# The Pentesting Guide

## The Pentesting Guide

- [The Pentesting Guide](https://the-pentesting-guide.marmeus.com/readme.md)
- [0 - Pre-Engagement](https://the-pentesting-guide.marmeus.com/0-pre-engagement.md)
- [1 - Information Gathering](https://the-pentesting-guide.marmeus.com/1-information_gathering.md)
- [Passive (OSINT)](https://the-pentesting-guide.marmeus.com/passive.md)
- [Active](https://the-pentesting-guide.marmeus.com/active.md)
- [HUMINT](https://the-pentesting-guide.marmeus.com/active/humint.md)
- [WIFI](https://the-pentesting-guide.marmeus.com/active/wifi.md)
- [IP & Port Scanning](https://the-pentesting-guide.marmeus.com/active/ip-and-port-scanning.md)
- [Services](https://the-pentesting-guide.marmeus.com/active/services.md)
- [21 - FTP](https://the-pentesting-guide.marmeus.com/active/services/21-ftp.md)
- [22 - SSH](https://the-pentesting-guide.marmeus.com/active/services/22-ssh.md)
- [25 - SMTP](https://the-pentesting-guide.marmeus.com/active/services/25-smtp.md)
- [53 - DNS](https://the-pentesting-guide.marmeus.com/active/services/53-dns.md)
- [80,443 - WEB](https://the-pentesting-guide.marmeus.com/active/services/80-443-web.md)
- [88 - Kerberos](https://the-pentesting-guide.marmeus.com/active/services/88-kerberos.md)
- [110 - POP3](https://the-pentesting-guide.marmeus.com/active/services/110-pop3.md)
- [111 - rpcbind](https://the-pentesting-guide.marmeus.com/active/services/111-rpcbind.md)
- [161 - SNMP](https://the-pentesting-guide.marmeus.com/active/services/161-smtp.md)
- [389 - LDAP](https://the-pentesting-guide.marmeus.com/active/services/389-ldap.md)
- [139,445 - SMB](https://the-pentesting-guide.marmeus.com/active/services/139-445-smb.md)
- [Active Directory](https://the-pentesting-guide.marmeus.com/active/services/active-directory.md)
- [2 - Exploitation](https://the-pentesting-guide.marmeus.com/2-exploitation.md)
- [Brute Forcing](https://the-pentesting-guide.marmeus.com/brute-forcing.md)
- [WEB](https://the-pentesting-guide.marmeus.com/web.md)
- [Apache Tomcat](https://the-pentesting-guide.marmeus.com/web/apache-tomcat.md)
- [Authentication](https://the-pentesting-guide.marmeus.com/web/authentication.md)
- [Broken Access Control](https://the-pentesting-guide.marmeus.com/web/broken_access_control.md)
- [Cache poisoning](https://the-pentesting-guide.marmeus.com/web/cache-poisoning.md)
- [Clickjacking](https://the-pentesting-guide.marmeus.com/web/clickjacking.md)
- [CORS](https://the-pentesting-guide.marmeus.com/web/cors.md)
- [CSRF](https://the-pentesting-guide.marmeus.com/web/csrf.md)
- [File Inclusion](https://the-pentesting-guide.marmeus.com/web/file_inclusion.md)
- [Host Header Injection](https://the-pentesting-guide.marmeus.com/web/host_header_injection.md)
- [HTTP Request Smuggling](https://the-pentesting-guide.marmeus.com/web/http_request_smuggling.md)
- [Information disclosure](https://the-pentesting-guide.marmeus.com/web/information_disclosure.md)
- [JWT](https://the-pentesting-guide.marmeus.com/web/jwt.md)
- [OS command injection](https://the-pentesting-guide.marmeus.com/web/os_command_injection.md)
- [PHP deserialisation](https://the-pentesting-guide.marmeus.com/web/php_deserailisation.md)
- [SQLi](https://the-pentesting-guide.marmeus.com/web/sqli.md)
- [SSRF](https://the-pentesting-guide.marmeus.com/web/ssrf.md)
- [SSTI](https://the-pentesting-guide.marmeus.com/web/ssti.md)
- [Shellshock](https://the-pentesting-guide.marmeus.com/web/shellshock.md)
- [Unrestricted File Upload](https://the-pentesting-guide.marmeus.com/web/unrestricted_file_upload.md)
- [XSS](https://the-pentesting-guide.marmeus.com/web/xss.md)
- [XXE](https://the-pentesting-guide.marmeus.com/web/xxe.md)
- [Web (OWASP  Test cases)](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases.md)
- [4.1 Information Gathering](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.1-information-gathering.md)
- [4.2 Configuration and Deployment Management Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.2-configuration-and-deployment-management-testing.md)
- [4.3 Identity Management Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.3-identity-management-testing.md)
- [4.4 Authentication Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.4-authentication-testing.md)
- [4.5 Authorization Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.5-authorization-testing.md)
- [4.6 Session Management Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.6-session-management-testing.md)
- [4.7 Input Validation Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.7-input-validation-testing.md)
- [4.8 Testing for Error Handling](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.8-testing-for-error-handling.md)
- [4.9 Testing for Weak Cryptography](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.9-testing-for-weak-cryptography.md)
- [4.10 Business Logic Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.10-business-logic-testing.md)
- [4.11 Client-side Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.11-client-side-testing.md)
- [4.12 API Testing](https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.12-api-testing.md)
- [WIFI](https://the-pentesting-guide.marmeus.com/wifi.md)
- [HUMINT](https://the-pentesting-guide.marmeus.com/humint.md)
- [Gophish (Phishing)](https://the-pentesting-guide.marmeus.com/humint/gophish-phishing.md)
- [Malicious Phishing Files](https://the-pentesting-guide.marmeus.com/humint/malicious-phishing-files.md)
- [Phishing Evaluation](https://the-pentesting-guide.marmeus.com/humint/phishing-evaluation.md)
- [BoF - Windows(x86)](https://the-pentesting-guide.marmeus.com/bof-windows-x86.md)
- [Active Directory](https://the-pentesting-guide.marmeus.com/active-directory.md)
- [Kerberos](https://the-pentesting-guide.marmeus.com/active-directory/kerberos.md)
- [GPOs](https://the-pentesting-guide.marmeus.com/active-directory/gpos.md)
- [Certificates](https://the-pentesting-guide.marmeus.com/active-directory/certificates.md)
- [LAPS](https://the-pentesting-guide.marmeus.com/active-directory/laps.md)
- [Domain Trusts](https://the-pentesting-guide.marmeus.com/active-directory/domain-trusts.md)
- [3 - Post Exploitation](https://the-pentesting-guide.marmeus.com/3-post-exploitation.md)
- [File transfer](https://the-pentesting-guide.marmeus.com/file-transfer.md)
- [Shells](https://the-pentesting-guide.marmeus.com/shells.md)
- [Situational Awareness](https://the-pentesting-guide.marmeus.com/situational_awareness.md)
- [Containers and VMs](https://the-pentesting-guide.marmeus.com/situational_awareness/containers-and-vms.md)
- [Linux](https://the-pentesting-guide.marmeus.com/situational_awareness/linux.md)
- [Windows](https://the-pentesting-guide.marmeus.com/situational_awareness/windows.md)
- [Dumping Credentials](https://the-pentesting-guide.marmeus.com/situational_awareness/windows/dumping-credentials.md)
- [Countermeasure Evasion](https://the-pentesting-guide.marmeus.com/situational_awareness/windows/countermeasure-evasion.md)
- [Active Directory](https://the-pentesting-guide.marmeus.com/situational_awareness/active-directory.md)
- [BloodHound & SharpHound](https://the-pentesting-guide.marmeus.com/situational_awareness/active-directory/bloodhound-and-sharphound.md)
- [AWS](https://the-pentesting-guide.marmeus.com/situational_awareness/aws.md)
- [Azure](https://the-pentesting-guide.marmeus.com/situational_awareness/azure.md)
- [General](https://the-pentesting-guide.marmeus.com/general.md)
- [Linux](https://the-pentesting-guide.marmeus.com/general/linux.md)
- [Windows](https://the-pentesting-guide.marmeus.com/general/windows.md)
- [Local Privilege Escalation](https://the-pentesting-guide.marmeus.com/local_privilege_escalation.md)
- [Linux](https://the-pentesting-guide.marmeus.com/local_privilege_escalation/linux.md)
- [Windows](https://the-pentesting-guide.marmeus.com/local_privilege_escalation/windows.md)
- [Persistance](https://the-pentesting-guide.marmeus.com/persistance.md)
- [Windows](https://the-pentesting-guide.marmeus.com/persistance/windows.md)
- [Cracking](https://the-pentesting-guide.marmeus.com/cracking.md)
- [Pivoting](https://the-pentesting-guide.marmeus.com/pivoting.md)
- [Tunnelling & Port Forwarding](https://the-pentesting-guide.marmeus.com/pivoting/tunnelling_and_port_forwarding.md)
- [Lateral Movement](https://the-pentesting-guide.marmeus.com/lateral-movement.md)
- [WIFI](https://the-pentesting-guide.marmeus.com/wifi-1.md)
- [4 - Report](https://the-pentesting-guide.marmeus.com/4-report.md)
- [5 - House cleaning](https://the-pentesting-guide.marmeus.com/5-house-cleaning.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://the-pentesting-guide.marmeus.com/readme.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.