Penetration Tester Manual

Today I bring a very special post. This publication has been delayed a couple of weeks because I was finishing polishing it, and I wanted it to be perfect.

I’ve been working for quite some time on a guide with the basics of pentesting, the different steps that a security auditor takes to perform an ethical hacking to a web application. Finally it is ready, and today I bring it to you in this post.

One of the first books I read when I started in the world of cybersecurity was “The Web Application Hacker’s Handbook 2”, by Dafydd Stuttard and Marcus Pinto. This book, although it is something old, describes in great detail the whole process of ethical hacking.

Penetration Tester Manual

While I was reading it, I took notes of the techniques and advice that he himself collected. Some time later, I have been completing it with more updated information that I have obtained from other sources and from my own experience of the audits that I have carried out, as well as tools that have been very useful to me at the time of automating the hacking techniques of each phase.

And this is how this first version of the Ethical Hacking Manual comes about. 

I have made this project in CherryTree, the application to take notes that I use, with the idea that the phases can be marked, and can be added captures of the evidence collected in each section:


However, I am aware that there are many people who do not use this tool, so I also offer the possibility of downloading the manual in PDF or HTML format.

This is the initial version, so any contribution with information, useful tools, or anything you see can be improved, do not hesitate to tell me by mail (

Without waiting any longer, I leave you the link so you can download and try this manual. I hope you find it useful.


4.1/5 - (215 votes)

Leave a comment