Web Penetration Testing
Burp Suite for Pentester: Repeater
Burp Suite for Pentester: Burp’s Project Management
Burp Suite for Pentester: Software Vulnerability Scanner
Burp Suite for Pentester: Active Scan++
Burp Suite for Pentester: Turbo Intruder
Burp Suite for Pentester: Burp Sequencer
Burp Suite for Pentester: HackBar
Burp Suite for Pentester: Burp Collaborator
Burp Suite for Pentester: Web Scanner & Crawler
Burp Suite for Pentester: Fuzzing with Intruder (Part 3)
Burp Suite for Pentester: Fuzzing with Intruder (Part 2)
Burp Suite for Pentester: Fuzzing with Intruder (Part 1)
Burp Suite for Pentester: XSS Validator
Burp Suite for Pentester: Configuring Proxy
Comprehensive Guide on XXE Injection
Understanding the CSRF Vulnerability (A Beginner’s Guide)
Cross-Site Scripting Exploitation
Comprehensive Guide on Cross-Site Scripting (XSS)
Comprehensive Guide on Unrestricted File Upload
Comprehensive Guide on Open Redirect
Comprehensive Guide to Remote File Inclusion (RFI)
Comprehensive Guide on HTML Injection
Comprehensive Guide on Path Traversal
Comprehensive Guide on Broken Authentication & Session Management
Comprehensive Guide on OS Command Injection
Multiple Ways to Banner Grabbing
Comprehensive Guide on Local File Inclusion (LFI)
WPScan:WordPress Pentesting Framework
WordPress Pentest Lab Setup in Multiple Ways
Multiple Ways to Crack WordPress login
Web Application Pentest Lab Setup on AWS
Web Application Lab Setup on Windows
Web Application Pentest Lab setup Using Docker
Configure Web Application Penetration Testing Lab
Web Shells Penetration Testing
Web Server Lab Setup for Penetration Testing
SMTP Log Poisoning through LFI to Remote Code Execution
Engagement Tools Tutorial in Burp suite
Payload Processing Rule in Burp suite (Part 2)
Payload Processing Rule in Burp suite (Part 1)
Beginners Guide to Burpsuite Payloads (Part 2)
Beginners Guide to Burpsuite Payloads (Part 1)
Burpsuite Encoder & Decoder Tutorial
Multiple Ways To Exploiting HTTP Authentication
Understanding the HTTP Protocol
Multiple Ways to Detect HTTP Options
Multiple Ways to Exploiting PUT Method
Understanding HTTP Authentication Basic and Digest
Beginner Guide to Understand Cookies and Session Management
Understanding Encoding (Beginner’s guide)
Brute Force Website Login Page using Burpsuite (Beginner Guide)
How to Spider Web Applications using Burpsuite
5 Ways to Create Dictionary for Bruteforcing
Shodan a Search Engine for Hackers (Beginner Tutorial)
5 Ways to Directory Bruteforcing on Web Server
Beginner Guide to Google Dorks (Part 1)
Command Injection Exploitation in DVWA using Metasploit (Bypass All Security)
Server Side Injection Exploitation in bWapp
File Upload Exploitation in bWAPP (Bypass All Security)
Hack File upload Vulnerability in DVWA (Bypass All Security)
Apache Log Poisoning through LFI
Web Server Exploitation with LFI and File Upload
RCE with LFI and SSH Log Poisoning
How to set up SQLI Lab in in Kali
Beginner’s Guide to SQL Injection (Part 1)
Beginner Guide to SQL Injection Boolean Based (Part 2)
How to Bypass SQL Injection Filter Manually
Form Based SQL Injection Manually
Dumping Database using Outfile
Manual SQL Injection Exploitation Step by Step
Beginner Guide to Insecure Direct Object References (IDOR)
Comprehensive Guide to Sqlmap (Target Options)
File System Access on Webserver using Sqlmap
Exploiting Form Based Sql Injection using Sqlmap
Exploiting Sql Injection with Nmap and Sqlmap
Easy way to Hack Database using Wizard switch in Sqlmap
SQL Injection Exploitation in Multiple Targets using Sqlmap
Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)
Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)
Command Injection Exploitation through Sqlmap in DVWA
Shell uploading on Web Server using Sqlmap
Database Penetration Testing using Sqlmap (Part 1)
Command Injection to Meterpreter using Commix
Exploit Command Injection Vulnerability with Commix and Netcat
Powershell Injection Attacks using Commix and Magic Unicorn
Commix-Command Injection Exploiter (Beginner’s Guide)
Shell Uploading in Web Server through PhpMyAdmin
Web Penetration Testing with Tamper Data (Firefox Add-on)
Command Injection Exploitation using Web Delivery (Linux, Windows)
lets hack now
dis is awesome
hello sir thanks for provide us this awesome site with best tutorials can u please make this list serial vise if it is
Thank you for all the entries in the blog have been very interesting, it would be possible some post-exploitation tutorial on linux web servers, greetings and thanks for sharing your knowledge you are great.
you are the best, i have no internet conection full time so i had downloaded all your web pages for learning… thank you.. i am from cuba
This is my go to site for CTF strategies, and hints for when I get stuck. I absolutely love your in-depth walkthroughs with pictures and full explanations. As a visual learner I’m so grateful that people like you exist.
Thank you Sir, keep doing what you do.
Dude you guys are just amazing.
KEEP IT IPPPP
LOVE YOU
From Iraq. I want to thank you to all the best articles. good job and keep up.
Thank you for such a GIFT… man!!
Can you post a complete walkthrough for sql injection in DVWA at high difficulty?
seriously this is the best site .
Nice content
Nice information to all
Hello Raj,
Appreciate your sincerity and passion towards sharing wealth and treasure of videos.
Would you mind sharing one video of SSRF, including SSRF/Blind SSRF.
Hello Raj,
I would highly appreciate if you could share SSRF videos?
Nice tutorial …..I loved it
Can u post Insecure Deserialization Vulnerability exploit tutorial.
Keep on making this website pen testing blog
Make complete detail explaination of SSRF and XXE
Hi RAJ CHANDEL,
Your contribution is highly appreciated in the Security domain,
It would be great if it categorized with vulnerability type means present there are 100 articles on this page but no order is there. it is just my opinion
Thank you
Yes, i will agree with Naveen. If you do some categorization on these blogs like(Begginer, Intermediate and Advanced). It wolud be useful for who are going to start their career in this domain.
https://github.com/Ignitetechnologies/CTF-Difficulty
Great
This site serves as my reference material for learning. Great work done. I am from Ghana
Sir How to get webgoat full walktrough?
Please Suggest me
if you want to do some serius hacking using Termux on your android phone visit : https://www.learntermux.tech/
This website was… how do you say it? Relevant!! Finally I’ve found something that helped me.
Many thanks!
Please do HTML Injection bypass on bWAPP (All Security)
Hello,
It will be very much helpful if we can get an attack scenario or exploitation of Clickjacking attack.
Thank You
I’ve bewn exploring for a little for any high-quality articles or weblog posts in this sort of house .
Exploring in Yahoo I at last stumbled upon this web site.
Reading this information So i’m happy to express that I have a very juust right uncanny feeling I found
out just wyat I needed. I mst surely wioll make sure
to do not forget his web site and provides
it a look regularly.
Really informative and helpful Website, big Thanks! Keep up the good Work!
Hi.
Can you make a list of best Web testing tools?
And maybe test them against OWASP Juice Shop or some other web app like that?
Thanks.
Hi Team,
Could you please provide some info on these two queries..
1. whether burp suite will supports that docker/apk image vulnerability scanning.
2. can we able to capture the “apk and Linux installation package” vulnerability scanning with burp suite.
Thank you in advance..
Thanks for the guide. I am a avid learner of web penetration test.
Sir thanks for this amazing blog! but sir there is one request can you please tell the order to get started because I am a beginner and I got confused that which topic should I learn first! The contents on this website are amazing and beginner-friendly I had struggled a lot to find the best resource and now I don’t want to use any other book or resource! Just I need TOC ( Table of Contents in order ). This will be great if you do this! Thanks again!
A Detailed Guide on httpx, version was updated and these commands dont work anymore.
Thank you for sharing these great articles. They are very helpful.
Please create a attack for client-side desync on web application.
Thanks so much for the good work you are doing for the community. God bless and increase you.