Web Penetration Testing

Engagement Tools Tutorial in Burp suite

Payload Processing Rule in Burp suite (Part 2)

Payload Processing Rule in Burp suite (Part 1)

Beginners Guide to Burpsuite Payloads (Part 2)

Beginners Guide to Burpsuite Payloads (Part 1)

Burpsuite Encoder & Decoder Tutorial

WordPress Penetration Testing using WPScan & Metasploit

WordPress Penetration Testing Lab Setup in Ubuntu

Configure Web Application Penetration Testing Lab

Configure Web Server for Penetration Testing (Beginner Guide)

Web Pentest Lab Setup using bWAPP in Windows 10

Web Penetration Lab Setup using Webgoat in kali Linux

DVWA and OWASP Mutillidae II Lab Setup in Windows

Web Penetration Testing Lab setup using XVWA

Web Hacking Lab Setup using DVNA in Kali Linux

Web Pentest Lab setup for Beginners using DVWS

Understanding the HTTP Protocol

Multiple Ways to Exploiting PUT Method

Multiple Ways to Detect HTTP Options

Netcat Tutorials for Beginner

Web Application Penetration Testing with curl

Beginner Guide to Understand Cookies and Session Management

Understanding Encoding (Beginner’s guide)

 Understanding HTTP Authentication Basic and Digest

Brute Force Website Login Page using Burpsuite (Beginner Guide)

Hack the Basic HTTP Authentication using Burpsuite

How to Spider Web Applications using Burpsuite

5 ways to Banner Grabbing

5 Ways to Create Dictionary for Bruteforcing

Shodan a Search Engine for Hackers (Beginner Tutorial)

5 Ways to Directory Bruteforcing on Web Server

Beginner Guide to Google Dorks (Part 1)

Beginner Guide to OS Command Injection

Command Injection Exploitation in DVWA using Metasploit (Bypass All Security)

5 ways to File upload vulnerability Exploitation

File Upload Exploitation in bWAPP (Bypass All Security)

Hack File upload Vulnerability in DVWA (Bypass All Security)

Webshell to Meterpreter

Web Shells Penetration Testing (Beginner Guide)

Beginner Guide to File Inclusion Attack (LFI/RFI)

5 ways to Exploit LFi Vulnerability

Apache Log Poisoning through LFI

Web Server Exploitation with LFI and File Upload

RCE with LFI and SSH Log Poisoning

Understanding Redirection with Hashing and Crypto Salt (Part 2)

Understanding Redirection with Encoding Techniques (Part 1)

How to set up SQLI Lab in in Kali

Beginner’s Guide to SQL Injection (Part 1)

Beginner Guide to SQL Injection Boolean Based (Part 2)

How to Bypass SQL Injection Filter Manually

Form Based SQL Injection Manually

Dumping Database using Outfile

Manual SQL Injection Exploitation Step by Step

Beginners Guide to Cross Site Scripting (XSS)

Understanding DOM Based XSS in DVWA (Bypass All Security)

XSS Exploitation in DVWA (Bypass All Security)

Stored XSS Exploitation in DVWA (Beginner Guide)

Understanding the CSRF Vulnerability (A Beginner Guide)

CSRF Attack in Beginners in DVWA

CSRF Exploitation using XSS

Beginner Guide to Insecure Direct Object References (IDOR)

Comprehensive Guide to Sqlmap (Target Options)

File System Access on Webserver using Sqlmap

Exploiting Form Based Sql Injection using Sqlmap

Exploiting Sql Injection with Nmap and Sqlmap

Easy way to Hack Database using Wizard switch in Sqlmap

SQL Injection Exploitation in Multiple Targets using Sqlmap

Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)

Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Command Injection Exploitation through Sqlmap in DVWA

Shell uploading on Web Server using Sqlmap

Database Penetration Testing using Sqlmap (Part 1)

Command Injection to Meterpreter using Commix

Exploit Command Injection Vulnearbility with Commix and Netcat

Powershell Injection Attacks using Commix and Magic Unicorn

bWAPP Command Injection Exploitation using Commix (Bypass All Security)

WordPress Penetration Testing using Symposium Plugin SQL Injection

5 ways to Brute Force Attack on WordPress Website

Penetration Testing in WordPress Website using WordPress Exploit Framework

Exploiting WordPress using Ninja Forms Unauthenticated File Upload

Exploit WordPress Using SlideShow Gallery Authenticated File Upload

Exploit  WordPress using Plugin Foxypress uploadify.php Arbitrary Code Execution

Exploit WordPress Using WP EasyCart Unrestricted File Upload

Exploit WordPress Using InfusionSoft Upload Vulnerability

Exploit  WordPress using WPTouch Authenticated File Upload

Exploit WordPress using Photo Gallery Unrestricted File Upload

Exploit WordPress using Work the Flow Upload Vulnerability

Exploit  WordPress Using Ajax Load More PHP Upload Vulnerability

Exploit WordPress Using Reflex Gallery Upload Vulnerability

Exploit WordPress Using N-Media Website Contact Form with File Upload Vulnerability

Vulnerability Scanning in WordPress Site using WPScan

Exploit Joomla using autJoomla HTTP Header Unhenticated Remote Code Execution

How to Find Vulnerability in joomla Website using Backtrack

Exploiting Joomla  using Account Creation and Privilege Escalation

Exploit Drupal  using  RESTWS Module Remote PHP Code Execution

Exploit Drupal  using  HTTP Parameter Key/Value SQL Injection

Vulnerability Analysis in Web Application using Burp Scanner

Fuzzing SQL,XSS and Command Injection using Burp Suite

Beginner Guide to HTML Injection

7 Comments Web Penetration Testing

  1. Mohit

    hello sir thanks for provide us this awesome site with best tutorials can u please make this list serial vise if it is

    Reply
  2. Bryan

    Thank you for all the entries in the blog have been very interesting, it would be possible some post-exploitation tutorial on linux web servers, greetings and thanks for sharing your knowledge you are great.

    Reply
  3. fer

    you are the best, i have no internet conection full time so i had downloaded all your web pages for learning… thank you.. i am from cuba

    Reply
  4. Charlie

    This is my go to site for CTF strategies, and hints for when I get stuck. I absolutely love your in-depth walkthroughs with pictures and full explanations. As a visual learner I’m so grateful that people like you exist.

    Thank you Sir, keep doing what you do.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *