Pentesting.site is a comprehensive educational resource for penetration testing and ethical hacking, organized around the penetration testing attack chain. The site provides detailed information on each phase of penetration testing: 1. Reconnaissance - techniques for gathering intelligence on targets through passive and active methods 2. Enumeration - methods for scanning and probing target systems to identify services, shares, and configurations 3. Exploitation - approaches for leveraging discovered vulnerabilities to gain access to systems 4. Post-Exploitation - strategies for maximizing access, escalating privileges, and moving deeper into networks The site includes dedicated sections for common vulnerabilities, cheat sheets for popular penetration testing tools (including Bloodhound, Metasploit, Nmap, and others), and collections of useful links organized by category. It also features information about various penetration testing certifications from providers like Offensive Security, GIAC, HTB, and others. Pentesting.site serves as both a methodological guide and a practical reference for security professionals conducting ethical hacking engagements.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
A comprehensive reference guide providing practical examples and commands for using Hashcat to crack various types of password hashes.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.