Skip to main content

Pentesting Methodology

Start with a structured approach to penetration testing engagements

Web Vulnerabilities

XSS, SQLi, SSRF, SSTI, deserialization and more

Linux Privilege Escalation

Techniques to escalate from low-privilege to root on Linux systems

Active Directory

Complete methodology for attacking Windows AD environments

What is HackTricks?

HackTricks is a comprehensive, community-driven cybersecurity knowledge base that documents hacking techniques, pentesting methodologies, and security research findings. Originally built from CTF experience and real-world penetration testing, it has grown into one of the most referenced resources in offensive security.
HackTricks covers everything from beginner-friendly Linux basics to advanced kernel exploitation, covering web, network, mobile, hardware, and cloud security domains.

Explore by Domain

OS Security

Linux, macOS, and Windows privilege escalation and hardening

Web & Network

Web application attacks and network service exploitation

Mobile

Android and iOS application pentesting

Binary Exploitation

Stack overflows, ROP chains, heap exploitation

Cryptography

Padding oracles, CBC bit flipping, hash attacks

AI Security

LLM prompt injection and AI system attacks

Key Topics

Structured frameworks for conducting professional penetration tests — covering external recon, network enumeration, lateral movement, and reporting. Includes methodology for web apps, APIs, mobile apps, and network infrastructure.
Comprehensive guides for escalating privileges on Linux (SUID, capabilities, sudo misconfigurations, kernel exploits), macOS (TCC, SIP bypasses, XPC vulnerabilities), and Windows (token abuse, ACL attacks, service misconfigs, Active Directory attacks).
In-depth coverage of OWASP Top 10 and beyond — XSS, SQL Injection, SSRF, SSTI, XXE, CSRF, deserialization, file upload bypass, command injection, and advanced techniques like HTTP request smuggling and cache poisoning.
Attack guides for 100+ network protocols — from common services (SSH, FTP, SMB, RDP) to industrial protocols (Modbus, BACnet, OPC-UA) and database services (MySQL, MSSQL, MongoDB, Redis, Elasticsearch).
Complete AD attack methodology including Kerberoasting, AS-REP Roasting, Pass-the-Hash, Pass-the-Ticket, DCSync, Golden/Silver Tickets, BloodHound enumeration, and certificate-based attacks (ESC1-ESC13).

Run HackTricks Locally

Clone the repository and run with Docker to get a local copy with full search: 
git clone https://github.com/HackTricks-wiki/hacktricks
export LANG="master"  # or language code: es, fr, de, zh, ja...

docker run -d --rm --platform linux/amd64 \
  -p 3337:3000 \
  --name hacktricks \
  -v $(pwd)/hacktricks:/app \
  ghcr.io/hacktricks-wiki/hacktricks-cloud/translator-image \
  bash -c "cd /app && MDBOOK_PREPROCESSOR__HACKTRICKS__ENV=dev mdbook serve --hostname 0.0.0.0"
Your local copy will be available at http://localhost:3337 after a short build time.

Community & Contributions

HackTricks is open-source and community-driven. Contributions are welcome — new techniques, bug fixes, and translations are all appreciated.

GitHub Repository

Star the repo, submit PRs, or report issues

HackTricks Cloud

Cloud and infrastructure pentesting (AWS, Azure, GCP, K8s)

Build docs developers (and LLMs) love

Get started for freeTalk to us