BestHub
Sign in
Tag

penetration testing

1 views collected around this technical thread.

Raymond Ops
Raymond Ops
Mar 5, 2025 · Information Security

Essential Kali Linux Penetration Testing Tools and How to Use Them

Explore the most common Kali Linux penetration testing utilities—including Nmap, Metasploit, Hydra, Wireshark, and more—organized by categories such as information gathering, vulnerability exploitation, password cracking, and network monitoring, with brief usage commands and guidance for each tool.

Kali Linuxmalware analysisnetwork scanning
0 likes · 11 min read
Essential Kali Linux Penetration Testing Tools and How to Use Them
DevOps Operations Practice
DevOps Operations Practice
Jul 11, 2024 · Information Security

Top 7 Penetration Testing Tools and Their Key Features

This article introduces seven leading penetration testing tools—including Kali Linux, Metasploit, Wireshark, Nmap, Burp Suite, Acunetix, and Nessus—detailing their primary features and how they help security professionals identify and mitigate vulnerabilities effectively.

Burp SuiteKali LinuxMetasploit
0 likes · 9 min read
Top 7 Penetration Testing Tools and Their Key Features
Python Programming Learning Circle
Python Programming Learning Circle
Apr 29, 2024 · Information Security

Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications

The article explains how Python's simplicity, extensive ecosystem, versatility, and strong automation capabilities make it a preferred language for cybersecurity professionals, outlining five key reasons and showcasing typical use cases such as network scanning, penetration testing, malware analysis, security auditing, and tool development.

Pythonautomationcybersecurity
0 likes · 6 min read
Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications
DevOps Operations Practice
DevOps Operations Practice
Apr 21, 2024 · Information Security

Overview of Kali Linux: Features, Tools, and Use Cases

Kali Linux, a Debian‑based distribution maintained by Offensive Security, bundles over 600 penetration‑testing and digital‑forensics tools such as Metasploit, Nmap, Wireshark, Aircrack‑ng and John the Ripper, making it a preferred platform for security professionals in testing, forensics, and network defense.

Digital ForensicsKali Linuxinformation security
0 likes · 4 min read
Overview of Kali Linux: Features, Tools, and Use Cases
Practical DevOps Architecture
Practical DevOps Architecture
Mar 14, 2024 · Information Security

Comprehensive Penetration Testing Course Outline

This article provides a detailed curriculum for a penetration testing training program, covering operating system basics, web services, database setup, Kali Linux installation, various hacking tools, common web vulnerabilities, SQL injection techniques, command execution, file upload and inclusion flaws, XSS, CSRF, SSRF, privilege escalation, and internal network exploitation.

Vulnerability Analysisethical hackinginformation security
0 likes · 10 min read
Comprehensive Penetration Testing Course Outline
Java Architect Essentials
Java Architect Essentials
May 26, 2023 · Information Security

Step‑by‑Step WordPress Site Penetration Testing Tutorial

This tutorial walks beginners through the entire process of compromising a WordPress website, from initial information gathering and DNS enumeration to vulnerability scanning, exploitation with tools like sqlmap and nmap, privilege escalation, and establishing persistent backdoors.

Privilege EscalationWebShellWordPress
0 likes · 10 min read
Step‑by‑Step WordPress Site Penetration Testing Tutorial
DevOps
DevOps
Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST
0 likes · 13 min read
Security Testing Practices in DevSecOps and Huawei Cloud
Java Captain
Java Captain
Jan 27, 2022 · Information Security

A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok

This article introduces several widely used internal network penetration and tunneling tools—including NPS, FRP, EW, and Ngrok—explains their core principles, features, and provides step‑by‑step installation and configuration commands for exposing services such as HTTP, SSH, RDP, and file sharing to the public internet.

NgrokReverse Proxyew
0 likes · 14 min read
A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok
Python Programming Learning Circle
Python Programming Learning Circle
Jan 19, 2022 · Information Security

File Transfer Techniques for Penetration Testing: Linux and Windows Download Commands

This article compiles common file download commands and tools used in penetration testing for both Linux and Windows environments, covering utilities such as wget, curl, axel, aria2, PowerShell, certutil, bitsadmin, and others, with example syntax for direct, background, and resumable transfers.

Linuxcommand linefile download
0 likes · 13 min read
File Transfer Techniques for Penetration Testing: Linux and Windows Download Commands
Top Architect
Top Architect
Jan 19, 2022 · Information Security

Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App

This article details a step‑by‑step penetration testing process where the author captures network traffic from a mobile app, enumerates hidden API endpoints, exploits injection flaws to retrieve backend credentials, examines upload validation, and ultimately gains admin access while highlighting the challenges faced.

API enumerationSQL injectioninformation security
0 likes · 7 min read
Penetration Testing Walkthrough: Bypassing Invitation Code and Accessing the Backend of a Mobile App
Python Programming Learning Circle
Python Programming Learning Circle
Dec 30, 2021 · Information Security

A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools

The author recounts a step‑by‑step penetration test against a fraudulent reseller, detailing OSINT gathering, port scanning, FTP brute‑forcing, JavaScript injection, location tracking, domain hijacking, and the deployment of custom Python scripts for each stage.

Pythonftp brute forceinformation security
0 likes · 7 min read
A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools
HomeTech
HomeTech
Dec 28, 2021 · Information Security

SQL Injection Vulnerability Analysis and Defense Strategies

This article provides a comprehensive analysis of SQL injection vulnerabilities, covering their principles, testing tools, repair methods, and defense strategies, with practical implementation guidance for secure web application development.

OWASPSQL injectionWeb Security
0 likes · 15 min read
SQL Injection Vulnerability Analysis and Defense Strategies
Laravel Tech Community
Laravel Tech Community
Mar 12, 2021 · Information Security

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisSSRFWeb Security
0 likes · 7 min read
Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application
Zhengtong Technical Team
Zhengtong Technical Team
Oct 30, 2020 · Information Security

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

This article explains how to employ Burp Suite to conduct comprehensive penetration testing on the ZhiXin mobile app, covering setup, proxy configuration, detection of sensitive data leaks, privilege escalation, XSS, and SQL injection vulnerabilities, and provides remediation recommendations.

App TestingBurp SuiteMobile Security
0 likes · 12 min read
Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application
Laravel Tech Community
Laravel Tech Community
Aug 10, 2020 · Information Security

Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions

This article provides a detailed walkthrough of web penetration testing steps, extensive Q&A on common vulnerabilities such as SQL injection, XSS, CSRF, SSRF, file inclusion, privilege escalation methods, mitigation strategies, and interview preparation tips for security professionals.

Web Securityexploitationpenetration testing
0 likes · 44 min read
Comprehensive Penetration Testing Process, Common Vulnerabilities, Exploitation Techniques, and Security Interview Questions
Architects Research Society
Architects Research Society
Aug 10, 2020 · Information Security

Awesome Penetration Testing Resources and Tools

This article compiles a comprehensive, categorized collection of penetration testing resources—including anonymity tools, antivirus evasion utilities, books, CTF frameworks, Docker containers, network analysis tools, OSINT platforms, and more—providing security professionals and researchers with a valuable reference for offensive security engagements.

CTFDockerOSINT
0 likes · 36 min read
Awesome Penetration Testing Resources and Tools
Architects Research Society
Architects Research Society
Sep 19, 2019 · Information Security

Awesome Penetration Testing Resources and Tools

This comprehensive collection presents a curated list of penetration testing resources—including anonymity tools, antivirus‑evasion utilities, books, CTF frameworks, Docker containers for vulnerable systems, network analysis utilities, OSINT services, reverse‑engineering tools, and security education materials—providing security professionals and researchers with a valuable reference for offensive security testing and learning.

CTFDockerOSINT
0 likes · 36 min read
Awesome Penetration Testing Resources and Tools
NetEase Game Operations Platform
NetEase Game Operations Platform
Dec 14, 2018 · Information Security

Database Injection Attacks: Principles, Exploits, and Defense Strategies

This article explains why database injection remains a critical security threat, illustrates how attackers exploit vulnerable web applications using manual techniques and automated tools such as sqlmap, and provides comprehensive defensive measures spanning secure coding, database hardening, web‑server configuration, WAF deployment, and log‑analysis to protect sensitive data.

SQL injectionWeb Securitydatabase security
0 likes · 17 min read
Database Injection Attacks: Principles, Exploits, and Defense Strategies
Efficient Ops
Efficient Ops
Jun 14, 2018 · Information Security

From Zero to Security Exploitation Pro: Practical Steps to Master Vulnerability Hunting

This article shares a step‑by‑step learning path for aspiring security researchers, emphasizing solid knowledge, hands‑on practice, experience accumulation, essential tools, and effective use of platforms like Shodan and ZoomEye to build real‑world testing scenarios.

experienceinformation securitylearning path
0 likes · 12 min read
From Zero to Security Exploitation Pro: Practical Steps to Master Vulnerability Hunting
360 Quality & Efficiency
360 Quality & Efficiency
Aug 29, 2016 · Information Security

Android Security Testing Guide

This guide explains how to use APKTool to decompile Android apps, inspect the AndroidManifest.xml for exposed components, and employ the Drozer framework to enumerate packages, assess component exposure, detect content provider leaks, SQL injection, file traversal, and service vulnerabilities.

APKToolAndroidDrozer
0 likes · 5 min read
Android Security Testing Guide