# Programmerboy Pentesting Stuff ## Programmerboy Pentesting Stuff - [Welcome](https://notes.programmersecurity.com/welcome.md): Senior Security Engineer, Hacker, Penetration Tester, and Software Engineer. Content Creator on YouTube. Active Player of CTFs on Hack The Box and TryHackMe. - [Pentesting Port 80,443](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443.md) - [Pentesting GIT](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/pentesting-git.md) - [FFUF Commands](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/ffuf-commands.md) - [Javascript DeObfuscation](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/javascript-deobfuscation.md) - [Pentesting JWT (JSON Web Tokens)](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/pentesting-jwt-json-web-tokens.md) - [Pentesting Graphql](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/pentesting-graphql.md) - [Pentesting Redis 6379](https://notes.programmersecurity.com/web-pentesting-stuff/pentesting-port-80-443/pentesting-redis-6379.md): Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability. - [Wordpress Pentesting](https://notes.programmersecurity.com/cms-pentesting/wordpress-pentesting.md) - [Jenkins](https://notes.programmersecurity.com/cms-pentesting/jenkins.md) - [Grafana](https://notes.programmersecurity.com/cms-pentesting/grafana.md) - [Nmap Commands](https://notes.programmersecurity.com/network-penetration-testing/nmap-commands.md) - [53 - Pentesting DNS](https://notes.programmersecurity.com/network-penetration-testing/53-pentesting-dns.md) - [88 - Pentesting Kerberos](https://notes.programmersecurity.com/network-penetration-testing/88-pentesting-kerberos.md) - [111 - Pentesting RPC](https://notes.programmersecurity.com/network-penetration-testing/111-pentesting-rpc.md) - [389 - Pentesting LDAP](https://notes.programmersecurity.com/network-penetration-testing/389-pentesting-ldap.md) - [445 - Pentesting SMB](https://notes.programmersecurity.com/network-penetration-testing/445-pentesting-smb.md) - [873 - Pentesting Rsync](https://notes.programmersecurity.com/network-penetration-testing/873-pentesting-rsync.md): rsync is a protocol which is used to sync and transfer files. - [1433 - Pentesting MSSQL](https://notes.programmersecurity.com/network-penetration-testing/1433-pentesting-mssql.md) - [2049 - Pentesting NFS](https://notes.programmersecurity.com/network-penetration-testing/2049-pentesting-nfs.md) - [3389 Pentesting RDP](https://notes.programmersecurity.com/network-penetration-testing/3389-pentesting-rdp.md) - [3306 - Pentesting Mysql](https://notes.programmersecurity.com/network-penetration-testing/3306-pentesting-mysql.md) - [5000 - Pentesting Docker Registry](https://notes.programmersecurity.com/network-penetration-testing/5000-pentesting-docker-registry.md) - [Methodology](https://notes.programmersecurity.com/active-directory-pentesting/methodology.md): This Page shows the Complete methodology for Active Directory Pentesting - [Phishing using Modlishka](https://notes.programmersecurity.com/red-teaming-and-phishing/phishing-using-modlishka.md) - [Hydra](https://notes.programmersecurity.com/password-and-bruteforce-attacks/hydra.md) - [Cewl](https://notes.programmersecurity.com/password-and-bruteforce-attacks/cewl.md): We can use CEWL to create keywords from the website, sometimes these keywords can be found out to be the password - [Making Custom Wordlists (Usernames)](https://notes.programmersecurity.com/password-and-bruteforce-attacks/making-custom-wordlists-usernames.md) - [JSON to txt Wordlist](https://notes.programmersecurity.com/password-and-bruteforce-attacks/json-to-txt-wordlist.md): We can Convert JSON wordlist to text File which can be passed to Gobuster or FFUF using the below command - [Getting a Fully Interactive TTY Shell](https://notes.programmersecurity.com/linux-privilege-escalation/getting-a-fully-interactive-tty-shell.md) - [Docker Container Escape](https://notes.programmersecurity.com/linux-privilege-escalation/docker-container-escape.md) - [Tunneling and Pivoting](https://notes.programmersecurity.com/windows-privilege-escalation/tunneling-and-pivoting.md) - [Methodology](https://notes.programmersecurity.com/windows-privilege-escalation/methodology.md) - [Bug Bounty Methodology](https://notes.programmersecurity.com/bug-bounty/bug-bounty-methodology.md) - [XSS](https://notes.programmersecurity.com/bug-bounty/xss.md): Below are the commands and some automation stuff which normally use, some of these i have got from different places like twitter or linkedin - [SQL Injection](https://notes.programmersecurity.com/bug-bounty/sql-injection.md) - [Command Injection](https://notes.programmersecurity.com/bug-bounty/command-injection.md) - [File Upload Pentesting](https://notes.programmersecurity.com/bug-bounty/file-upload-pentesting.md) - [Local and Remote File Inclusion](https://notes.programmersecurity.com/bug-bounty/local-and-remote-file-inclusion.md) - [Broken Authentication](https://notes.programmersecurity.com/bug-bounty/broken-authentication.md) - [Server Side Request Forgery (SSRF)](https://notes.programmersecurity.com/bug-bounty/server-side-request-forgery-ssrf.md) - [XML External Entity (XXE)](https://notes.programmersecurity.com/bug-bounty/xml-external-entity-xxe.md): XXE happens where we can inject our XML inputs and those inputs are not being sanitized by XML Parser - [Server Side Template Injection (SSTI)](https://notes.programmersecurity.com/bug-bounty/server-side-template-injection-ssti.md) - [ReconFTW (six2dez)](https://notes.programmersecurity.com/bug-bounty/reconftw-six2dez.md): ReconFTW is the complete automation process for the bug bounty.It can find you subdomains,fuzzing,nuclei scanning and using more than 20 tools to find vulnerabilites. - [JS Files](https://notes.programmersecurity.com/bug-bounty/js-files.md) - [SignUp Page](https://notes.programmersecurity.com/bug-bounty/signup-page.md) - [WEB](https://notes.programmersecurity.com/ctfs/web.md) - [Regex Bypass](https://notes.programmersecurity.com/ctfs/regex-bypass.md) - [Grep & Regex & Find strings](https://notes.programmersecurity.com/ctfs/grep-and-regex-and-find-strings.md) - [Wireless Methodology and Commands](https://notes.programmersecurity.com/wireless-pentesting/wireless-methodology-and-commands.md): This Page will provide you all the commands and tools for the wireless pentesting. - [Python Code Snippets](https://notes.programmersecurity.com/python-programs-for-pentesting/python-code-snippets.md) - [CRTO & Cobalt Strike](https://notes.programmersecurity.com/certifications-notes/crto-and-cobalt-strike.md): This Page contains all the notes which are required to pass the CRTO Exam and it also contains the lab instructions as well - [Email Spoofing](https://notes.programmersecurity.com/phishing-and-real-world-stuff/email-spoofing.md) - [Attacking Office 365 & Exchange](https://notes.programmersecurity.com/phishing-and-real-world-stuff/attacking-office-365-and-exchange.md) - [Enumeration](https://notes.programmersecurity.com/cloud-pentesting/enumeration.md) - [Simplehelp CVE-2024-57727](https://notes.programmersecurity.com/cves/simplehelp-cve-2024-57727.md) - [Next.js CVE-2025-29927](https://notes.programmersecurity.com/cves/next.js-cve-2025-29927.md) - [Metasploit](https://notes.programmersecurity.com/c2-frameworks/metasploit.md) - [Docker For Pentesting](https://notes.programmersecurity.com/docker-commands-pentesting/docker-for-pentesting.md): We can use Docker for Pentesting, We can Launch our own Docker container and test for a specific Vulnerabiliy. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://notes.programmersecurity.com/welcome.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.