About

Just another pentesting checklists

This page contains checklists, resources, and write-ups for HTB machines. Actually, I created this page during my OSCP preparation. But for now, I am just putting all my notes here.

Keep It Simple!

What the difference with the other? You may wonder what sets apart these GitBook notes from others, such as HackTricks. Well, HackTricks is a good sourceβ€”I often refer to their page when conducting pentesting. They provide comprehensive guides and checklists for every service.

The difference lies in the simplicity I aim to maintain here. While a full and complete guide is beneficial, sometimes it can be overwhelming with an excess of information. In this space, I create notes based on my experiences. I stick to one tool or resource if it can effectively perform the necessary tasks. For example, if FFuF can handle vhost bruteforce, directory scanning, etc, why should I use dirsearch, wfuzz, etc? I'm not saying that tools like dirsearch or wfuzz are bad, but I don't see the point in installing many tools with the same function.

Notes

I am using Kali Linux for all the commands I'm sharing here. I believe that all Debian derivatives will have similar commands for the installation process (using 'apt'). However, if you're using a different distribution that is not a Debian derivative, please search for it yourself. You can take my notes as a reference.

I have taken notes based on my understanding and practical use of commands/tools. It is possible that I may have made mistakes or misunderstood certain aspects.

Last updated