GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Voorivex → Pentest Guide

Voorivex / Pentest Guide

Licence: gpl-3.0
Penetration tests guide based on OWASP including test cases, resources and examples.

Labels

penetration-testingpentestbugbountyvulnerabilitypayloadbypass

Projects that are alternatives of or similar to Pentest Guide

Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2400.68%)
Mutual labels:  penetration-testing, pentest, vulnerability, payload, bypass, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-89.21%)
Mutual labels:  penetration-testing, bugbounty, pentest
Ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (-81.69%)
Mutual labels:  penetration-testing, pentest, vulnerability
Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (-68.01%)
Mutual labels:  penetration-testing, bugbounty, payload
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (-22.34%)
Mutual labels:  penetration-testing, payload, bugbounty
Aboutsecurity
A list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-87.39%)
Mutual labels:  pentest, payload, bypass
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (-42.25%)
Mutual labels:  bugbounty, pentest, payload
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-97.64%)
Mutual labels:  vulnerability, bugbounty, pentest
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-98.18%)
Mutual labels:  vulnerability, bugbounty, pentest
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-96.73%)
Mutual labels:  penetration-testing, bugbounty, pentest
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-97.34%)
Mutual labels:  penetration-testing, bugbounty, pentest
web-fuzz-wordlists
Common Web Managers Fuzz Wordlists
Stars: ✭ 137 (-89.59%)
Mutual labels:  penetration-testing, vulnerability, pentest
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-95.36%)
Mutual labels:  penetration-testing, pentest, payload
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (-50%)
Mutual labels:  vulnerability, payload, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-25.99%)
Mutual labels:  pentest, bugbounty
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (-23.33%)
Mutual labels:  pentest, vulnerability
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-96.58%)
Mutual labels:  penetration-testing, pentest
Burp Suite Software Version Checks
Burp extension to passively scan for applications revealing software version numbers
Stars: ✭ 29 (-97.8%)
Mutual labels:  penetration-testing, pentest
Awsbucketdump
Security Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (-22.42%)
Mutual labels:  penetration-testing, bugbounty
Pcwt
Stars: ✭ 46 (-96.5%)
Mutual labels:  pentest, bugbounty
View All Similar Projects ➔

Penetration Test Guide based on the OWASP + Extra

This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.

TODO:

  1. Add resources for each test.

Information Gathering

Configuration and Deployment Management

    • Enumerate Infrastructure and Application Admin Interfaces
    • Enumerate Infrastructure and Application Admin Interfaces (OTG-CONFIG-005)
    • Test Network/Infrastructure Configuration (OTG-CONFIG-001)
    • Hidden Resources Discovery
    • Review Old, Backup and Unreferenced Files for Sensitive Information (OTG-CONFIG-004)
    • HTTP Security Headers
    • Testing for Lack of HTTP Security Headers (EXTRA-TEST-002)

Identity Management and Authentication

Authorization and Boundary Test

Cookie and Session Management

    • Secure Session Management
    • Testing for Bypassing Session Management Schema (OTG-SESS-001)
    • Testing for Session Fixation (OTG-SESS-003)
    • Testing for Exposed Session Variables (OTG-SESS-004)
    • Testing for Logout functionality (OTG-SESS-006)
    • Test Session Timeout (OTG-SESS-007)
    • Testing for Session puzzling (OTG-SESS-008)

Accessibility

    • Denial of Service
    • Test for Denial of Service (EXTRA-TEST-008)

Input/Output Validation

Testing for weak Cryptography

    • Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
    • Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (OTG-CRYPST-001)
    • Testing for Sensitive Information Sent via Unencrypted Channels
    • Testing for Sensitive Information Sent via Unencrypted Channels (OTG-CRYPST-003)
    • Testing for Padding Oracle (OTG-CRYPST-002)

Workflow/Dataflow Tests

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].