Introduction to Ethical Hacking/Pentesting
Last updated
Was this helpful?
Last updated
Was this helpful?
Install linux on your system. Kali Linux is recommended.
Learn basic linux commands.
Learn the basics of some programming languages (HTML/CSS, JS, PHP, SQL, Python) For basics and in-short tutorials of programming languages, watch
Frequently Used Linux commands:
For Windows 10/11
If wsl --install doesn't work then refer the manual steps
Reference Video:
This video by NetworkChuck guides you through the manual steps
For installation of GUI (Graphical User Interface), kex, refer to the following video
For those of you on Windows AMD, WSL has some stability issues. So, we recommend using Virtual Machines
For mac users, you already have a terminal. For some tools you might need Kali Linux (not any time soon).
HTTP methods (mainly GET and POST methods)
IP (Internet Protocol)
DNS (Domain Name System)
SSH (Secure Shell)
Telnet (Teletype Network)
Ports
Learn Python, as many tools/scripts are coded in it.
Learn to use Github.
Learn basics of command line editors vim and GNU nano.
Solve previous Challenges of CTF and read Writeups.
Note: CTFtime is the platform where you can get every CTF-related information.
Master some of the most important tools of Kali:
Burpsuite
Wireshark
Nmap
Metasploit
Webscarab
Learn using some browser extensions helpful in solving CTF problems:
Hackbar
Cookie-editor
Open referer control
Learn about various vulnerabilities: XSS, HTMLi, SQLi, Parameter Tampering, Host Header Injection, URL Redirection, LFI, RFI, SSTI, CCRF, SSRF, Subdomain Takeover, CMDi, XMLI etc.
Web Security
Network Security
Forensics
Application Security
Steganography
Cryptography
Mobile Security
Quick guide for introduction: https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm
Web Application Hackers' Handbook
Web Hacking 101
http://testphp.vulnweb.com/
http://hackthis.co.uk (SQLi)
(https://regexone.com/)
(https://regexr.com/)
(https://devhints.io/bash)
(https://www.shellscript.sh/)
(https://www.cybrary.it/)
(https://www.hacker101.com/)
(http://virustotal.com): Site used for finding all subdomains of a site, checking virus, and many more.
Hacking: The Art of Exploitation
The Shellcoders Handbook
SQLi: sqlmap
Forensics: Volatility, Sleuthkit
HTTP, HTTPS, FTP, DNS, SMTP, ports, MAC Address, IPv4, IPv6, Public v Private IP, OSI model, Routers and switches.
Learn about (Open Web Application Security Project) community and it's list of .
Solve basic CTF problems from and on OverTheWire.
After completing Bandit and Natas, move on to (contains challenges covering the basics and JS)
Start participating in live CTFs on . This will boost your problem solving skills.
Try solving CTF challenges from and .
Learn creating ssh public key and connecting to ssh server:
learn with practicals:
For advanced crypto go to
Crypto: , ,
Steganography: zteg, stegsolve, binwalk, hex-editor, ,
Reversing: gdb, ghidra, edb-debug,
Password cracking: john the ripper, , hashcat, crunch, medusa