# Penetration Testing

- [Application Security](https://wiki.smhuda.com/pentesting/application-security.md)
- [Mobile App Security](https://wiki.smhuda.com/pentesting/application-security/mobile-security.md)
- [Android Application Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing.md)
- [Security Checklist](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/security-checklist.md): A checklist with security considerations for designing, testing, and releasing secure Android apps. It is based on the OWASP Mobile Application Security Verification Standard, Mobile Application Secur
- [SSL Pinning Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/ssl-pinning-bypasses.md)
- [Non-Proxy Aware Applications](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications.md)
- [Setting up VPN Server](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications/setting-up-vpn-server.md)
- [Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications/bypasses.md)
- [Common Proxying Issues](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/common-proxying-issues.md)
- [Android Local Storage Checks](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/android-local-storage-checks.md)
- [Android Task Hijacking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/android-task-hijacking.md)
- [Kiosk Mode / Breakout Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/kiosk-mode-breakout-testing.md)
- [Magisk on GenyMotion](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/magisk-on-genymotion.md)
- [iOS Application Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios.md)
- [iOS Testing Using Objection](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-testing-using-objection.md)
- [IPA Analysis Using MobSF](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ipa-analysis-using-mobsf.md)
- [iOS Jailbreak Bypass](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreak-bypass.md)
- [Decrypting iOS Apps](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/decrypting-ios-apps.md)
- [iOS Reverse Engineering](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-reverse-engineering.md)
- [Jailbreak Detection Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/jailbreak-detection-bypasses.md)
- [iOS Local Storage Checks](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-local-storage-checks.md)
- [Installing IPA](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/installing-ipa.md)
- [ATS Auditing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ats-auditing.md)
- [iOS Jailbreaking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking.md)
- [Frida Pinning Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/frida-pinning-bypasses.md)
- [iOS Jailbreaking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1.md)
- [Performing a Jailbreak with Palera1n](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1/performing-a-jailbreak-with-palera1n.md): Palera1n is a semi-tethered jailbreak for iOS. This guide walks you through the full process of jailbreaking your iOS device using Palera1n.
- [Palera1n Cheatsheet](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1/palera1n-cheatsheet.md)
- [Code Security](https://wiki.smhuda.com/pentesting/application-security/mobile-security/code-security.md)
- [Frida on Windows](https://wiki.smhuda.com/pentesting/application-security/mobile-security/frida-on-windows.md)
- [Web Application Security](https://wiki.smhuda.com/pentesting/application-security/web-application-security.md)
- [Web Shells](https://wiki.smhuda.com/pentesting/application-security/web-application-security/web-shells.md)
- [CSV Injection](https://wiki.smhuda.com/pentesting/application-security/web-application-security/csv-injection.md): A collection of CSV Injection templates and payloads
- [Measure Response Time using CURL](https://wiki.smhuda.com/pentesting/application-security/web-application-security/measure-response-time-using-curl.md)
- [OSINT](https://wiki.smhuda.com/pentesting/application-security/web-application-security/osint.md)
- [EyeWitness](https://wiki.smhuda.com/pentesting/application-security/web-application-security/osint/eyewitness.md)
- [GraphQL Hacking](https://wiki.smhuda.com/pentesting/application-security/web-application-security/graphql-hacking.md)
- [API Security](https://wiki.smhuda.com/pentesting/application-security/api-security.md): This section consits of best practices, security checklists, common vulnerability writeups and other API security related content.
- [Security Checklist](https://wiki.smhuda.com/pentesting/application-security/api-security/untitled.md): This security checklist consists of security countermeasures when designing, testing, and releasing your API.
- [Postman and Burp](https://wiki.smhuda.com/pentesting/application-security/api-security/postman-and-burp.md)
- [CURL via BurpSuite](https://wiki.smhuda.com/pentesting/application-security/api-security/curl-via-burpsuite.md)
- [SOAP API Pentesting](https://wiki.smhuda.com/pentesting/application-security/api-security/soap-api-pentesting.md)
- [Infrastructure Security](https://wiki.smhuda.com/pentesting/infrastructure-security.md)
- [Network Infrastructure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure.md)
- [Red Team Powershell Scripts](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/red-team-powershell-scripts.md)
- [Mounting NFS Shares](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mounting-nfs-shares.md)
- [Password Cracking/Auditing](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/password-cracking-auditing.md)
- [Remote Access Sheet](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/remote-access-sheet.md)
- [Password Cracking Using Hashcat](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/password-cracking-using-hashcat.md)
- [Calculate IP Addresses from CIDR](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/calculate-ip-addresses-from-cidr.md)
- [Grep IP addresses or IP Ranges from a File](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/grep-ip-addresses-or-ip-ranges-from-a-file.md)
- [Default Credentials Checking](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/default-credentials-checking.md)
- [Check SSL/TLS Certificates](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/check-ssl-tls-certificates.md)
- [Log a terminal session](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/log-a-terminal-session.md)
- [Unauthenticated Mongo DB](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/unauthenticated-mongo-db.md)
- [Microsoft SQL Server (MSSQL)](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/microsoft-sql-server-mssql.md)
- [NTP Mode 6 Vulnerabilities](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ntp-mode-6-vulnerabilities.md)
- [BloodHound](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/bloodhound.md)
- [AD Offensive Testing](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ad-offensive-testing.md)
- [CrackMapExec](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/crackmapexec.md)
- [Select all IP addresses in Sublime Text](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/select-all-ip-addresses-in-sublime-text.md)
- [Convert CIDRs to an IP address list](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/convert-cidrs-to-an-ip-address-list.md)
- [Microsoft Exchange Client Access Server Information Disclosure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/microsoft-exchange-client-access-server-information-disclosure.md)
- [Web Server HTTP Header Internal IP Disclosure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/web-server-http-header-internal-ip-disclosure.md)
- [smbclient.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/smbclient.py.md)
- [GetUserSPNs.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/getuserspns.py.md)
- [Get-GPPPassword.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/get-gpppassword.py.md)
- [SMBMap](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/smbmap.md)
- [Mounting Shares](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mounting-shares.md)
- [mitm6](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mitm6.md)
- [AD Attacks](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ad-attacks.md)
- [Weak IKE Security Configurations](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/weak-ike-security-configurations.md)
- [Locked BIOS Password Bypass](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/locked-bios-password-bypass.md)
- [Wireless Security](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security.md)
- [Cached Wireless Keys](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security/cached-wireless-keys.md): A Powershell one liner to retrieve all the WiFi passwords stored on a computer:
- [Aircrack Suite](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security/aircrack-suite.md): A quick wireless testing guide using wireless security Aircrack suite.
- [SSL/TLS Security](https://wiki.smhuda.com/pentesting/ssl-tls-security.md)
- [Secure Code Review](https://wiki.smhuda.com/pentesting/secure-code-review.md): Secure code review is a manual or automated process that examines an application's source code. The goal of this examination is to identify any existing security flaws or vulnerabilities. Code review
- [Python](https://wiki.smhuda.com/pentesting/secure-code-review/python.md)
- [Semgrep](https://wiki.smhuda.com/pentesting/secure-code-review/semgrep.md)
- [Semgrep to HTML Report](https://wiki.smhuda.com/pentesting/secure-code-review/semgrep/semgrep-to-html-report.md)
- [Cloud Security](https://wiki.smhuda.com/pentesting/cloud-security.md)
- [Cloud Penetration Testing](https://wiki.smhuda.com/pentesting/cloud-security/cloud-penetration-testing.md)
- [Social Engineering](https://wiki.smhuda.com/pentesting/social-engineering.md)
- [Simulated Phishing](https://wiki.smhuda.com/pentesting/social-engineering/simulated-phishing.md)
- [GoPhish](https://wiki.smhuda.com/pentesting/social-engineering/simulated-phishing/gophish.md)
- [Tool Usage](https://wiki.smhuda.com/pentesting/tool-usage.md): This section consists of a set usage instructions or commands relating to a bunch of tools or scripts that are frequently used as part of security assessments.
- [Docker](https://wiki.smhuda.com/pentesting/tool-usage/docker.md)
- [Split](https://wiki.smhuda.com/pentesting/tool-usage/split.md): The split command or utility allows you to split by lines, size or the number of smaller files you need. Another related utility is csplit than can also be used.
- [PhantomJS](https://wiki.smhuda.com/pentesting/tool-usage/ph.md)
- [Aquatone](https://wiki.smhuda.com/pentesting/tool-usage/aquatone.md): Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
- [Tmux](https://wiki.smhuda.com/pentesting/tool-usage/tmux.md)
- [Ipainstaller](https://wiki.smhuda.com/pentesting/tool-usage/ipainstaller.md): A tool to pull IPA files from an iOS device
- [Public IP From Command Line](https://wiki.smhuda.com/pentesting/tool-usage/ip-from-command-line.md): Derive public IP address of a host from command line
- [Wifite](https://wiki.smhuda.com/pentesting/tool-usage/wifite.md)
- [IKE Scan](https://wiki.smhuda.com/pentesting/tool-usage/ike-scan.md): A basic use of ike-scan with different command based scenarios
- [Grep](https://wiki.smhuda.com/pentesting/tool-usage/grep.md): Optimising use of grep in different scenarios
- [Pulling APKs](https://wiki.smhuda.com/pentesting/tool-usage/pulling-apks.md): A guide to pulling APK files from an Android device
- [Bitsadmin](https://wiki.smhuda.com/pentesting/tool-usage/bitsadmin.md): Using bitsadmin to download files using Windows command prompt
- [Drozer](https://wiki.smhuda.com/pentesting/tool-usage/drozer.md): An installation and wiki guide to using Drozer for Android application testing
- [Iptables](https://wiki.smhuda.com/pentesting/tool-usage/iptables.md): A mini wiki to refer to adding, delete or amending Iptables rules
- [Python Web Server](https://wiki.smhuda.com/pentesting/tool-usage/python-web-server.md): A usage wiki on how to create a Python web server on different operating systems
- [Crackmapexec](https://wiki.smhuda.com/pentesting/tool-usage/crackmapexec.md): A basic wiki to use different alias and attributes of crackmapexec
- [Impacket](https://wiki.smhuda.com/pentesting/tool-usage/impacket.md): A wiki to detail usage of different modules in the Impacket tool set
- [Nessus](https://wiki.smhuda.com/pentesting/tool-usage/nessus.md): A small wiki about Nessus usage and associated plugins.
- [Adding SUDO User](https://wiki.smhuda.com/pentesting/tool-usage/adding-sudo-user.md): Adding a user as a sudoer using command line.
- [Nmap](https://wiki.smhuda.com/pentesting/tool-usage/nmap.md): A short wiki of Nmap scripts and tricks to use on different scenarios
- [Metasploit Payloads](https://wiki.smhuda.com/pentesting/tool-usage/metasploit-payloads.md): A collection of Metasploit payloads using msfvenom, collected from different sources on the internet.
- [SMTP Open Relay](https://wiki.smhuda.com/pentesting/tool-usage/smtp-open-relay.md): A short walkthrough of how to use manual SMTP open relay manually and also through an nmap script.
- [SQLMap](https://wiki.smhuda.com/pentesting/tool-usage/sqlmap.md): This serves as a mini SQLMap usage wiki
- [Screen](https://wiki.smhuda.com/pentesting/tool-usage/screen.md): Screen or GNU Screen is a terminal multiplexer. In other words, it means that you can start a screen session and then open any number of windows (virtual terminals) inside that session. Processes runn
- [Remove All After Colon](https://wiki.smhuda.com/pentesting/tool-usage/remove-all-after-colon.md): This one-liner uses the cut command to removing everything on a line after the occurrence of a colon.
- [Remove Old Linux Kernels](https://wiki.smhuda.com/pentesting/tool-usage/remove-old-linux-kernels.md): This guide will help you remove old and unused Linux kernels on your Ubuntu system.
- [CURL](https://wiki.smhuda.com/pentesting/tool-usage/curl.md): If you are working as a security professional  support function, you must be aware of curl command usage to test for security issues across web applications, services and APIs.
- [Hashcat](https://wiki.smhuda.com/pentesting/tool-usage/hashcat.md): Hashcat is a password recovery and cracking tool. This is a quick go-to command wiki for it, although you should check the hashcat manual for extensive usage.
- [Secure Copy Protocol (SCP)](https://wiki.smhuda.com/pentesting/tool-usage/secure-copy-protocol-scp.md): Secure copy protocol is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell protocol. "SCP" commonly ref
- [SSH & PGP Tools](https://wiki.smhuda.com/pentesting/tool-usage/ssh-and-pgp-tools.md): A short command list on how to use PGP or GPG, SSH key generation and how to install APT packages relating to them.
- [IP Calculator](https://wiki.smhuda.com/pentesting/tool-usage/ip-calculator.md): ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range.
- [BloodHound](https://wiki.smhuda.com/pentesting/tool-usage/bloodhound.md): BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
- [Netcat File Transfer](https://wiki.smhuda.com/pentesting/tool-usage/netcat-file-transfer.md)
- [OpenVAS](https://wiki.smhuda.com/pentesting/tool-usage/openvas.md)
- [BurpSuite](https://wiki.smhuda.com/pentesting/tool-usage/burpsuite.md)
- [Exiftool](https://wiki.smhuda.com/pentesting/tool-usage/exiftool.md)
- [Python Virtual Environments](https://wiki.smhuda.com/pentesting/tool-usage/python-virtual-environments.md)
- [OpenVPN 3](https://wiki.smhuda.com/pentesting/tool-usage/openvpn-3.md)
- [Errors and Solutions](https://wiki.smhuda.com/pentesting/errors-and-solutions.md): This page contains random technical errors I come across and any associated solutions I've found that would have known to be either a temporary or permanent (patch or manual) fix/workaround.
- [Kill Process On Specific Port](https://wiki.smhuda.com/pentesting/errors-and-solutions/kill-process-on-specific-port.md): Killing a background process running on a specific port
- [Kill SSH Port Forwarding](https://wiki.smhuda.com/pentesting/errors-and-solutions/kill-ssh-port-forwarding.md): A small wiki to kill an SSH port forwarding process running in the background.
- [SSH Key](https://wiki.smhuda.com/pentesting/errors-and-solutions/ssh-key.md): Error relating to no matching host key for SSH connection
- [Expanding Disk on Kali VM](https://wiki.smhuda.com/pentesting/errors-and-solutions/expanding-disk-on-kali-vm.md)
- [Scoping](https://wiki.smhuda.com/pentesting/scoping.md)
- [Scoping Questionnaires](https://wiki.smhuda.com/pentesting/scoping/scoping-questionnaires.md)
- [Mobile App Testing](https://wiki.smhuda.com/pentesting/scoping/scoping-questionnaires/mobile-app-testing.md)
- [OSINT](https://wiki.smhuda.com/pentesting/osint.md): Open-source intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence.
- [Dark Web OSINT](https://wiki.smhuda.com/pentesting/osint/dark-web-osint.md): OSINT Tools for the Dark Web
- [Certificate Chain Check](https://wiki.smhuda.com/pentesting/osint/certificate-chain-check.md)
- [EyeWitness - Web Service Screenshot](https://wiki.smhuda.com/pentesting/osint/eyewitness-web-service-screenshot.md)
- [Tor to Browse Onion Links](https://wiki.smhuda.com/pentesting/osint/tor-to-browse-onion-links.md)
- [DarkDump - Scan Dark Web for Onion Links](https://wiki.smhuda.com/pentesting/osint/darkdump-scan-dark-web-for-onion-links.md)
- [Domain related File Search](https://wiki.smhuda.com/pentesting/osint/domain-related-file-search.md)
- [Google Dorking](https://wiki.smhuda.com/pentesting/osint/google-dorking.md)
- [IP / Network Blocks owned by a Company](https://wiki.smhuda.com/pentesting/osint/ip-network-blocks-owned-by-a-company.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.smhuda.com/pentesting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.