Introduction
1.
Foodprinting and Reconnaissances
Checklist
2.
Android Penetration Testing
3.
Web Application
4.
Report Writing
5.
Bug Bounty Tools
Recon
6.
Public info gathering
7.
Root domains
8.
Subdomain Enum
9.
Subdomain Takeover
10.
Webs recon
11.
Network Scanning
12.
Host Scanning
13.
Packet Scanning
Enumeration
14.
Files
15.
SSL/TLS
16.
Ports
Section
17.
Exploitation
18.
Post-exploitation
19.
Mobile
20.
Recon
21.
Exploiting
22.
Enumeration
22.1.
File analysis
22.2.
Ports
22.3.
Web
22.4.
Web services
22.5.
Cloud
Web
23.
Web Attacks
24.
General Info
25.
Quick tricks
26.
Header injections
27.
Bruteforcing
28.
Online hashes cracked
29.
Crawl/Fuzz
30.
LFI/RFI
31.
File upload
32.
SQLi
33.
SSRF
34.
Open redirects
35.
XSS
36.
CSP
37.
XXE
38.
Cookie Padding
39.
Webshells
40.
CORS
41.
CSRF
42.
Web Cache Poisoning
43.
Broken Links
44.
Clickjacking
45.
HTTP Request Smuggling
46.
Web Sockets
47.
CRLF
48.
IDOR
49.
Web Cache Deception
50.
Session fixation
51.
Email attacks
52.
Pastejacking
53.
HTTP Parameter pollution
54.
SSTI
55.
Prototype Pollution
56.
Command Injection
57.
Deserialization
58.
DNS rebinding
Web-Service
59.
Browser Extension
60.
Web Technologies
61.
APIs
62.
JS
63.
ASP.NET
64.
JWT
65.
GitHub
66.
GitLab
67.
WAFs
68.
Firebird
69.
Wordpress
70.
WebDav
71.
Joomla
72.
Jenkins
73.
IIS
74.
VHosts
75.
Firebase
76.
OWA
77.
OAuth
78.
Flask
79.
Symfony && Twig
80.
Drupal
81.
NoSQL (MongoDB, CouchDB)
82.
PHP
83.
RoR (Ruby on Rails)
84.
JBoss - Java Deserialization
85.
OneLogin - SAML Login
86.
Flash SWF
87.
Nginx
88.
Python
89.
Tomcat
90.
Adobe AEM
91.
Magento
92.
SAP
93.
MFA
94.
GWT
95.
Jira
96.
OIDC (Open ID Connect)
97.
ELK
98.
Sharepoint
99.
Others
Cloud
100.
Cloud
101.
General
102.
Cloud Info Gathering
103.
AWS
104.
Azure
105.
GCP
106.
Docker && Kubernetes
107.
CDN - Comain Fronting
Exploitation
108.
Payloads
109.
Reverse Shells
110.
File transfer
Post-Exploitation
111.
Linux
112.
Pivoting
113.
Windows
114.
AD
114.1.
Kerberos
115.
PS tips & tricks
Mobile
116.
General
117.
Android
118.
iOS
Others
119.
Burp Suite
120.
Password cracking
121.
VirtualBox
122.
Code review
123.
Pentesting Web checklist
124.
Internal Pentest
125.
Web fuzzers review
126.
Recon suites review
127.
Subdomain tools review
128.
Random
129.
Master assessment mindmaps
130.
BugBounty
131.
Exploiting
132.
tools everywhere
Light
Rust
Coal
Navy
Ayu
Checklist
tools everywhere
https://inventory.raw.pm/tools.html
