Pentester Guide

A Comprehensive Resource for Pentesters: Tools, Methodologies, Scripts, Certifications, Learning Resources, Labs, Career Opportunities, Entertainment, and Freelancing Tips.

Contents

• Important Notes
• Certifications
• Pentesting Practice Platforms
• Foss Labs
• Bug Bounty Hunting Platforms
• Independent Pentesting Platforms
• 0Day Market
• Operating System for Hacking
• Awesome Links
• Hackers Manuals
• About Me
• Sponsor

Important Notes

1. Tools
2. Active Directory
3. All about Pentesting
4. Bug Bounty Hunting Methodology
5. HackiFy Wordlist and Tool Installer Script
6. Cyber Security / Bug Bounty Hunting Roadmap

Certifications

1. INE eJPT $249
2. AlteredSecurity CRTP $249
3. TCM Security PNPT $499
4. INE eCPPT $599
5. Offensive Security - PEN-200 (OSCP) $1649
6. HTB CPTS With Annual Silver Plan $490
7. Offensive Security - PEN-300 (OSEP) $1649
8. Google Cybersecurity Professional Certificate Almost Free (Less than $20 for one month)
9. Microsoft Certified: Azure Security Engineer Associate (Cloud) $146
10. CompTIA Security+ $500 Exam Voucher
11. CREST CRT $500
12. ISC2 CISSP $750
13. ISC2 CCSP $599
14. SANS SEC560: Enterprise Penetration Testing (GPEN) $2,499
15. SANS SEC660: GIAC Exploit Researcher and Advanced Penetration Tester $2,499

Note: Price may vary.

Pentesting Practice Platforms

1. VulnHub (Offsec) – Free
2. VulnMachines (BlackHat) – Free
3. Web Security Academy (PortSwigger Labs) – Free
4. TryHackMe – Free + Paid
5. pwnable.kr – Free
6. pwnable.tw – Free
7. HackTheBox – Free + Paid
8. root-me – Free
9. PentesterAcademy (Attackdefense) – Free + Paid
10. Pentester Lab – Free + Paid
11. standoff365 hackbase – Free

FOSS Labs

1. Vulhub
2. Metasploitable3 Box
3. OWASP Juice (WEB)
4. DVWA (WEB)
5. WebGOAT (WEB)
6. Kubernetes GOAT
7. Wrong Secrets (WEB)
8. SQLi Lab
9. HackerOne CTF
10. For More Check: Awesome Vulnerable App List

Bug Bounty Hunting Platforms

1. Hackerone
2. Bugcrowd
3. Intigriti
4. YesWeHack
5. Standoff365
6. RedStorm
7. Zerocopter
8. OpenBugBounty
9. Immunify Web3
10. HackenProof WEB3

Independent Pentesting Platforms

1. Yogosha
2. Synack
3. Cobalt

0Day Market

1. CrowdFense
2. Zerodium (0day Bounty)

Best OS for Hacking

1. BackBox
2. ParrotSec Security Edition
3. Kali Linux (OFFSEC)
4. BlackArch

Awesome Links

1. The Book of Secret Knowledge
2. Sirensecurity.io Windows Privilege Escalation Resources
3. Awesome Link List by Sindre Sorhus
4. cheatography.com cheatsheets

Hackers Manuals

1. HackTricks
2. HackingArticles.in
3. InternalAllTheThings by swisskyrepo
4. eloypgz.org Active Directory
5. ExplainShell (Command Manual)
6. Reverse Shell making Tool
7. Hashcat Example Hashes
8. GTFObins Priviledge Escalation Cheetsheet
9. LOLBAS Binaries, Scripts and Libraries Exploit
10. loldrivers Drivers Exploits
11. WADComs Windows AD Cheetsheat
12. Exploit List haxx.it

Books

1. The Web Applicaiton Hacker’s Handbook
2. Web Hacking Arsenal
3. Brute XSS Payload Collection By Rodolfo Assis
4. THERCEMAN Bug Bounty CheetSheat Book

About Me

Platform	Link
LinkedIn	LinkedIn.com/in/ZishanAdThandar
YouTube	YouTube.com/ZishanAdThandar
LinkTree	ZishanAdThandar.github.io/linktree
Twitter	twitter.com/ZishanAdThandar
Telegram	ZishanAdThandar.t.me
GitHub	GitHub.com/ZishanAdThandar
Portfolio	ZishanAdThandar.github.io
Resume	ZishanAdThandar.github.io/CV.pdf

Sponsor

1. https://github.com/sponsors/ZishanAdThandar
2. https://ZishanAdThandar.github.io/sponsor/