AIO-Pentesting

All in one Pentest methodologies - Tools and commands

In this document, I will divide it into 2 phases:

• Pre-Intrusion (Windows and Linux)
• Intrusion ((Windows and Linux)

⚠️ Below is the full roadmap, and be sure to check it out first

Overview

1. Reconnaissance

• Google (specifically Google Dorking)
• Wikipedia
• Social Media (Instagram, Twitter, and Facebook)
• PeopleFinder.com
• who.is
• sublist3r
• hunter.io
• builtwith.com
• wappalyzer
• dnsdumpster.com
• shodan.io
• builtwith.com

2. Scanning & Enumeration

• nmap (scan a target and tell us a wide variety of things)
• dirb (used to find commonly-named directories on a website)
• dirbuster (similar to dirb but with a cooler name, and with a user interface)
• enum4linux (tool used specifically for Linux to find vulnerabilities)
• metasploit (this tool is mostly used for exploitation, but it also has some built-in enumeration tools)
• Burp Suite (this tool can be used to scan a website for subdirectories and to intercept network traffic)

3. Exploitation

• Metasploit (many built-in scripts to try)
• Burp Suite (exploit web applications)
• SQLMap (exploit web applications)
• msfvenom (for building custom payloads)
• BeEF (browser-based exploitation)

4. Privilege Escalation

• Windows: Administrator or System. (pwdump7, Ophcrack)
• Linux: root

5. Covering Tracks & Reporting

• The Finding(s) or Vulnerabilities
• The CRITICALITY of the Finding
• A description or brief overview of how the finding was discovered
• Remediation recommendations to resolve the finding

Useful documents

CVE Databases

1. NVD (National Vulnerability Database)
2. Exploit-DB
3. CVE MITRE

OS binaries libraries

1. GTFOBins of Unix binaries
2. LOLBAS of Windows binaries

Real cyber attack kill chains

1. Getting in
2. Hacking through
3. Taking it out