Web Penetration Testing

Comprehensive Guide to OS Command Injection

Multiple Ways to Banner Grabbing

Comprehensive Guide to Local File Inclusion (LFI)

Multiple Ways to Crack WordPress login

Drupal: Reverseshell

Joomla: Reverse Shell

WordPress: Reverse Shell

Web Application Pentest Lab Setup on AWS

Web Application Lab Setup on Windows

Web Application Pentest Lab setup Using Docker

Configure Web Application Penetration Testing Lab

Web Shells Penetration Testing

Web Server Lab Setup for Penetration Testing

SMTP Log Poisoning through LFI to Remote Code Execution

Engagement Tools Tutorial in Burp suite

Payload Processing Rule in Burp suite (Part 2)

Payload Processing Rule in Burp suite (Part 1)

Beginners Guide to Burpsuite Payloads (Part 2)

Beginners Guide to Burpsuite Payloads (Part 1)

Burpsuite Encoder & Decoder Tutorial

WordPress Penetration Testing using WPScan & Metasploit

WordPress Penetration Testing Lab Setup in Ubuntu

Multiple Ways To Exploiting HTTP Authentication

Understanding the HTTP Protocol

Multiple Ways to Detect HTTP Options

Multiple Ways to Exploiting PUT Method

Understanding HTTP Authentication Basic and Digest

Comprehensive Guide on Netcat

Web Application Penetration Testing with curl

Beginner Guide to Understand Cookies and Session Management

Understanding Encoding (Beginner’s guide)

Brute Force Website Login Page using Burpsuite (Beginner Guide)

How to Spider Web Applications using Burpsuite

5 Ways to Create Dictionary for Bruteforcing

Shodan a Search Engine for Hackers (Beginner Tutorial)

5 Ways to Directory Bruteforcing on Web Server

Beginner Guide to Google Dorks (Part 1)

Command Injection Exploitation in DVWA using Metasploit (Bypass All Security)

5 ways to File upload vulnerability Exploitation

File Upload Exploitation in bWAPP (Bypass All Security)

Hack File upload Vulnerability in DVWA (Bypass All Security)

Apache Log Poisoning through LFI

Web Server Exploitation with LFI and File Upload

RCE with LFI and SSH Log Poisoning

Understanding Redirection with Hashing and Crypto Salt (Part 2)

Understanding Redirection with Encoding Techniques (Part 1)

How to set up SQLI Lab in in Kali

Beginner’s Guide to SQL Injection (Part 1)

Beginner Guide to SQL Injection Boolean Based (Part 2)

How to Bypass SQL Injection Filter Manually

Form Based SQL Injection Manually

Dumping Database using Outfile

Manual SQL Injection Exploitation Step by Step

Beginners Guide to Cross Site Scripting (XSS)

Understanding DOM Based XSS in DVWA (Bypass All Security)

XSS Exploitation in DVWA (Bypass All Security)

Stored XSS Exploitation in DVWA (Beginner Guide)

Understanding the CSRF Vulnerability (A Beginner Guide)

CSRF Attack in Beginners in DVWA

CSRF Exploitation using XSS

Beginner Guide to Insecure Direct Object References (IDOR)

Comprehensive Guide to Sqlmap (Target Options)

File System Access on Webserver using Sqlmap

Exploiting Form Based Sql Injection using Sqlmap

Exploiting Sql Injection with Nmap and Sqlmap

Easy way to Hack Database using Wizard switch in Sqlmap

SQL Injection Exploitation in Multiple Targets using Sqlmap

Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)

Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn)

Command Injection Exploitation through Sqlmap in DVWA

Shell uploading on Web Server using Sqlmap

Database Penetration Testing using Sqlmap (Part 1)

Command Injection to Meterpreter using Commix

Exploit Command Injection Vulnearbility with Commix and Netcat

Powershell Injection Attacks using Commix and Magic Unicorn

Penetration Testing in WordPress Website using WordPress Exploit Framework

Vulnerability Scanning in WordPress Site using WPScan

Vulnerability Analysis in Web Application using Burp Scanner

Fuzzing SQL,XSS and Command Injection using Burp Suite

Beginner Guide to HTML Injection

28 Comments → Web Penetration Testing

CRAZYWICKEDHACKER August 13, 2012 at 9:54 pm

lets hack now

Reply ↓
Salimon Abiodun August 15, 2013 at 11:23 pm

dis is awesome

Reply ↓
Mohit February 21, 2018 at 1:01 am

hello sir thanks for provide us this awesome site with best tutorials can u please make this list serial vise if it is

Reply ↓
Bryan April 21, 2018 at 1:28 am

Thank you for all the entries in the blog have been very interesting, it would be possible some post-exploitation tutorial on linux web servers, greetings and thanks for sharing your knowledge you are great.

Reply ↓
fer August 16, 2018 at 3:24 pm

you are the best, i have no internet conection full time so i had downloaded all your web pages for learning… thank you.. i am from cuba

Reply ↓
Charlie September 22, 2018 at 7:27 pm

This is my go to site for CTF strategies, and hints for when I get stuck. I absolutely love your in-depth walkthroughs with pictures and full explanations. As a visual learner I’m so grateful that people like you exist.

Thank you Sir, keep doing what you do.

Reply ↓
saad November 8, 2018 at 4:26 am

Dude you guys are just amazing.
KEEP IT IPPPP
LOVE YOU

Reply ↓
Ahmed Taher December 20, 2018 at 7:38 am

From Iraq. I want to thank you to all the best articles. good job and keep up.

Reply ↓
DirtyVegan January 29, 2019 at 7:16 pm

Thank you for such a GIFT… man!!

Reply ↓
Yash March 2, 2019 at 5:19 am

Can you post a complete walkthrough for sql injection in DVWA at high difficulty?

Reply ↓
surya May 4, 2019 at 1:03 pm

seriously this is the best site .

Reply ↓
Ji July 22, 2019 at 4:10 pm

Nice content
Nice information to all

Reply ↓
Sahil August 4, 2019 at 6:35 pm

Hello Raj,

Appreciate your sincerity and passion towards sharing wealth and treasure of videos.

Would you mind sharing one video of SSRF, including SSRF/Blind SSRF.

Reply ↓
1. raj May 27, 2020 at 3:35 pm
  
  Hello Raj,
  
  I would highly appreciate if you could share SSRF videos?
  
  Reply ↓
Sunny August 12, 2019 at 7:53 pm

Nice tutorial …..I loved it

Reply ↓
Raja August 13, 2019 at 2:52 pm

Can u post Insecure Deserialization Vulnerability exploit tutorial.

Reply ↓
Sivanesh September 8, 2019 at 10:35 am

Keep on making this website pen testing blog

Reply ↓
Naveen September 13, 2019 at 12:50 pm

Hi RAJ CHANDEL,
Your contribution is highly appreciated in the Security domain,

It would be great if it categorized with vulnerability type means present there are 100 articles on this page but no order is there. it is just my opinion

Thank you

Reply ↓
1. ramse December 13, 2019 at 9:04 am
  
  Yes, i will agree with Naveen. If you do some categorization on these blogs like(Begginer, Intermediate and Advanced). It wolud be useful for who are going to start their career in this domain.
  
  Reply ↓
  1. Raj Chandel December 13, 2019 at 1:02 pm
    
    https://github.com/Ignitetechnologies/CTF-Difficulty
    
    Reply ↓
Shafi September 25, 2019 at 11:31 pm

Great

Reply ↓
Dump Gee October 24, 2019 at 8:05 pm

This site serves as my reference material for learning. Great work done. I am from Ghana

Reply ↓
Tanmay Bhattacharjee November 23, 2019 at 1:14 pm

Sir How to get webgoat full walktrough?
Please Suggest me

Reply ↓
khan saad January 29, 2020 at 6:01 am

if you want to do some serius hacking using Termux on your android phone visit : https://www.learntermux.tech/

Reply ↓
mfh February 22, 2020 at 8:11 pm

This website was… how do you say it? Relevant!! Finally I’ve found something that helped me.
Many thanks!

Reply ↓
Arsalan Shahid May 5, 2020 at 7:37 pm

Please do HTML Injection bypass on bWAPP (All Security)

Reply ↓
Zeeshan Khan May 6, 2020 at 11:06 pm

Hello,

It will be very much helpful if we can get an attack scenario or exploitation of Clickjacking attack.

Thank You

Reply ↓
GüTersloh Kino May 7, 2020 at 4:39 am

I’ve bewn exploring for a little for any high-quality articles or weblog posts in this sort of house .
Exploring in Yahoo I at last stumbled upon this web site.

Reading this information So i’m happy to express that I have a very juust right uncanny feeling I found
out just wyat I needed. I mst surely wioll make sure
to do not forget his web site and provides
it a look regularly.

Reply ↓

Leave a Reply Cancel reply