Little tips or things that might help from time to time. This post is an evergreen page, I will just add a sentence or paragraph about a topic. There will not be a flow from one topic to the next. 🙂
In Kali Linux, if you are doing Android work you will need to start the adb server. So here is the command: sudo adb start-server. I made a script so I can just kick it off before I start working with an Android device.
If you are looking for a tool to help you gather information about a website I recommend you start with sn1per from 1n3 at CrowdShield. https://github.com/1N3/Sn1per
MobSF is a great tool for pen testing mobile applications, well mostly Android.
Notes, as a pen tester you need to keep detailed notes as you work. I recommend finding some tool you like and using it. I keep screenshots and pics in a folder named for the pen test or component so I have them later.
Remember, you are doing this because it is fun and challenging and you want to make a company, product, etc. more secure.
One tool that is used a lot is nmap and finding a set of switches you like can take a while. The one I am using right now is nmap -p- -A IPADDRESS -oA filename. The -p- is a short cut to scan all ports on the given IP Address. The next switch is -A which runs a set of scans against the IP Address. The last switch is -oA and this tells nmap what to name the files that are output from the scan.