This repository is dedicated to documenting my preparation for the eWPTv2 exam. It includes comprehensive notes and detailed walkthroughs of various topics covered in the exam curriculum, such as Web Application Penetration Testing, SQL Injection, XSS Attacks, and Web Service Security Testing.
The notes are organized to provide a clear understanding of each topic, with practical examples, input commands, and their corresponding outputs. This allows readers to learn and follow the techniques without the need to set up or run the commands themselves.
Each section provides step-by-step guides on how to identify and exploit common web application vulnerabilities, offering valuable insights into the tools, methodologies, and best practices used by penetration testers. By working through these topics, I aim to strengthen my skills and build a deeper understanding of web application security.
Whether you're preparing for the eWPTv2 exam or just looking to enhance your web application security knowledge, this repository serves as both a study guide and a useful resource for anyone interested in offensive security.
- Finding Ownership and IP Addresses (with WHOIS, Netcraft, DNSRecon/DNSDumpster)
- Reviewing Webserver Metafiles for Information Leakage
- Search Engine Discovery (with Google Dorks)
- Web App Fingerprinting: Web App Technology Fingerprinting (with BuiltWith/Wappalyzer/WhatWeb)
- Web App Fingerprinting: WAF Detection (with WAFW00F)
- Source Code Analysis: Copying Websites (with HTTRack)
- Source Code Analysis: Website Screenshots (with EyeWitness)
- Passive Crawling and Spidering (with Burp Suite/OWASP ZAP)
- Web Server Fingerprinting (with Nmap/Metasploit)
- DNS Enumeration (with DNSRecon/dnsenum/DiG/Fierce)
- Subdomain Enumeration (with Sublist3r/Fierce)
- Web Server Vulnerability Scanning (with Nikto)
- File and Directory Brute-Force (with Gobuster)
- Automated Web Reconnaissance (with OWASP Amass)
- Passive Crawling with Burp Suite
- Burp Suite Target, Intruder, Sequencer, Repeater and Decoder
- Crawling and Spidering with OWASP ZAP
- Directory Enumeration with Burp Suite and OWASP ZAP
03 XSS Attacks
- Identifying and Exploiting Reflected XSS Vulnerabilities
- Identifying and Exploiting Stored XSS Vulnerabilities
- Identifying and Exploiting DOM-Based XSS Vulnerabilities
- Identifying and Exploiting XSS Vulnerabilities with Automated Tools (XSSer)
- Identifying and Exploiting In-Band SQL Injection Vulnerabilities (Error-Based and Union-Based)
- Identifying and Exploiting Blind SQL Injection Vulnerabilities (Time-Based and Boolean-Based)
- Identifying and Exploiting SQL Injection Vulnerabilities with Automated Tools (SQLMap)
- Penetration Testing of NoSQL Databases
- HTTP Method and Authentication Testing
- Testing for Sensitive Data Exposure
- Broken Authentication Attacks (Attacking Login Forms, Bypassing Authentication)
- Session Security Testing (Session Hijacking, CSRF)
- Injection and Input Validation Attacks (Command Injection, Code Injection)
- Testing for Security Misconfigurations
- Exploiting Vulnerable and Outdated Components
- Identifying and Exploiting Arbitrary File Upload Vulnerabilities (Bypassing File Upload Extension Filters, Bypassing PHPx Blacklists)
- Identifying and Exploiting Directory/Path Traversal Vulnerabilities
- Identifying and Exploiting LFI Vulnerabilities
- Identifying and Exploiting RFI Vulnerabilities
- SOAP-based Web Service Security Testing (WSDL Disclosure and Method Enumeration, Invoking Hidden Methods, Testing for SQL Injection, Testing for Command Injection)
- WordPress Version Enumeration (Manual and with WPScan/WhatWeb)
- WordPress Users, Plugins and Themes Enumeration (Manual and with WPScan)
- Hidden Files and Sensitive Information Enumeration (with Gobuster)
- WordPress Vulnerability Scanning (with WPScan)
- WordPress Authentication Brute-Force Attacks (with Burp Suite)
- WordPress Plugin Vulnerabilities Exploitation: Arbitrary File Upload
- WordPress Plugin Vulnerabilities Exploitation: Stored XSS
- Charset, HTML, URL and Base64 Encoding
- Bypassing Client-Side Filters
- Bypassing Server-Side Filters
- Bypassing Browser Based Restrictions