Dependency-Check in Azure DevOps

Hi everyone, In this post we are going to setup OWASP dependency-check in azure devops. As this process is the part of Software Composistion Analysis(SCA) which is really important phase in secure software development lifecycle. OWASP Dependency-Check is one of the popular SCA tool and implementing it in azure devops pipeline. What is Software Composition Analysis? Software Composition Analysis…

View On WordPress

Browser Extensions for Bug Hunters

Hello everyone! Welcome to Pentestguy. In this article, we will see the browser extensions for bug hunters. Which makes tasks easy in a more efficient way. There are many browser extensions available for bug bounty hunters or pentesters but here we are discussing the top browser extensions which help bug hunters. DotGit: DotGit is a powerful extension that allows you to check if a website has…

View On WordPress

Linux Privilege Escalation - Part 1

Hi everyone! Welcome to Pentestguy. In this article, we will see what linux privilege escalation and different ways of achieving root user privilege escalation in the linux operating system. While playing capture the flag or performing pentesting of the network, escalating privileges is one of the important phases. Here we are focusing on Linux privilege escalations that happen to weak…

View On WordPress

Setup Drozer on Kali Linux

Hi everyone!! Welcome to Pentestguy. This article will show the setup of the drozer on Kali Linux. As drozer has a new release, the installation process of drozer is quite different. For this drozer setup I am using WSL of Kali Linux, which is very quick and utilize less resources and genymotion for android device emulator. Install Drozer Make sure to install the requirements of drozer, for…

View On WordPress

Install NetHunter on android (rootless)

Hi everyone! Welcome to Pentestguy. This article will show how to install Nethunter on an Android (rootless) device. Here we will use termux to install nethunter on android device (rootless) which is the best way to do it successfully. As we know Kali linux is one of the most popular distro for hackers and penetration testers, and Kali Nehunter is an open-source platform for android devices…

View On WordPress

How to Jailbreak iOS 15 & Setup for Pentesting

Hi everyone! Welcome to Pentestguy. In this article, we are going to see how to jailbreak iOS 15, as we know for iOS application penetration testing we need full access to the device. Well, this is not the article only about how to jailbreak iOS 15 or iPhone, here we are also focusing on the installation of openssh and frida which means we are preparing our iPhone for iOS penetration…

View On WordPress

RCE via LFI Log Poisoning

Hello everyone! Welcome to pentestguy, In this article, we are focusing on RCE via LFI log poisoning. As we all know RCE or remote control execution is one of the most critical vulnerabilities and you can perform it via LFI log poisoning. But most people are confused with log poisoning and LFI. here is a simple explanation. We know whenever we are making any request to the server it will log…

View On WordPress

ARP and DNS Spoofing with Bettercap

Hi Everyone! welcome to pentestguy. In this article, we are going to focus on ARP spoofing and DNS spoofing with bettercap. When it comes to ARP spoofing or DNS spoofing bettercap is work like a butter. What is Bettercap? Bettercap is a sniffer that is a powerful, easily extensible, and portable framework written in Go that aims to offer security researchers, red teamers, and reverse engineers…

View On WordPress

Automate Pentesting With ZAP and Selenium

Hi everyone! welcome to pentestguy. In this article we are going to learn about how to do automate pentesting with zap and selenium. There are multiple ways to perform pentesting in automatic way using tools but using automate pentesting with owasp zap and selenium is more effective. Many testers talk about security testing using selenium and OWASP ZAP. Now the question is does it beneficial?…

View On WordPress

WiFi Penetration Testing Aircrack-ng

Hello Everyone! welcome to pentestguy. In this article we are going to see wifi penetration testing using aircrack-ng. As we know there are many ways of wifi penetration testing but via aircrack-ng is the easy one and old school method. What is Aircrack-ng? Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security:Monitoring: Packet…

View On WordPress

Active Directory Pentesting Lab Setup

Hi everyone! Welcome to the pentestguy. In this article we are going to setup active directory pentesting lab, here we are going to start with really basics things that installing active directory domain services, promote as domain controller, adding child domain, clients and the most important thing to setup vulnerable active directory pentesting lab using the vulnerable-ad powershell…

View On WordPress

Setup Mobsfscan in Azure DevOps

Hello everyone! Welcome to pentestguy. In this article we are going to focus on how to setup mobsfscan in azure devops. What does it mean? As we know MobSF is one of the most popular tool use for android app pentesting. and MobSF have a child tool named as mobsfscan which is a static analysis tool that help to find the insecure code patterns in Android and iOS source code. Here we are going to…

View On WordPress

FTP Service Penetration Testing

Hello everyone! welcome to pentestguy. In this post we are going to discuss about ftp service penetration testing, as we know that FTP is one of the most common service we have ever found. Here we are going to see some common ways of ftp service penetration testing like identifying and exploitation. What is FTP? FTP refers to File Transfer Protocol, which helps transfer files from one system to…

View On WordPress

OWASP ZAP Security Tests in Azure DevOps

Hello everyone! Welcome to pentestguy. In this post we are going to discuss about how to configure owasp zap in azure devops pipeline for penetration/security testing automation. Adding security tests stage with owasp zap in azure devops pipeline or any other one will be helpful in continuous delivery process smoothly. Make sure that you have azure devops account created or using the existing…

View On WordPress

AndroGoat Insecure Data Storage

Hello everyone! Welcome to pentestguy. In this post, we are going to see insecure data storage with androgoat. As we know insecure data storage is one of the most common vulnerability find in mobile application so this post might help you to deal with the real time scenarios which is present in androgoat app. Do visit previous post on insecure data storage from this link. What is…

View On WordPress