Index

KALI

  1. LINUX COMMANDS
  2. NETWORK COMMANDS
  3. PYTHON BASICS

STAGES

  1. RECONNAISSANCE
  2. SCANNING TOOLS
  3. ENUMERATION
    1. KIOPTRIX
      1. VULN
        1. Default_webpage(low)
        2. Server_header info desclosure(low)
        3. Default404_infodisclosure
        4. Weak Ciphers
        5. smb_findings
  4. EXPLOITATION

RECONNAISSANCE

PASSIVE RECON -social/physical
Local info : Satellite images,building layout
Job info : Employees,pictures in desks
basically social engineering

WEB/HOST
Target Validation :WHOIS ,nslookup,dnsrecon
Finding SubDomains :Google Fu,dig,nmap,Sublist3r,Bluto
Fingerprinting :Nmap,Wappaltyzer, WhatWeb,BuiltWith, Netcat
Data Breaches :HaveIBeenPwned

PASSIVE OSINT: Open-source intelligence
https://bugcrowd.com/programs :crowdsourced security chcek platform
https://hunter.io/ : emailss
https://haveibeenpwned.com/ :looks for former breaches
bluto


theHarvester : site inputted. output emails,ip,source

whatweb -v ...
wappalyzer
https://builtwith.com/
: know abt the technology a website uses