Mohammad El-Musleh

Mohammad El-Musleh

Embedded Systems Engineer

Getting Started with Penetration Testing: My Early Notes

1 minute read

Published:

Note: These are my early notes from 2016 when I was learning penetration testing. Some tools have evolved, but the fundamentals remain the same.

Diving into cybersecurity was one of the most challenging but rewarding things I’ve done. Here’s what I learned setting up my Kali Linux environment and the essential tools I used.

Security Tools I Actually Used

Here’s where the real work begins. These are tools I actually spent time learning and using.

Web Application Testing

  • Burp Suite

  • The industry standard intercepting proxy. Intercepts HTTP traffic between your browser and the target, lets you modify requests, repeat them, and find vulnerabilities. Essential for any web app testing.

  • OWASP Zap

  • Free alternative to Burp. Great for automated scanning and finding common vulnerabilities like XSS and SQL injection. Good starting point for beginners.

  • sqlmap

  • Automated SQL injection tool. Give it a URL with a vulnerable parameter and it does the rest - enumerates databases, extracts data, even gains shell access in some cases.

  • Dirb/Dirbuster
  • Directory brute-forcing. Finds hidden directories and files on web servers by trying thousands of common paths. First step in any web assessment.

Post-Exploitation

  • Beef Framework
  • Browser exploitation. Hooks victim browsers and executes JavaScript, allowing you to steal cookies, capture keystrokes, and pivot to other systems.
  1. Nmap/Zenmap
    • Network scanning. Know your targets before attacking.
  2. Metasploit
    • The exploitation framework. Industry standard.
  3. Wireshark
    • Packet analysis. Understand what’s happening on the wire.
  4. Burp Suite
    • Web testing. Every web pentester needs this.
  5. John the Ripper
    • Password cracking. Essential for privilege escalation.
  6. Hydra
    • Login brute-forcing. Test weak credentials.

What I Learned

  • Always have a lab network isolated from production
  • Document everything - you’ll forget the details later
  • Python and Bash are your best friends for automation
  • Don’t just run tools - understand how they work
  • Networking fundamentals are crucial

Leave a Comment

Your email address will not be published. Required fields are marked *

Markdown is supported.

You May Also Enjoy

Note-taking is a hobby, not a tool! Why I’m dismantling 13+ years of digital hoarding to actually get work done.

8 minute read

Published:

I recently read Beatrice Manuel’s article, “Why I stopped chasing the perfect system and started keeping imperfect notes,” and one line specifically resonated with me the most: “The pursuit of perfection is procrastination wearing a very convincing disguise.” At this point in my life, I couldn’t agree more. Your Perfect Notes Are Making You Fail (The Input Hoarding Effect) by Tiny Aha Lens

My Raspberry Pi Homelab: From Zero to Self-Hosted

4 minute read

Published:

I’ve been running a Raspberry Pi homelab for years now. What started as a way to host my personal website turned into a full-fledged home server that handles media, downloads, ad-blocking, and more.