{"id":3580,"date":"2022-05-10T06:12:40","date_gmt":"2022-05-10T06:12:40","guid":{"rendered":"https:\/\/osintme.com\/?p=3580"},"modified":"2022-05-21T13:00:16","modified_gmt":"2022-05-21T13:00:16","slug":"pentesting-osint-tools-and-tips-for-passing-pentest","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2022\/05\/10\/pentesting-osint-tools-and-tips-for-passing-pentest\/","title":{"rendered":"Pentesting &#038; OSINT tools (and tips for passing Pentest+)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"3580\" class=\"elementor elementor-3580\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3d2c4a6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3d2c4a6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9cd0249\" data-id=\"9cd0249\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-70e657a elementor-widget elementor-widget-image\" data-id=\"70e657a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"225\" height=\"225\" src=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2022\/05\/CompTIA-Pentest.png?fit=225%2C225&amp;ssl=1\" class=\"attachment-large size-large wp-image-3647\" alt=\"CompTIA Pentest+ OSINT\" srcset=\"https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2022\/05\/CompTIA-Pentest.png?w=225&amp;ssl=1 225w, https:\/\/i0.wp.com\/osintme.com\/wp-content\/uploads\/2022\/05\/CompTIA-Pentest.png?resize=150%2C150&amp;ssl=1 150w\" sizes=\"(max-width: 225px) 100vw, 225px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f681039 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f681039\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4544345\" data-id=\"4544345\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b12b400 elementor-widget elementor-widget-text-editor\" data-id=\"b12b400\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Today&#8217;s post is on the crossroads between the realms of OSINT and penetration testing. It&#8217;s come to life as a result of my research and exploration of the pentesting methodologies, approaches, frameworks and tools.<\/p><p>Last year when discussing <a href=\"https:\/\/osintme.com\/index.php\/2021\/09\/30\/osint-me-tricky-thursday-8-url-manipulation\/\">URL manipulation<\/a> I briefly mentioned some techniques of web parameter tampering, which is not a strictly OSINT method, because it involves interaction with the target as opposed to passive open source research only.<\/p><p>Here are some tools that I have come across and tested (some more thoroughly, some less). If you have any interest in pentesting as a casual hobby (like I do), then you should enjoy this list.<\/p><p><strong>PS.<\/strong> After the tools part, you&#8217;ll find my tips on passing the CompTIA Pentest+ certification.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7c5f288 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7c5f288\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f456538\" data-id=\"f456538\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-33be277 elementor-widget elementor-widget-heading\" data-id=\"33be277\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Credentials harvesting \/ password cracking<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-796a975 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"796a975\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-579a5b8\" data-id=\"579a5b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f55885b elementor-widget elementor-widget-text-editor\" data-id=\"f55885b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>NOTE:<\/strong> Data breach dumps research remains a huge area of interest for OSINT and an important source of intelligence (discussed <a href=\"https:\/\/osintme.com\/index.php\/2021\/04\/18\/20-osint-resources-for-breach-data-research\/\">here<\/a>). Do remember however that there is a red line between collecting credentials and using them in an unauthorised manner to log into other people&#8217;s accounts. Dumped password and hash cracking is not illegal; but using those passwords and hashes to log in somewhere where you are not authorised to go &#8211; that can be against the law.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0793bf9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0793bf9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1a06406\" data-id=\"1a06406\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-742f4bd elementor-widget elementor-widget-text-editor\" data-id=\"742f4bd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Cain_and_Abel_(software)\">Cain &amp; Abel<\/a> &#8211; legacy password cracking tool. It also had an ability to record VoIP calls. No longer supported, so only an honourable mention here rather than a real recommendation.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/cewl\/\">CeWL<\/a> (Custom Word List generator) &#8211; for creating word lists that can be used by password crackers listed here. Can also be used for creating usernames lists.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/dirbuster\/\">DirBuster<\/a> &#8211; a brute-forcing tool for enumerating files and directories on a web server.<\/li><li><a href=\"https:\/\/www.openwall.com\/john\/\">John the Ripper<\/a> &#8211; password cracking tool, available in both free and premium versions.<\/li><li><a href=\"https:\/\/hashcat.net\/hashcat\/\">Hashcat<\/a> &#8211; password recovery \/ password cracking tool. Remember, to be effective with it, you will need to have a powerful GPU (or several of them, if using a password cracking rig).<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/hydra\/\">Hydra<\/a> &#8211; a login cracker that supports numerous protocols to attack.<\/li><li><a href=\"http:\/\/foofus.net\/goons\/jmk\/medusa\/medusa.html\">Medusa<\/a> &#8211; another login brute forcer.<\/li><li><a href=\"https:\/\/attack.mitre.org\/software\/S0002\/\">Mimikatz<\/a> &#8211; retrieves credentials from memory of Windows systems &#8211; plaintext Windows account logins and passwords.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/patator\/\">Patator<\/a> &#8211; multi-purpose brute forcer.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5c4c914 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5c4c914\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b788442\" data-id=\"b788442\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e2abc21 elementor-widget elementor-widget-heading\" data-id=\"e2abc21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Debugging<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b397c0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6b397c0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-76f0688\" data-id=\"76f0688\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-058fe83 elementor-widget elementor-widget-text-editor\" data-id=\"058fe83\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/www.sourceware.org\/gdb\/\">GDB<\/a> &#8211; debugger for Linux, supports multiple languages<\/li><li><a href=\"https:\/\/www.immunityinc.com\/products\/debugger\/\">Immunity Debugger<\/a> &#8211; pentesting support tool, useful for reverse engineering of malware.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/ollydbg\/\">OllyDbg<\/a> &#8211; Windows debugger, old software at this stage. The main <a href=\"https:\/\/www.ollydbg.de\/\">page<\/a> for the project states the development is currently frozen.<\/li><li><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/debugger-download-tools\">WinDbg<\/a> &#8211; a Windows debugging tool, created by Microsoft.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f5bbd50 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f5bbd50\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bcde722\" data-id=\"bcde722\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2cf75cc elementor-widget elementor-widget-heading\" data-id=\"2cf75cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">OSINT &amp; passive reconnaissance<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-abb4ac9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"abb4ac9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8f321c7\" data-id=\"8f321c7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c8fe43d elementor-widget elementor-widget-text-editor\" data-id=\"c8fe43d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>NOTE:<\/strong> Some of the tools and functionalities listed here (like Shodan, Nslookup, Whois, etc.) can be used in a browser or directly from the command line. Remember that often the results of using them in the terminal can vary from their web counterparts!<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-56873db elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"56873db\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0450a99\" data-id=\"0450a99\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2fcde0f elementor-widget elementor-widget-text-editor\" data-id=\"2fcde0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/censys.io\/\">Censys<\/a> &#8211; a web-based tool that probes IP addresses and provides access to all this information through a search engine. Similar to Shodan, see below.<\/li><li><a href=\"https:\/\/foca.en.softonic.com\/\">FOCA<\/a> (Fingerprinting Organizations with Collected Archives) &#8211; used to find metadata within documents and common file formats.<\/li><li><a href=\"https:\/\/www.maltego.com\/\">Maltego<\/a> &#8211; mainly a commercial product with some free features; used for visualisation of data gathered via OSINT. It can help with automation too.<\/li><li><a href=\"https:\/\/www.nslookup.io\/\">Nslookup<\/a> &#8211; used to identify the IP addresses associated with an organisation.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/recon-ng\/\">Recon-ng<\/a> &#8211; a modular web reconnaissance framework for managing your OSINT work.<\/li><li><a href=\"https:\/\/who.is\/\">Whois<\/a> &#8211; information from public records about domain ownership.<\/li><li><a href=\"https:\/\/www.wireshark.org\/\">Wireshark<\/a> &#8211; open source protocol analysis tool for packet sniffing &amp; analysis; no interaction with the target is necessary, Wireshark simply inspects\u00a0the bypassing wireless (or wired) network traffic.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/theharvester\/\">theHarvester<\/a> &#8211; good for finding email addresses, employee names, virtual hosts, infrastructure details and more about an organisation of interest.<\/li><li><a href=\"https:\/\/github.com\/trufflesecurity\/trufflehog\">TruffleHog<\/a> &#8211; scans code repositories like Github for unintentionally disclosed information.\u00a0<\/li><li><a href=\"https:\/\/www.shodan.io\/\">Shodan<\/a> &#8211; specialised search engine for many things online, from vulnerable IoT devices to servers, hosts, webcams and more. I covered many Shodan queries in detail <a href=\"https:\/\/osintme.com\/index.php\/2021\/01\/16\/ultimate-osint-with-shodan-100-great-shodan-queries\/\">here<\/a>.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f0f7cfa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f0f7cfa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fd6e7c5\" data-id=\"fd6e7c5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-17765a3 elementor-widget elementor-widget-heading\" data-id=\"17765a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerability scanning<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0a2ba1c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0a2ba1c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0e43e18\" data-id=\"0e43e18\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-72084ce elementor-widget elementor-widget-text-editor\" data-id=\"72084ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"https:\/\/brakemanscanner.org\/\">Brakeman<\/a> &#8211; static analysis tool used for code scanning of Ruby on Rails applications.<\/li><li><a href=\"https:\/\/www.tenable.com\/products\/nessus\">Nessus<\/a> &#8211; commercial product; vulnerability scanning tool used to scan various devices and environments.<\/li><li><a href=\"https:\/\/www.kali.org\/tools\/nikto\/\">Nikto<\/a> &#8211; vulnerability scanning tools for web servers.<\/li><li><a href=\"https:\/\/www.open-scap.org\/\">Open SCAP<\/a> (Security Content Automation Protocol) &#8211; a set of tools from <a href=\"https:\/\/www.nist.gov\/\">NIST<\/a>; designed to help manage compliance and create baselines of security standards.<\/li><li><a href=\"https:\/\/www.openvas.org\/\">OpenVAS<\/a> &#8211; an open source vulnerability scanner. Easy to detect though if used to search broadly.<\/li><li><a href=\"https:\/\/github.com\/nccgroup\/ScoutSuite\">ScoutSuite<\/a> &#8211; for auditing the security posture of cloud environments.<\/li><li><a href=\"https:\/\/sqlmap.org\/\">Sqlmap<\/a> &#8211; used to automate SQL injection attacks against web applications containing databases.<\/li><li><a href=\"https:\/\/wapiti-scanner.github.io\/\">Wapiti<\/a> &#8211; web app scanner for detecting vulnerabilities; heavily focused on the API testing.<\/li><li><a href=\"http:\/\/w3af.org\/\">W3AF<\/a> &#8211; open source web application vulnerability scanner.<\/li><li><a href=\"https:\/\/wpscan.com\/wordpress-security-scanner\">WPScan<\/a> &#8211; designed to scan WordPress sites.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f59a7f8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f59a7f8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-93c6bd8\" data-id=\"93c6bd8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-588d1a7 elementor-widget elementor-widget-heading\" data-id=\"588d1a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Tips for passing CompTIA Pentest+<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cb1a881 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cb1a881\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3f2962b\" data-id=\"3f2962b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-be84d69 elementor-widget elementor-widget-text-editor\" data-id=\"be84d69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>Having passed CySA+ last year, I found that knowledge and experience helpful. See my post on the CySA+ exam tips <a href=\"https:\/\/osintme.com\/index.php\/2021\/05\/26\/tips-and-resources-for-passing-comptia-cysa\/\">here<\/a> &#8211; some of these tips apply to Pentest+ too in the same fashion.<\/li><li>Simulation questions (I got 4 of those, bigger and longer ones) bring more points than the regular ones. I left them until the end. They require more focus and thinking; it might feel frustrating or counterproductive to start off with them, only to get bogged down with something at the very beginning of your exam. I took the same approach with the CySA+ simulation questions too.<\/li><li>When doing practice tests, focus on understanding the answers and not just memorising them. Similar questions often get asked in a roundabout way.<\/li><li>Certain questions test your understanding of things like situational awareness during a penetration test, the constraints of ROE (rules of engagement), the SOW (statement of work) and so on; as well as general methodologies such as OWASP or MITRE. Make sure to cover those in a way that gives you a working knowledge, without having to blindly memorise a lot of the content from the Planning and Scoping part of the <a href=\"https:\/\/partners.comptia.org\/docs\/default-source\/resources\/comptia-pentest-pt0-002-exam-objectives-(4-0)\">exam objectives<\/a>.<\/li><li>Even a very general understanding of Windows and Linux command line (as well as some basic bash scripting methods) will go a long way.<\/li><li>Cover your SQL injection attacks, their types and their remediation methods. You will most certainly be presented with specific examples during the simulation questions.<\/li><li>Knowing Nmap flags is a must. The best way to practice with Nmap is hands on. As an additional help, I used the GUI version, <a href=\"https:\/\/nmap.org\/zenmap\/\">Zenmap<\/a> &#8211; you can easily build your scan commands there.<\/li><li>Sign up to Try Hack Me and try to complete their excellent <a href=\"https:\/\/tryhackme.com\/path\/outline\/pentestplus\">Pentest+ learning path<\/a>. It&#8217;s a great way to combine theory with practice. It&#8217;s over 50h long &#8211; if you can&#8217;t do it all, focus your hands on practice on wherever you feel like you have knowledge gaps.<\/li><li>For your prep, I would recommend the <a href=\"https:\/\/www.wiley.com\/en-us\/CompTIA+PenTest%2B+Study+Guide%3A+Exam+PT0+002%2C+2nd+Edition-p-9781119823810\">Sybex Pentest+ books<\/a>, both the general study guide and the tests (they contain something like 1000 test questions).<\/li><li><a href=\"https:\/\/www.diontraining.com\/udemy\/\">Dion Training<\/a> on Udemy is very good as always, and his set of 6 practice tests is a solid resource; there will be several hundred of questions in those, worth practicing on.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9b59c52 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9b59c52\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-323f8cd\" data-id=\"323f8cd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e293da9 elementor-widget elementor-widget-text-editor\" data-id=\"e293da9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em><strong>Hope this helps. If you have tips or suggestions that I did not cover, add them in the comments below.<\/strong><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Sharing some useful tools for OSINT and penetration testing, as well as some tips for passing the CompTIA Pentest+ exam.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[136,143,122,20,146,87],"class_list":["post-3580","post","type-post","status-publish","format-standard","hentry","category-open-source-intelligence","tag-comptia","tag-learning","tag-pentesting","tag-software","tag-tools","tag-training"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/3580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=3580"}],"version-history":[{"count":64,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/3580\/revisions"}],"predecessor-version":[{"id":3666,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/3580\/revisions\/3666"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=3580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=3580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=3580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}