Skip to main content

Posts

Showing posts with the label Pentesting

Nmap Advanced Scanning Techniques 2026: Deep Network Analysis for Ethical Hackers

  Introduction After learning the basics of network scanning, the next step is mastering advanced techniques. Nmap is not just a simple scanner—it is a powerful tool capable of deep network analysis and vulnerability detection. This Nmap Advanced Guide 2026 covers practical commands used in real-world penetration testing and cybersecurity assessments. Why Advanced Nmap Matters Detect hidden services Bypass basic firewall rules Perform stealth scanning Identify vulnerabilities Prerequisites Before continuing, you should understand: Basic Nmap commands Ports and protocols Network fundamentals Advanced Nmap Commands 1. Stealth Scan (SYN Scan) nmap -sS example.com This scan is faster and less detectable than full connection scans. 2. UDP Scan nmap -sU example.com Used to detect UDP services like DNS and SNMP. 3. OS Detection nmap -O example.com Identifies the operating system of the target. 4. Aggressive Scan nmap -A example.com Combines OS detection, version detection, script scannin...

Reconnaissance Workflow 2026: Complete Beginner to Pro Guide for Ethical Hacking

  Introduction Reconnaissance is the foundation of every successful penetration test. Before exploiting any system, security professionals must understand the target’s structure, assets, and attack surface. This Reconnaissance Workflow 2026 provides a complete step-by-step approach, combining multiple tools and techniques used in real-world cybersecurity. What is Reconnaissance Reconnaissance (Recon) is the process of gathering information about a target system before launching an attack or security assessment. It is divided into two types: Passive Recon (no direct interaction) Active Recon (direct interaction with target) Why Recon is Important Identifies attack surface Reduces guesswork Improves success rate Helps find hidden assets Complete Recon Workflow Step 1: Domain Information Gathering whois example.com Step 2: DNS Enumeration nslookup example.com dig example.com Step 3: Subdomain Discovery subfinder -d example.com Step 4: Live Host Detection nmap -sn example.com Step 5: ...

DNS Enumeration Guide 2026: Complete Reconnaissance Workflow for Beginners

  Introduction After learning tools like Nslookup and Dig, the next step in cybersecurity reconnaissance is DNS Enumeration. This process helps security professionals gather detailed information about a target domain. This DNS Enumeration guide 2026 explains how to collect domain data using multiple tools and techniques in a structured way. What is DNS Enumeration DNS Enumeration is the process of collecting DNS-related information about a target domain, including subdomains, name servers, mail servers, and IP addresses. It plays a critical role in reconnaissance , penetration testing , and bug bounty hunting . Why DNS Enumeration is Important Discover hidden subdomains Identify attack surface Gather infrastructure details Support vulnerability discovery Basic DNS Enumeration Workflow Domain identification DNS record lookup Subdomain discovery IP mapping Data analysis Step 1: Basic DNS Lookup nslookup example.com Step 2: Advanced DNS Query dig example.com Step 3: Whois Information...

Dig Command Tutorial 2026: Advanced DNS Lookup Guide for Cybersecurity Beginners

  Introduction In cybersecurity and network analysis, understanding DNS is essential. While Nslookup is useful for basic queries, professionals prefer Dig for more detailed and flexible DNS analysis. This Dig tutorial 2026 will help you learn how to perform advanced DNS queries for reconnaissance , troubleshooting , and penetration testing . What is Dig Dig (Domain Information Groper) is a command-line tool used to query DNS servers and retrieve detailed DNS records. It provides more control and detailed output compared to basic DNS tools, making it popular in cybersecurity tools and network analysis . Why Use Dig Perform advanced DNS queries Get detailed DNS response data Troubleshoot domain issues Support reconnaissance in ethical hacking Installation On Kali Linux: sudo apt install dnsutils Basic Syntax dig domain.com This returns detailed DNS information including headers and answer sections. Common Dig Commands 1. Basic DNS Lookup dig example.com 2. Query Specific Record (A ...

Nslookup Tutorial 2026: DNS Query and Network Troubleshooting Guide for Beginners

  Introduction Understanding how domain names translate into IP addresses is a fundamental concept in networking and cybersecurity. Nslookup is a simple yet powerful command-line tool that helps users query DNS records and troubleshoot network issues. This guide provides a step-by-step explanation of Nslookup with practical examples, making it ideal for beginners in cybersecurity and network analysis. What is Nslookup Nslookup (Name Server Lookup) is a command-line utility used to query Domain Name System (DNS) servers. It helps retrieve information such as IP addresses, domain records, and mail server details. Nslookup is commonly used in network troubleshooting , cybersecurity analysis , and penetration testing reconnaissance . Why Use Nslookup Resolve domain names to IP addresses Query DNS records (A, MX, NS, TXT) Diagnose DNS-related issues Perform basic reconnaissance Basic Syntax nslookup domain.com This command returns the IP address of the target domain. Common Nslookup Com...

Nikto Web Scanner Tutorial 2026: Complete Guide for Web Security Testing

  Introduction Web security testing is an essential part of cybersecurity, and automated tools play a key role in identifying vulnerabilities quickly. Nikto is one of the most effective open-source tools used for scanning web servers and detecting security issues. This guide explains how to use Nikto step by step, making it ideal for beginners in penetration testing and ethical hacking. What is Nikto Nikto is an open-source web server scanner designed to detect vulnerabilities, outdated software, and misconfigurations. It performs comprehensive tests against web servers and identifies potential security risks. Nikto is widely used in penetration testing tools and vulnerability scanning processes. Why Use Nikto Detect outdated server software Identify common vulnerabilities Find misconfigurations in web servers Perform automated web security scanning Installation Install Nikto on Kali Linux: sudo apt install nikto Check version: nikto -Version Basic Nikto Commands 1. Scan a Websit...

John the Ripper: The Essential Guide to Password Cracking

Introduction Password security remains one of the weakest points in modern systems. Even today, many breaches happen because of weak or reused passwords. Security professionals use tools like John the Ripper to test password strength and identify vulnerabilities before attackers can exploit them. What is John the Ripper John the Ripper is a popular open-source password auditing and recovery tool. It works by taking hashed passwords and attempting to recover the original plaintext passwords using different attack methods. It supports multiple platforms including Linux, Windows, and macOS, and is widely used in penetration testing and security assessments. Why John the Ripper is Important Helps identify weak passwords Supports many hash types such as MD5, SHA, and NTLM Useful for penetration testing and security audits Improves overall authentication security How John the Ripper Works John the Ripper follows a simple process. It takes password hashes as input, generates possible password...

Hashcat Tutorial (2026): High-Speed Password Cracking for Security Professionals

  Overview Password security remains one of the most critical aspects of cybersecurity. When weak passwords are used, attackers can exploit them using advanced cracking tools. Hashcat is one of the most powerful tools designed for this purpose. What is Hashcat? Hashcat is an advanced password recovery tool that uses GPU acceleration to crack hashes at high speed. It supports a wide range of hashing algorithms and attack modes. Why Hashcat is Important Hashcat is widely used because: Extremely fast performance using GPU Supports multiple attack methods Works with hundreds of hash types Highly customizable Installation On Kali Linux: sudo apt install hashcat Basic Usage Example command: hashcat -m 0 -a 0 hash.txt wordlist.txt Command Breakdown -m 0 → Hash type (MD5) -a 0 → Dictionary attack hash.txt → Target hash file wordlist.txt → Password list Attack Modes Dictionary Attack Uses a predefined list of passwords. Brute Force Attack Tries all possible combinations. Hybrid Attack Combi...

Hash Identification with hashid: A Practical Guide for Beginners (2026)

  Overview Before attempting to crack a hash, you must first identify its type. Different algorithms such as MD5, SHA-1, and bcrypt require different cracking approaches. Hash identification tools help you determine the most likely algorithm quickly and accurately. hashid is a simple and effective utility used to identify hash types based on patterns and characteristics. What is hashid? hashid is a lightweight command-line tool that analyzes a given hash string and suggests possible hashing algorithms. It compares the structure and length of the hash with known signatures. Why Hash Identification Matters Correct identification is essential because: Each algorithm requires a different cracking mode Choosing the wrong type wastes time and resources Accurate detection improves success rate Installation On Kali Linux: sudo apt install hashid Basic Usage Identify a hash: hashid 5f4dcc3b5aa765d61d8327deb882cf99 Sample Output The tool may return multiple possible matches such as: MD5 NTLM...

WhatWeb Guide (2026): Identifying Website Technologies Like a Pro

  Welcome back to CyberShield! Amra ager post-e Nmap diye network scanning shikhechi. Kintu jokhon apnar target ekti website hoy, tokhon shudhu port scan korle hoy na; apnake jante hoy shei site-ti kon technology diye toiri. Ajke amra ekti powerful reconnaissance tool niye alochona korbo, jar nam holo WhatWeb . WhatWeb Ki? WhatWeb holo ekti open-source "Next-generation web scanner." Eti ekti website-er technology stack identify korte babohar kora hoy. Mane, ekti site kon CMS (Content Management System), kon web server, kon programming language, ebong kon kon plugin babohar korche, ta WhatWeb ekti command-er maddhome bole dite pare. WhatWeb Keno Babohar Korben? Passive Reconnaissance-er khetre WhatWeb khub-i guruttopurno. Eti diye niche-r jinish gulo khuje paoa jay: CMS Discovery: Site-ti ki WordPress, Joomla, naki Drupal? Web Server Information: Server-ti ki Apache, Nginx, naki Microsoft-IIS? Frameworks: Site-ti ki React, Vue.js, naki Laravel babohar korche? Plugins ...

Introduction to Wireshark: Mastering Network Traffic Analysis (2026 Guide)

  Welcome back to CyberShield! We have explored web vulnerabilities and reconnaissance. Now, it's time to go deeper into the network layer. If you want to see exactly what is traveling through your Wi-Fi or Ethernet cables, you need to master Wireshark . What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It allows you to capture and interactively browse the traffic running on a computer network. Think of it as a "microscope" for your network—it lets you see every single packet that is sent or received. Why Do Pentesters Use Wireshark? For a Cybersecurity professional, Wireshark is essential for: Analyzing Protocols: Understanding how HTTP, DNS, TCP, and TLS work. Finding Vulnerabilities: Spotting unencrypted sensitive data (like passwords) sent over plain HTTP or FTP. Incident Response: Investigating how a malware or virus is communicating with its Command and Control (C2) server. Network Troubleshooting: Fixing latency or connection ...

Nmap Tutorial: Complete Guide to Network Scanning and Reconnaissance (2026)

  Introduction In penetration testing and cybersecurity, the first step is always reconnaissance. Before identifying vulnerabilities, you need to understand the target system—what services are running, which ports are open, and what technologies are in use. One of the most powerful tools for this purpose is Nmap (Network Mapper). What is Nmap? Nmap is an open-source network scanning tool used to discover hosts and services on a network. Security professionals use Nmap to: Identify active devices Detect open ports Discover running services Gather system information Why Nmap is Important Nmap plays a crucial role in the reconnaissance phase: Network Discovery It helps identify which systems are online. Port Scanning You can find open, closed, and filtered ports. Service Detection Nmap can detect the version of services running on ports. Security Assessment It helps identify potential entry points for attackers. Installing Nmap On Kali Linux: sudo apt install nmap Basic Nmap Commands ...

WafW00f Tutorial: Detecting Web Application Firewalls (WAF) in 2026.

  Introduction During reconnaissance and penetration testing, understanding a target’s defensive setup is critical. Before attempting any testing, security professionals need to know what protections are in place. One of the most common defenses used by modern web applications is a Web Application Firewall (WAF). To identify this protection layer, a specialized tool called WafW00f is widely used. What is WafW00f? WafW00f is an open-source reconnaissance tool designed to detect the presence of a Web Application Firewall. It helps security testers determine: Whether a WAF is protecting the target The specific type or vendor of the WAF This information is useful when planning testing strategies and understanding possible restrictions. What is a Web Application Firewall (WAF)? A Web Application Firewall (WAF) is a security system that monitors and filters incoming HTTP/HTTPS traffic between users and a web application. It protects against attacks such as: SQL Injection Cross-Site Scrip...

Subdomain Enumeration Guide: Finding Hidden Attack Surfaces (2026)

  Welcome back to our Cybersecurity series! We have completed our initial 20-post journey, but the learning never stops. Today, we are diving deep into the most critical part of the Reconnaissance phase: Subdomain Enumeration . What is Subdomain Enumeration? Subdomain Enumeration is the process of finding all the subdomains (e.g., dev.example.com , api.example.com , staging.example.com ) associated with a main domain ( example.com ). Professional hackers spend a lot of time here because main domains are usually highly secured, but subdomains—especially those used for development or testing—often have weak security, unpatched software, or hidden admin panels. Why Should You Care About Subdomains? Hidden Assets: Companies often forget about old subdomains that might contain sensitive data or old backup files. Increased Attack Surface: Every new subdomain is a new chance to find a bug like SQLi, XSS, or SSRF. Subdomain Takeover: Sometimes, a subdomain points to a service (like Gi...

HTTP Security Headers: The Invisible Shield for Your Website (2026 Guide)

  Welcome to the 19th part of our Cybersecurity series! We have learned about many active attacks like XSS, CSRF, and SSRF. But did you know that you can prevent many of these attacks just by adding a few lines of configuration to your server? Today, we are talking about HTTP Security Headers . What are HTTP Security Headers? When you visit a website, the server sends a response. Along with the content (HTML), it sends "Headers"—hidden instructions for the browser. Security Headers tell the browser how to behave securely, preventing hackers from exploiting common web flaws. Top 5 Security Headers Every Site Needs To get an "A+" grade in security audits, you must implement these headers: 1. Content Security Policy (CSP) This is the most powerful header. It tells the browser which sources of scripts, images, and styles are trusted. Prevents: Cross-Site Scripting (XSS). Example: Content-Security-Policy: default-src 'self'; (Only allow content from the same...

Burp Suite for Beginners: The Ultimate Tool for Web Hacking (2026 Guide)

  Welcome to the 17th part of our Cybersecurity series! We have discussed many vulnerabilities like SQLi, XSS, and SSRF. But to find these bugs in the real world like a professional, you need to master one specific tool: Burp Suite . What is Burp Suite? Burp Suite is an integrated platform for performing security testing of web applications. It acts as an Interception Proxy between your browser and the target web server. This allows you to pause, inspect, and modify the data (HTTP requests) before it reaches the server. Key Components of Burp Suite To be a successful Bug Bounty hunter, you must understand these core tabs: Proxy: The heart of Burp. It lets you intercept and modify requests and responses. Repeater: Allows you to send a single HTTP request repeatedly with manual modifications to test how the server reacts. Intruder: Used for automated attacks like brute-forcing passwords or fuzzing for hidden directories. Decoder: A handy tool to quickly encode or decode data (B...

Broken Access Control: Exploiting Insecure APIs (2026 Guide)

  Welcome back to our Cybersecurity series! In our 4th post, we discussed the basics of IDOR. Today, for our 15th post, we are leveling up to explore a more sophisticated side of Broken Access Control: Insecure API Exploitation . As modern web applications move towards a "Mobile-First" or "Single Page Application (SPA)" architecture, APIs (Application Programming Interfaces) have become the primary target for hackers. What is an Insecure API? An API is a bridge that allows different software components to communicate. If this bridge doesn't have a security guard (Authorization), an attacker can send malicious requests to the API and trick the server into leaking sensitive data or performing unauthorized actions. Common API Vulnerabilities BOLA (Broken Object Level Authorization): Similar to IDOR, but specifically targeting API endpoints like /api/v1/users/123 . BFLA (Broken Function Level Authorization): When a regular user can access administrative API functi...

Security Misconfiguration: The Silent Risk Behind Most Web Breaches (2026 Guide)

Introduction In modern web and cloud environments, not every security issue comes from complex exploits. In fact, many real-world breaches happen due to simple configuration mistakes. This is known as Security Misconfiguration — a silent but extremely dangerous vulnerability. What is Security Misconfiguration? Security Misconfiguration occurs when a system, server, application, or cloud service is not properly configured in a secure way. Even if the application code is secure, incorrect settings can expose sensitive data or even full system access. Why Does It Happen? Security misconfiguration usually occurs due to: Default Settings Left Unchanged Using default credentials like: admin/admin root/root Unused Services Still Active Exposed endpoints such as: /admin /debug unused ports or APIs Verbose Error Output Technical errors revealing: file paths database structure system information Missing Security Headers Lack of protections like: HSTS Content Security Policy (CSP) Cloud Storage M...

Information Disclosure Explained: How Websites Accidentally Expose Sensitive Data (2026 Guide)

  Introduction While testing web applications, not every vulnerability immediately leads to exploitation. However, small leaks of information can be just as dangerous. This is where Information Disclosure comes into play. It is one of the most common issues in modern web applications and often serves as the starting point for more serious attacks. What is Information Disclosure? Information Disclosure occurs when a web application unintentionally exposes sensitive or internal data to users. Although this data may not directly compromise the system, it provides valuable insights that attackers can use to plan further attacks. Types of Sensitive Information Exposed Web applications may leak different kinds of useful data: Server and Software Details Version numbers of servers or frameworks (e.g., Apache, PHP) that may have known vulnerabilities. Sensitive Files Files such as: Configuration files (.env, web.config) Backup files (.bak, .old) Source control directories (.git) Detailed E...

Directory Traversal Explained: Accessing Sensitive Server Files (2026 Beginner Guide)

  Introduction In web security testing, even simple mistakes can lead to serious vulnerabilities. One such issue is Directory Traversal, also known as Path Traversal. This vulnerability allows attackers to break out of restricted directories and access sensitive files stored on the server. What is Directory Traversal? Directory Traversal is a vulnerability where user-controlled input is used to access files without proper validation. As a result, attackers can read files that should never be exposed, such as system configurations, application code, or user data. Understanding the Concept Many web applications load files dynamically. For example: https://example.com/view-image?filename=robot.png The server may internally look for the file like this: /var/www/images/robot.png If input validation is weak, an attacker can manipulate the request: ../../../../etc/passwd Each "../" moves one directory up. By chaining multiple traversals, the attacker can escape the intended folder a...