Start learn pentesting/hacking. The Red Team
2 min readApr 13, 2022
Created github page with useful materials for those who starting to learn pentesting/hacking. All materials checked by myself.
!!! Always do all work from VM or dedicated machine for that, remember that all tools that you install may have some malware(mostly not but risk exists).
So you should prevent them to access your real machine with you secure data.Also dont forget to use VPN, even when using training VM from hackthebox(cause u will be sharing same network with many people)
BOOKS & ARTICLES
- https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor — Course for beginners
- Staring Point course from https://www.hackthebox.com/
- https://pwning.owasp-juice.shop/ — How to pawn Juice Shop guide
- https://book.hacktricks.xyz/ — many tutorials and howtos
- https://guyinatuxedo.github.io/index.html — exsploits & reverse engineering course
- https://medium.com/purple-team/buffer-overflow-c36dd9f2be6f — buffer overflow for beginers
- https://medium.com/cyber-unbound/buffer-overflows-ret2libc-ret2plt-and-rop-e2695c103c4c — buffer overflow, how to pass ASLR & PIE & NO-STACK-EXECUTION protection
- https://github.com/tanprathan/OWASP-Testing-Checklist — OWASP testing checklist. Help to not forget something
- https://owasp.org/www-project-web-security-testing-guide/v41/ — OWASP testing guide for checklist above ^
TOOLS
- https://www.vmware.com/products/workstation-player.html — VM player to run Kali
- https://www.kali.org/ — Kali linux for pentesters. Base Tool
- https://github.com/sullo/nikto — web site vulnerability scanner.
- https://wpscan.com/wordpress-security-scanner — wordpress vulnrability scanner.
- https://www.kali.org/tools/nmap/ — NMAP port, script, vulnerability scanner. Base tool
- https://www.kali.org/tools/hydra/ — Login cracker for different protocols
- https://www.kali.org/tools/gobuster/ — Dir,Subdomains enumerator for websites
- https://www.metasploit.com/ — Pentesting framework. Base Tool
- https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS — Privilege escalation for Win. Base Tool
- https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS — Privilege escalation for Linux. Base Tool
- https://www.kali.org/tools/gdb/ — console debugger
- https://www.kali.org/tools/edb-debugger/ — edb debugger with ui
SERVICES
Data arvesting
- https://hunter.io/ — find emails on domain
- https://haveibeenpwned.com/ — find if email was leaked
- https://crt.sh/ — subdomain search
- https://builtwith.com/ — technology stack info
- https://search.censys.io/ — servers search engine
- https://www.shodan.io/ — servers search engine
DATA LEAKS
- https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis — how passwords changes with time + 1.4B email:pass
TRAINING
- https://www.hackthebox.com/ — Platform with VMs that you can try to hack
- https://tryhackme.com/ — training site
- https://github.com/juice-shop/juice-shop — Training app for web pentesters
- https://pentesterlab.com/ — excercices for hackers (not free)
EXPLOIT DBs
WORDLISTS
- https://github.com/danielmiessler/SecLists/ — many different
- https://github.com/payloadbox/sql-injection-payload-list — SQL inj payloads
- https://github.com/foospidy/payloads — web payloads