Comprehensive Penetration Testing Knowledge Base
Curated by Anubhav Gain · CEO, TechAnv Consulting
Explore a comprehensive collection of resources, checklists, and tools for penetration testing across 32 domains — from web applications and cloud infrastructure to hardware hacking, red team operations, and supply chain security. Whether you're a novice or an experienced practitioner, this vault empowers you to assess and secure diverse systems effectively.
| No. | Domain | No. | Domain |
|---|---|---|---|
| 1 | Web Application Pentesting | 10 | Infrastructure Pentesting |
| 2 | API Pentesting | 11 | Threat Modeling |
| 3 | Mobile Pentesting | 12 | IoT Pentesting |
| 4 | Thick Client Pentesting | 13 | OSINT |
| 5 | Secure Code Review | 14 | Blockchain Pentesting |
| 6 | Network Pentesting | 15 | CI/CD Pentesting |
| 7 | Wi-Fi Pentesting | 16 | Docker/Container Pentesting |
| 8 | Cloud Pentesting | 17 | Phishing Pentesting |
| 9 | Active Directory Pentesting | 18 | Forensic |
| No. | Domain | No. | Domain |
|---|---|---|---|
| 19 | Social Engineering | 26 | Red Team Operations |
| 20 | Physical Pentesting | 27 | Bug Bounty |
| 21 | Hardware Hacking | 28 | SCADA/ICS Pentesting |
| 22 | Firmware Analysis | 29 | Cryptography Attacks |
| 23 | Kubernetes Pentesting | 30 | Supply Chain Security |
| 24 | Database Pentesting | 31 | Purple Team |
| 25 | Reverse Engineering | 32 | Vulnerability Management |
| No. | Domain | Description |
|---|---|---|
| 1 | Web Application Pentesting | Assess and secure web applications — OWASP Top 10, authentication, injection, business logic. |
| 2 | API Pentesting | REST and GraphQL security testing — OWASP API Top 10, authentication bypass, IDOR. |
| 3 | Mobile Pentesting | Android and iOS security — static/dynamic analysis, traffic interception, insecure storage. |
| 4 | Thick Client Pentesting | Desktop application security — DLL hijacking, memory analysis, protocol reverse engineering. |
| 5 | Secure Code Review | Source code analysis to find vulnerabilities before deployment. |
| 6 | Network Pentesting | Network security assessment — enumeration, exploitation, lateral movement, pivoting. |
| 7 | Wi-Fi Pentesting | Wireless security — WEP/WPA/WPA2/WPA3 attacks, rogue APs, PMKID, PMKID-less cracking. |
| 8 | Cloud Pentesting | AWS, Azure, and GCP security — IAM misconfigurations, S3 exposure, SSRF to IMDS. |
| 9 | Active Directory Pentesting | AD security — Kerberoasting, AS-REP roasting, DCSync, Golden/Silver tickets, BloodHound. |
| 10 | Infrastructure Pentesting | Underlying IT infrastructure — servers, network devices, hypervisors, misconfigurations. |
| 11 | Threat Modeling | STRIDE, PASTA, MITRE ATT&CK-aligned threat identification and risk assessment. |
| 12 | IoT Pentesting | IoT device security — firmware, radio protocols (Zigbee/Z-Wave/BLE), debug interfaces. |
| 13 | OSINT | Open source intelligence — target profiling, subdomain discovery, breach data analysis. |
| 14 | Blockchain Pentesting | Smart contract auditing, DeFi attacks, consensus layer vulnerabilities. |
| 15 | CI/CD Pentesting | Pipeline security — GitHub Actions abuse, secret exposure, artifact tampering. |
| 16 | Docker/Container Pentesting | Container security — escape techniques, registry attacks, image analysis. |
| 17 | Phishing Pentesting | Email phishing simulations — GoPhish, Evilginx2, credential harvesting campaigns. |
| 18 | Forensic | Digital forensics — Windows/Mobile artifact analysis, memory forensics, incident response. |
| 19 | Social Engineering | Human-layer attacks — pretexting, vishing, smishing, baiting, physical manipulation. |
| 20 | Physical Pentesting | Physical access testing — lock picking, badge cloning (Proxmark3/Flipper Zero), tailgating. |
| 21 | Hardware Hacking | Embedded hardware attacks — UART/JTAG/SPI exploitation, flash extraction, fault injection. |
| 22 | Firmware Analysis | Firmware extraction, static/dynamic analysis, emulation (QEMU/firmadyne), vuln discovery. |
| 23 | Kubernetes Pentesting | K8s security — RBAC abuse, pod escapes, etcd attacks, EKS/GKE/AKS cloud-specific attacks. |
| 24 | Database Pentesting | MySQL, MSSQL, PostgreSQL, Oracle, MongoDB, Redis, Elasticsearch exploitation. |
| 25 | Reverse Engineering | Binary analysis, malware RE, Ghidra/IDA/radare2, Android/iOS RE, YARA rules. |
| 26 | Red Team Operations | Full adversary simulation — MITRE ATT&CK, C2 frameworks, OpSec, defense evasion. |
| 27 | Bug Bounty | Bug bounty methodology — recon pipelines, HackerOne/Bugcrowd, IDOR/SSRF/RCE hunting. |
| 28 | SCADA/ICS Pentesting | OT/ICS security — Modbus/DNP3/S7 protocol attacks, HMI exploitation, IEC 62443 compliance. |
| 29 | Cryptography Attacks | TLS/SSL attacks, JWT exploitation, padding oracle, hash attacks, ECB mode, weak RNG. |
| 30 | Supply Chain Security | Dependency confusion, typosquatting, SBOM analysis, SLSA framework, package hijacking. |
| 31 | Purple Team | Red+Blue collaboration — Atomic Red Team, BAS tools, detection gap analysis, SIEM tuning. |
| 32 | Vulnerability Management | VM lifecycle — CVSS v3.1/v4.0, EPSS, CISA KEV, SLA tracking, compliance mapping. |
Following are the contributors who have helped build this vault.
Read CONTRIBUTING.md to get started.
Built with ⚔ by Anubhav Gain · TechAnv Consulting · pentesting.techanv.com