# Learning Path Suggested reading order based on skill level and topic progression. ## 🟢 Beginner Path Start here if you're new to penetration testing. ### Week 1-2: Foundations 1. [Public Info Gathering](https://github.com/six2dez/pentest-book/blob/master/others/recon/public-info-gathering.md) - OSINT basics 2. [Subdomain Enumeration](https://github.com/six2dez/pentest-book/blob/master/others/recon/subdomain-enum/README.md) - DNS and discovery 3. [Network Scanning](https://github.com/six2dez/pentest-book/blob/master/others/recon/network-scanning.md) - Nmap fundamentals 4. [Host Scanning](https://github.com/six2dez/pentest-book/blob/master/others/recon/host-scanning.md) - Service identification ### Week 3-4: Web Basics 1. [Web Attacks Overview](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/README.md) - Introduction 2. [Crawl/Fuzz](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/crawl-fuzz.md) - Directory discovery 3. [XSS](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/xss.md) - Cross-site scripting 4. [CSRF](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/csrf.md) - Request forgery ### Week 5-6: First Exploitation 1. [Reverse Shells](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/reverse-shells.md) - Getting shells 2. [File Transfer](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/file-transfer.md) - Moving files 3. [Payloads](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/payloads.md) - Common payloads 4. [Webshells](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/web-shells.md) - Web-based access ### Resources for Beginners * [Pentesting Web Checklist](https://github.com/six2dez/pentest-book/blob/master/others/others/web-checklist.md) * [Wordlist Reference](https://github.com/six2dez/pentest-book/blob/master/others/others/wordlist-reference.md) * [Tool Index](https://github.com/six2dez/pentest-book/blob/master/others/others/tool-index.md) *** ## 🟡 Intermediate Path For those comfortable with basics, ready to deepen skills. ### Web Application Testing 1. [SQLi](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/sqli.md) - SQL injection mastery 2. [SSRF](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/ssrf.md) - Server-side request forgery 3. [XXE](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/xxe.md) - XML attacks 4. [LFI/RFI](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/lfi-rfi.md) - File inclusion 5. [Deserialization](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/deserialization.md) - Object attacks 6. [SSTI](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/ssti.md) - Template injection ### Authentication & Authorization 1. [Bruteforcing](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/bruteforcing.md) - Credential attacks 2. [JWT](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/webservices/jwt.md) - Token attacks 3. [OAuth](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/webservices/oauth.md) - OAuth flaws 4. [IDOR](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/idor.md) - Access control bypass 5. [API Security](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/api-security.md) - API testing ### Post-Exploitation Basics 1. [Linux Post-Exploitation](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/linux.md) - Linux privesc 2. [Pivoting](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/pivoting.md) - Network movement 3. [Privilege Escalation](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/privilege-escalation.md) - Overview ### Cloud Fundamentals 1. [Cloud Overview](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/README.md) - Cloud concepts 2. [AWS](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/aws.md) - AWS attacks 3. [Docker & Kubernetes](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/docker-and-and-kubernetes.md) - Container basics *** ## 🔴 Advanced Path For experienced testers looking to master advanced techniques. ### Advanced Exploitation 1. [Buffer Overflow](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/buffer-overflow.md) - Binary exploitation 2. [Web Exploits](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/web-exploits.md) - RCE chains 3. [Request Smuggling](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/request-smuggling.md) - HTTP desync 4. [Supply Chain](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/supply-chain.md) - Dependency attacks ### Windows & Active Directory 1. [Windows Post-Exploitation](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/windows/README.md) - Windows techniques 2. [Active Directory](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/windows/ad/README.md) - AD attacks 3. [Kerberos Attacks](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/windows/ad/kerberos-attacks.md) - Kerberos abuse ### Cloud Security 1. [Azure](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/azure.md) - Azure attacks 2. [GCP](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/gcp.md) - GCP attacks 3. [Serverless](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/serverless.md) - Function exploitation ### Evasion & Stealth 1. [RT/EDR Evasion](https://github.com/six2dez/pentest-book/blob/master/others/others/rt-edr.md) - Defense bypass 2. [Purple Team](https://github.com/six2dez/pentest-book/blob/master/others/others/purple-team.md) - Detection engineering ### Mobile Security 1. [Android](https://github.com/six2dez/pentest-book/blob/master/others/mobile/android.md) - Android testing 2. [iOS](https://github.com/six2dez/pentest-book/blob/master/others/mobile/ios.md) - iOS testing ### Specialized Topics 1. [Wireless Testing](https://github.com/six2dez/pentest-book/blob/master/others/others/wireless.md) - WiFi/Bluetooth 2. [Hardware Hacking](https://github.com/six2dez/pentest-book/blob/master/others/others/hardware.md) - Physical security 3. [Social Engineering](https://github.com/six2dez/pentest-book/blob/master/others/others/social-engineering.md) - Human factors *** ## 📋 Certification Paths ### OSCP-Focused 1. Network Scanning → Host Scanning → Ports 2. Web Attacks (SQLi, LFI, Command Injection) 3. Reverse Shells → File Transfer 4. Linux Privesc → Windows Privesc 5. Pivoting 6. Buffer Overflow basics ### Web Application Focus (BSCP/eWPT) 1. All Web Attacks sections 2. API Security 3. JWT, OAuth, OIDC 4. Web Technologies (all subsections) 5. Request Smuggling, Cache Poisoning ### Cloud Security Focus 1. AWS → Azure → GCP 2. Docker & Kubernetes 3. Serverless 4. Cloud Info Gathering ### Red Team Focus 1. All Post-Exploitation 2. AD & Kerberos 3. RT/EDR Evasion 4. Purple Team 5. Social Engineering 6. C2 Framework basics (Web Exploits) *** ## 🎯 Quick Reference by Task | I want to... | Go to... | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------- | | Find subdomains | [Subdomain Enum](https://github.com/six2dez/pentest-book/blob/master/others/recon/subdomain-enum/README.md) | | Scan a network | [Network Scanning](https://github.com/six2dez/pentest-book/blob/master/others/recon/network-scanning.md) | | Test for SQLi | [SQLi](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/sqli.md) | | Get a shell | [Reverse Shells](https://github.com/six2dez/pentest-book/blob/master/others/exploitation/reverse-shells.md) | | Escalate on Linux | [Linux Post-Exploitation](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/linux.md) | | Escalate on Windows | [Windows Post-Exploitation](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/windows/README.md) | | Attack Active Directory | [AD Attacks](https://github.com/six2dez/pentest-book/blob/master/others/post-exploitation/windows/ad/README.md) | | Test an API | [API Security](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/web/api-security.md) | | Test AWS | [AWS](https://github.com/six2dez/pentest-book/blob/master/others/enumeration/cloud/aws.md) | | Bypass EDR | [RT/EDR Evasion](https://github.com/six2dez/pentest-book/blob/master/others/others/rt-edr.md) | | Write a report | [Reporting](https://github.com/six2dez/pentest-book/blob/master/others/others/reporting.md) | | Find a tool | [Tool Index](https://github.com/six2dez/pentest-book/blob/master/others/others/tool-index.md) | | Find an attack | [Attack Index](https://github.com/six2dez/pentest-book/blob/master/others/others/attack-index.md) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.pentest-book.com/others/learning-path.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.