• Stars
    star
    486
  • Rank 90,527 (Top 2 %)
  • Language
    Python
  • Created almost 7 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

oscp

  • This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.
  • Cheat Sheet

docker container for portability

  • kali-build contains the files necessary for running the essential kali linux tools in a docker container.
  • it is recommended that you install burp suite on your host OS along with firefox.
  • tools like "gobuster" can be proxied through hostOS burp proxy via "http://host.docker.internal:8080"
  • host.docker.internal is the hostname you use if you want to scan your own localhost machine

web pentesting

  • List of vulnerable practice applications
  • PHP:
    • docker run --rm -p 10000:80 gjuniioor/owasp-bricks
    • docker run --rm -it -p 10000:80 vulnerables/web-dvwa:latest
    • admin:password
  • Java: docker run --rm -p 127.0.0.1:10000:8080 -p 127.0.0.1:10001:9090 webgoat/goatandwolf
  • NodeJS:
    • docker run --rm --name dvna -p 10000:9090 -d appsecco/dvna:sqlite
    • docker run --rm -p 10000:3000 bkimminich/juice-shop
  • rails: docker run --rm -p 10000:3000 contrastsecuritydemo/railsgoat:1.0
  • Python/Django/API: docker container run -it --rm -p 10000:8000 tuxotron/tiredful-api
  • web socket: docker run --rm -p 10000:80 -p 10080:8080 tssoffsec/dvws

Building yourself a practice area and learning

I recommend you go on over to my home lab notes if you want to practice all of this yourself. I also have several great links for learning these types of concepts.