oscp
- This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.
- Cheat Sheet
docker container for portability
- kali-build contains the files necessary for running the essential kali linux tools in a docker container.
- it is recommended that you install burp suite on your host OS along with firefox.
- tools like "gobuster" can be proxied through hostOS burp proxy via "http://host.docker.internal:8080"
- host.docker.internal is the hostname you use if you want to scan your own localhost machine
web pentesting
- List of vulnerable practice applications
- PHP:
- docker run --rm -p 10000:80 gjuniioor/owasp-bricks
- docker run --rm -it -p 10000:80 vulnerables/web-dvwa:latest
- admin:password
- Java: docker run --rm -p 127.0.0.1:10000:8080 -p 127.0.0.1:10001:9090 webgoat/goatandwolf
- WebGoat will be located at: http://127.0.0.1:10000/WebGoat
- WebWolf will be located at: http://127.0.0.1:10001/WebWolf
- NodeJS:
- docker run --rm --name dvna -p 10000:9090 -d appsecco/dvna:sqlite
- docker run --rm -p 10000:3000 bkimminich/juice-shop
- rails: docker run --rm -p 10000:3000 contrastsecuritydemo/railsgoat:1.0
- Python/Django/API: docker container run -it --rm -p 10000:8000 tuxotron/tiredful-api
- web socket: docker run --rm -p 10000:80 -p 10080:8080 tssoffsec/dvws
Building yourself a practice area and learning
I recommend you go on over to my home lab notes if you want to practice all of this yourself. I also have several great links for learning these types of concepts.