zone. Enjoy it

Don't you know where to go now? Let me introduce you to some of the most popular pages on this wiki:

  • Know your target! Make a proper !

  • What can you do in those strange ?

  • Doing a ? Don't forget to check out any of these common attacks!

  • Do you have the same hype as me with services? They also have their vulnerabilities

  • Stuck again with Windows and ? Here is my cheatsheet

  • The mobile world does not stop growing, see my tips for and

  • is the tool most loved by everyone, but you have to know a few tricks, also check my

  • I'm really proud of

  • If you want to know which web fuzzer fits you best, take a look at the .

Important note: I use this wiki daily for my work and I am constantly updating it. I'm very sorry if a link to a page changes or I move it, if you need something you are free to contact me.

You can support this work buying me a coffee:

Stargazers over time

Stargazers over time
😊
@six2dez
@six2dez1
recon
ports
web pentest
cloud
Kerberos
Android
iOS
Burp Suite
preferred extensions
Pentesting Web Checklist
comparison
six2dez is sharing knowledgeBuy Me a Coffee
Logo