Pentest Notes

Unified penetration testing notes compiled from labs, tooling experiments, and repeatable workflows. Use the category index to navigate like a notebook tree or jump into search for a specific technique.

Search Notes Browse Tags

Category Index

Jump by topic or browse the full notebook tree below.

Recon & Footprinting Scanning & Enumeration Web Exploitation Network Exploitation Credential Attacks Post-Exploitation Payloads & Shells Transfer & Exfiltration Tools & Automation Labs & Practice Course Notes Archive & Misc

Topic Map

Structured like a notebook: categories, subtopics, and individual notes.

Recon & Footprinting

Baseline recon flows, passive/active info gathering, and service footprinting.

Footprinting Notes on Footprinting.
Information Gathering Notes on Information Gathering.
Information Gathering
- Aktive- Subdomains Notes and commands for Aktive- Subdomains.
- ‌intro Notes and commands for ‌intro.
- Passive - Subdomains Notes and commands for Passive - Subdomains.
- Recon Tools Notes and commands for Recon Tools.
Footprinting
- DNS Notes and commands for DNS.
- FTP Notes and commands for FTP.
- IMAP / POP3 Notes and commands for IMAP / POP3.
- Infrastructure-based Enumeration Notes and commands for Infrastructure-based Enumeration.
- IPMI Notes and commands for IPMI.
- Linux Remote Mngmt Notes and commands for Linux Remote Mngmt.
- MSSQL Notes and commands for MSSQL.
- MY-SQL Notes and commands for MY-SQL.
- NFS Notes and commands for NFS.
- Oracle Notes and commands for Oracle.
- SMB Notes and commands for SMB.
- SMTP Notes and commands for SMTP.
- SNMP Notes and commands for SNMP.
- Windows- remote Notes and commands for Windows- remote.

Scanning & Enumeration

Nmap and vulnerability scanning workflows for discovery.

Nmap Notes on Nmap.
Vulnerability Scanning Notes on Vulnerability Scanning.
Vulnerability Scanning
- Nessus Notes and commands for Nessus.
- OpenVS Notes and commands for OpenVS.
Nmap
- Output Commands Notes and commands for Output Commands.
- Performance Options Notes and commands for Performance Options.
- Scan Commands Notes and commands for Scan Commands.

Web Exploitation

Web exploitation patterns, fuzzing, and testing checklists.

Cors Notes on Cors.
Csrf Notes on Csrf.
Fuzzing Notes on Fuzzing.
Insecure Direct Object References (IDOR Notes and commands for Insecure Direct Object References (IDOR.
Request Forgery (Web Tampering) Notes and commands for Request Forgery (Web Tampering).
Sql Injection Databases Notes on Sql Injection Databases.
SQLMap Notes on SQLMap.
SSRF Notes and commands for SSRF.
Xss Notes on Xss.
Xxe Xml Notes on Xxe Xml.
SQLMap
- In Cookie Notes and commands for In Cookie.
- In GET Parameters Notes and commands for In GET Parameters.
- Simple Commands Notes and commands for Simple Commands.
Csrf
- CSRF Token Notes on CSRF Token.
- Defense Notes and commands for Defense.
- Ref. XSS Notes and commands for Ref. XSS.
- Samesite Cookies Notes on Samesite Cookies.
- CSRF Token
  - Removing Notes and commands for Removing.
  - Request forgery Notes and commands for Request forgery.
  - Token tied to cookie CSRF token tied to a cookie (not necessarily the session cookie).
  - Token==Cookie Notes and commands for Token==Cookie.
  - u_token != session_token CSRF token is not bound to the session token.
- Samesite Cookies
  - 2min_rule Notes and commands for 2min_rule.
  - Strict Gadgets Notes and commands for Strict Gadgets.
  - Using GET Notes and commands for Using GET.
Sql Injection Databases
- File Injection Notes and commands for File Injection.
- Fingerprinting Notes and commands for Fingerprinting.
- General SQL Notes and commands for General SQL.
- Injection Notes and commands for Injection.
- Prevention Notes and commands for Prevention.
- SQL in PHP Notes and commands for SQL in PHP.
- Unions Notes and commands for Unions.
Xxe Xml
- Blind Injection Notes and commands for blind Injection.
- Defense Notes and commands for Defense.
- Tools Notes and commands for Tools.
Fuzzing
- Dir Fuzzing Notes and commands for Dir Fuzzing.
Cors
- Basic (CORS: True) Notes and commands for Basic (CORS: True).
- CORS: NULL Notes and commands for CORS: NULL.
- CORS: Subdomains Notes and commands for CORS: Subdomains.
- CORS: TLS Break Notes and commands for CORS: TLS Break.
Xss
- Basic Payloads Notes and commands for Basic Payloads.
- Bind-XSS-Cookie Stealing Notes and commands for Bind-XSS-Cookie Stealing.
- Defacing Notes and commands for Defacing.
- Phishing Notes and commands for Phishing.
- Prevention Notes and commands for Prevention.
- Tools Notes and commands for Tools.

Network Exploitation

SMB, pass-the-hash, and lateral movement notes.

EternalBlue / SMB Notes and commands for EternalBlue / SMB.
Metasploit Pass-the-Hash Screenshot reference for a Metasploit pass-the-hash session.
Pass-the-Hash Metasploit handler notes for pass-the-hash workflows.
Smb Notes on Smb.
SMB Hash Notes and commands for SMB Hash.
Smb
- RCE Notes and commands for RCE.

Credential Attacks

Credential access, cracking, and vault extraction.

/etc/shadow structure Notes and commands for /etc/shadow structure.
Attacking Network Services Notes on Attacking Network Services.
Encrypt technol. Notes and commands for Encrypt technol..
HKLM Registries Notes and commands for HKLM Registries.
John The Ripper Notes on John The Ripper.
Linux Notes and commands for Linux.
LSASS Notes and commands for LSASS.
Practice Notes and commands for Practice.
Windows Notes and commands for Windows.
Windows Vault and Credential Manager Notes and commands for Windows Vault and Credential Manager.
Attacking Network Services
- RDP Notes and commands for RDP.
- SMB Notes and commands for SMB.
- SSH Notes and commands for SSH.
- WINRM Notes and commands for WINRM.
John The Ripper
- Cracking Files with John. Notes and commands for Cracking Files with John..
- Incremental Mode Notes and commands for Incremental Mode.
- Single Crack Mode Notes and commands for Single Crack Mode.
- Wordlist Mode Notes and commands for Wordlist Mode.

Post-Exploitation

Privilege escalation, token abuse, and Persistence notes.

Mimikatz Notes and commands for Mimikatz.
Token Impersonation Notes and commands for Token Impersonation.
UAC bypass Notes and commands for UAC bypass.
WMIExec pass-the-hash Screenshot reference for a WMIExec pass-the-hash session.

Payloads & Shells

Payload crafting, shells, and delivery patterns.

Metasploit Notes and commands for Metasploit.
Payloads Notes on Payloads.
Pro/Con - Type Notes and commands for Pro/Con - Type.
Shells Notes on Shells.
Terminal / OS Notes and commands for Terminal / OS.
Webshells Notes and commands for Webshells.
Payloads
- CREATION Notes and commands for CREATION.
Shells
- Interactive Shells Notes and commands for Interactive Shells.

Transfer & Exfiltration

File transfer, staging, and exfil techniques across operating systems.

Astaroth_Example_DLL_Injection Notes and commands for Astaroth_Example_DLL_Injection.
Detection/Evasion Notes and commands for Detection/Evasion.
Encryption before transferring Notes and commands for Encryption before transferring.
File Transfer using Common Coding Languages Notes and commands for File Transfer using Common Coding Languages.
Linux File Transfer Notes on Linux File Transfer.
Living off the Land (Binary Uploads/Downloads) Notes and commands for living off the land binary uploads/downloads.
Netcat for FileTransfer Notes and commands for Netcat for FileTransfer.
Nginx / Apache Server for filetransfer Notes and commands for Nginx / Apache Server for filetransfer.
Overview-Commands Notes and commands for Overview-Commands.
PHP reverse shell Notes and commands for PHP reverse shell.
PowerShell for Filetransfer Notes and commands for PowerShell for Filetransfer.
Windows Filetransfer Notes on Windows Filetransfer.
Linux File Transfer
- Download Notes on Download.
- Upload Notes on Upload.
- Download
  - Base64 Notes and commands for Base64.
  - SSH/SCP Notes and commands for SSH/SCP.
  - Web curl/wget Notes and commands for Web curl/wget.
- Upload
  - Web Upload Notes and commands for Web Upload.
Windows Filetransfer
- Download Notes on Download.
- Upload Notes on Upload.
- Download
  - Base64 Notes and commands for Base64.
  - FTP Downloads Notes and commands for FTP Downloads.
  - PowerShell-Web(http/s) Notes and commands for PowerShell-Web(http/s).
  - SMB Server for file transfer Notes and commands for SMB Server for file transfer.
- Upload
  - Base64 Notes and commands for Base64.
  - FTP Notes and commands for FTP.
  - PowerShell web Uploads. Notes and commands for PowerShell web Uploads..
  - SMB Share Upload Notes and commands for SMB Share Upload.

Tools & Automation

Notes on common Tools, scripts, and workflows.

Metasploit Notes on Metasploit.
Python Notes on Python.
Video-search Notes and commands for Video-search.
Metasploit
- Databases Notes and commands for Databases.
- Encoding / IPS/IDS evasion Notes and commands for Encoding / IPS/IDS evasion.
- Metasploit Notes and commands for Metasploit.
- Payloads Notes and commands for Payloads.
- Persistence Notes and commands for Persistence.
- Plugin Notes and commands for Plugin.
Python
- Basics Notes and commands for Basics.
- Socket Notes and commands for Socket.

Labs & Practice

Hands-on exercises and lab walkthroughs.

Footprinting (Hard) Notes and commands for Footprinting (Hard).
Perfection Notes on Perfection.
Shell Lab Notes and commands for Shell Lab.
Perfection
- Nmap Notes and commands for Nmap.
- Personal Notes and commands for Personal.

Course Notes

Course notes and structured study tracks.

PET4 Notes on PET4.
PET4
- AD Notes and commands for AD.
- Information Gathering Notes and commands for Information Gathering.
- Path-Traversal Notes and commands for Path-Traversal.
- Post-Exploitation Notes and commands for Post-Exploitation.
- Pr Fungsrelevant Notes on Pr Fungsrelevant.
- Pr Fungsrelevant
  - VO Notes and commands for VO.

Archive & Misc

Notes and experiments that do not fit elsewhere.

Cameras Notes and commands for Cameras.