ONIONBIN.SPACE

// SECURE REPOSITORY & LAB ENVIRONMENT

Step-by-Step Lab: Network Recon

Metasploitable 2 Reconnaissance

  • Deploy a vulnerable VM (Metasploitable 2) on your local VirtualBox/VMware network.
  • Identify the target IP using netdiscover -r [your-subnet].
  • Run a service scan: nmap -sV -sC -T4 [target-ip].
  • Analyze open ports. Look for outdated services like VSFTPD 2.3.4.

Mastering the Arsenal: Tool Tutorials

1. Nmap (Network Mapper)

What it is:

An open-source tool used for network discovery and security auditing.

How to use it (Basic Service Scan):

nmap -sV -sC 192.168.1.100

Pro-tip: -sC runs default scripts, -sV grabs service versions.

2. Burp Suite

What it is:

The industry-standard graphical tool for testing web application security. Acts as an intercepting proxy.

How to use it (Intercepting Traffic):

  • Navigate to the Proxy > Intercept tab and ensure Intercept is on.
  • Use Burp's built-in browser to navigate to a target website.
  • Modify parameters in the raw request, then click Forward.

3. SQLmap

What it is:

Automates the process of detecting and exploiting SQL injection flaws.

How to use it (Basic Injection Test):

sqlmap -u "http://target.com/page.php?id=1" --dbs
  • Once databases are found, dump tables: sqlmap -u "..." -D db_name --tables.

Advanced Dork Generator

Build custom Google Dorks to uncover exposed files, directories, and vulnerabilities.

// Output will appear here...

Free Digital Library

OWASP Web Security Testing Guide

The premier open-source cybersecurity testing resource for web application developers and security professionals.

Access WSTG →

Kali Linux Revealed

The official, free digital book from Offensive Security on mastering the Kali Linux penetration testing distribution.

Download PDF →

Reverse Engineering for Beginners

A massive, comprehensive, and entirely free guide to understanding x86, x64, ARM, and software reverse engineering.

Access Book →

PTES Technical Guidelines

The Penetration Testing Execution Standard. A highly detailed framework mapping out exactly how to conduct a professional pentest.

Read Standard →