Road Map : Basic in web: Http in explain. how the web works. Scanning: passive: asnmap cidrmap dnsx spiderfoot Active-Scan: nmap zenmap(GUI) masscan dnsx burpsuite(GUI) waybackurls katana gau gau-plus Reconnaisance: github shodan google fofa VirusTotol whatweb subfinder amass assetfinder sublist3r gobuster ffuf httpx httpx-toolkit whois Vulnerability Assesment: burpsuite(GUI) nikto nuclei nmap acunetix shodan Greenbone owasp-zap wp-scan joomla ExploitScanner Vega Vulnerability Type: XSS-i (Cross Site Scripting injection) SQL-i (Stractured Query Languege injection) File Upload (Vulnerability) Header Injection CSRF SSRF SSTI Command Injection Remote Code Execution LFI => path traversal RFI => Remote File Inclusion XML Injection XXE (Cross Site Entity) Broken Access Control IDOR (Insecure Direct Object Reference) Click-Jacking HTTP PUT File upload JSON Injection JWT Attack SMTP Injection LDAP (Light Weight Directory Access Protocol Injection) Subdomain take-over DNS Hijacking .env file exposure CORS (Cross Origin Resources Sharing) Web Socket-Hijacking