This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

  • Cheat Sheet

docker container for portability

  • kali-build contains the files necessary for running the essential kali linux tools in a docker container.
  • it is recommended that you install burp suite on your host OS along with firefox.
  • tools like "gobuster" can be proxied through hostOS burp proxy via "http://host.docker.internal:8080"
  • host.docker.internal is the hostname you use if you want to scan your own localhost machine

web pentesting

  • List of vulnerable practice applications
  • PHP:
    • docker run --rm -p 10000:80 gjuniioor/owasp-bricks
    • docker run --rm -it -p 10000:80 vulnerables/web-dvwa:latest
    • admin:password
  • Java: docker run --rm -p -p webgoat/goatandwolf
  • NodeJS:
    • docker run --rm --name dvna -p 10000:9090 -d appsecco/dvna:sqlite
    • docker run --rm -p 10000:3000 bkimminich/juice-shop
  • rails: docker run --rm -p 10000:3000 contrastsecuritydemo/railsgoat:1.0
  • Python/Django/API: docker container run -it --rm -p 10000:8000 tuxotron/tiredful-api
  • web socket: docker run --rm -p 10000:80 -p 10080:8080 tssoffsec/dvws

Building yourself a practice area and learning

I recommend you go on over to my home lab notes if you want to practice all of this yourself. I also have several great links for learning these types of concepts.