This cheatsheet is built for the Red Teamers and Penetration Testers such in order to help them to hunt the vulnerabilties. It is designed such that the beginners can understand the fundamentals and the professionals can brush up their skills with the advanced options. There are multiple ways to perform all the mentioned tasks, thereby we've performed and compiled this list over with our experience. Please share it with your connections and send your queries and feedbacks directly to Aarti Singh.
- XXE Injection
- CSRF
- Cross-Site Scripting Exploitation
- Cross-Site Scripting (XSS)
- Unrestricted File Upload
- Open Redirect
- Remote File Inclusion (RFI)
- HTML Injection
- Path Traversal
- Broken Authentication & Session Management
- OS Command Injection
- Multiple Ways to Banner Grabbing
- Local File Inclusion (LFI)
- Netcat for Pentester
- WPScan:WordPress Pentesting Framework
- WordPress Pentest Lab Setup in Multiple Ways
- Multiple Ways to Crack WordPress login
- Web Application Pentest Lab Setup on AWS
- Web Application Lab Setup on Windows
- Web Application Pentest Lab setup Using Docker
- Web Shells Penetration Testing
- SMTP Log Poisoning
- HTTP Authentication
- Understanding the HTTP Protocol
- Broken Authentication & Session Management
- Apache Log Poisoning through LFI
- Beginner’s Guide to SQL Injection (Part 1)
- Boolean Based
- How to Bypass SQL Injection Filter
- Form Based SQL Injection
- Dumping Database using Outfile
- IDOR