Web-Application-Pentest-Checklist


Support Us ❤️
Channel : @freelearningtech
Website : https://freelearningtech.in/

🔰What is CTF? 🔰

CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name! Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location.

➖➖➖➖➖➖➖➖

https://t.me/joinchat/SLj_kg0Qz93pVTWM

🔰 How to solve CTF 🔰

Challenge types

Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.

Cryptography - Typically involves decrypting or encrypting a piece of data

Steganography - Tasked with finding information hidden in files or images

Binary - Reverse engineering or exploiting a binary file

Web - Exploiting web pages to find the flag

Pwn - Exploiting a server to find the flag

Where do I start?

If I managed to pique your curiosity, I've compiled a list of resources that helped me get started learning. CTF veterans, feel free to add your own resources in the comments below!

Learning

http://ctfs.github.io/resources/ - Introduction to common CTF techniques such as cryptography, steganography, web exploits (Incomplete)

https://trailofbits.github.io/ctf/forensics/ - Tips and tricks relating to typical CTF challenges/scenarios

https://ctftime.org/writeups - Explanations of solutions to past CTF challenges

Resources

https://ctftime.org - CTF event tracker

https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading

Tools (That I use often)

binwalk - Analyze and extract files

burp suite - Feature packed web penetration testing framework

stegsolve - Pass various filters over images to look for hidden text

GDB - Binary debugger

The command line :)

Practice

Many of the "official" CTFs hosted by universities and companies are time-limited competitions. There are many CTFs however that are online 24/7 that can be used as practice and learning tools. Here are some that I found to be friendly for beginners.

https://ctflearn.com - A collection of various user-submitted challenges aimed towards newcomers

https://overthewire.org/wargames/ - A series of progressively more difficult pwn-style challenges. (Start with the bandit series)

https://2018game.picoctf.com/ - Yearly time-limited CTF now available to use as practice

Conclusion

CTF is a great hobby for those interested in problem-solving and/or cyber security. The community is always welcoming and it can be a lot of fun tackling challenges with friends.
Thank you for reading!

➖➖➖➖➖➖➖➖

Support Us ❤️
Channel : @freelearningtech
Website : https://freelearningtech.in/

Join our discussion group

https://t.me/freelearningtech21

Support Us ❤️
Channel : @freelearningtech
Website : https://freelearningtech.in/

Join our discussion group

https://t.me/freelearningtech21

ComTIA N+ PPT


Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://drive.google.com/file/d/1mcj8kFH8bm6XE8GQRQye7Msmak87KfRu/view?usp=sharing

Window 7 Pirated iso

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Comptia A+ PPT

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://drive.google.com/file/d/1QVl3hhKO_fpIqvtg7J0iWb7Hk0e63hu3/view?usp=drivesdk


XSS PAYLOADS


Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

🦹‍♂🦹‍♂Web Intelligence
Researching Domains🦹‍♂🦹‍♂

Web intelligence (WEBINT) is a means to efficiently identify the intelligence available in open source (OSINT). Structuring and visualizing web-based information allows an analyst to surface tactical information like technical indicators, and strategic understandings like the swaying sentiment of a troubled region.

🍎Tools Link 🍎
🍏Access Check https://accesscheck.thenetmonitor.org
🍏AFRINIC https://www.afrinic.net
🍏APNIC https://www.apnic.net
🍏ARIN https://www.arin.net
🍏 Website Search Tool https://www.aware-online.com/osint-tools/website-search-tool
🍏Better Whois http://www.betterwhois.com
🍏Central Ops http://centralops.net
🍏Complete DNS https://completedns.com
🍏Daily Changes http://dailychanges.domaintools.com
🍏Danger Zone https://github.com/woj-ciech/Danger-zone
🍏Da.whois https://dawhois.com
🍏Dedicated or Not http://dedicatedornot.com
🍏Denic web whois https://www.denic.de/webwhois
🍏DNSDumpster https://dnsdumpster.com
🍏DNS History http://dnshistory.org
🍏DNS Lookup https://dnslookup.online
🍏DNSlytics https://dnslytics.com
🍏dnspop https://github.com/bitquark/dnspop
🍏DNS Queries https://www.dnsqueries.com
🍏dnsrecon https://github.com/darkoperator/dnsrecon
🍏DNS Root Instances https://atlas.ripe.net/results/maps/root-instances
🍏DNSSec Analyzer https://dnssec-analyzer.verisignlabs.com
🍏IMK-CREDITS
https://bio.cool/itsmekali
🍏DNS Spy
https://dnsspy.io
🍏DNSStuff http://www.dnsstuff.com
🍏DNSTools http://www.dnstools.ch
🍏DNS Trails http://dnstrails.com
🍏DNS Trails https://securitytrails.com/dns-trails
🍏dnstwist https://github.com/elceef/dnstwist
🍏dnstwist
https://dnstwist.it
🍏dnstwister https://dnstwister.report
🍏DNSViz
http://dnsviz.net
🍏Domain Big Data http://domainbigdata.com
🍏Domain Crawler http://www.domaincrawler.com
🍏Domain Dossier http://centralops.net/co/DomainDossier.aspx
🍏Domain Eye https://domaineye.com
🍏DomainIQ https://www.domainiq.com
🍏Domain SDB https://domainsdb.info
🍏Domain To IP Converter http://domaintoipconverter.com
🍏Domain Tools https://www.domaintools.com
🍏Domain Tools http://whois.domaintools.com
🍏DomEye https://xaviesteve.com/domeye
🍏downdetector http://downdetector.com
🍏downforeveryoneorjustme http://downforeveryoneorjustme.com
🍏DNS Checker https://dnschecker.org
🍏DShield API https://isc.sans.edu/api
🍏EasyCounter WHois https://whois.easycounter.com
🍏Easy whois https://www.easywhois.com
🍏Educause Whois Lookup https://net.educause.edu/whois.htm
🍏Geektools http://www.geektools.com/whois.php
🍏Lookup https://www.infobyip.com/ipbulklookup.php
🍏Network Tools http://network-tools.com
🍏NS.Tools
https://ns.tools
Onyphe https://www.onyphe.io
🍏OpenData Rapid7 https://opendata.rapid7.com
🍏The Prefix Whois Project https://pwhois.org
🍏PTRArchive http://ptrarchive.com
🍏Purplepee.com https://purplepee.co
🍏RedirectDetective http://redirectdetective.com


Enjoy 👍



Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here we share now How to do Bug hunting step wise checked pinned messages regularly


Bug hunting Step one Choose your Target which have huge list of subdomains and subdomains is eligible in Scope

Like you have seen a two targets

1. www.example.com

Another one is shown like this

2.*. example.com

Then you choose the second one

Here is two website where you can find subdomains easily


https://chaos.projectdiscovery.io/#/


https://subdomainfinder.c99.nl/


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/