Skip to content
/ OSCP-PwK Public

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

Notifications You must be signed in to change notification settings

so87/OSCP-PwK

Repository files navigation

oscp

  • This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.
  • Cheat Sheet

docker container for portability

  • kali-build contains the files necessary for running the essential kali linux tools in a docker container.
  • it is recommended that you install burp suite on your host OS along with firefox.
  • tools like "gobuster" can be proxied through hostOS burp proxy via "http://host.docker.internal:8080"
  • host.docker.internal is the hostname you use if you want to scan your own localhost machine

web pentesting

  • List of vulnerable practice applications
  • PHP:
    • docker run --rm -p 10000:80 gjuniioor/owasp-bricks
    • docker run --rm -it -p 10000:80 vulnerables/web-dvwa:latest
    • admin:password
  • Java: docker run --rm -p 127.0.0.1:10000:8080 -p 127.0.0.1:10001:9090 webgoat/goatandwolf
  • NodeJS:
    • docker run --rm --name dvna -p 10000:9090 -d appsecco/dvna:sqlite
    • docker run --rm -p 10000:3000 bkimminich/juice-shop
  • rails: docker run --rm -p 10000:3000 contrastsecuritydemo/railsgoat:1.0
  • Python/Django/API: docker container run -it --rm -p 10000:8000 tuxotron/tiredful-api
  • web socket: docker run --rm -p 10000:80 -p 10080:8080 tssoffsec/dvws

Building yourself a practice area and learning

I recommend you go on over to my home lab notes if you want to practice all of this yourself. I also have several great links for learning these types of concepts.

About

This is my cheatsheet and scripts developed while taking the Offensive Security Penetration Testing with Kali Linux course.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published