Complete Penetration Testing and Ethical hacking Bootcamp

Get started from scratch and become job ready penetration Tester. Be an Ethical Hacker and Hunt as a Bug Bounty Hunters
4.3 (204 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
1,703 students enrolled
92% off
Take This Course
  • Lectures 72
  • Length 11 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 4/2016 English

Course Description

Welcome to the world’s one of the most advance course on Penetration Testing and Ethical Hacking. Everyone is trying to learn How to design website or how to build networks or products. But you are different from others; you have chosen a path where you will learn to protect those products from intrusion of Hackers. We would like to salute your decision.

Attacks by Hackers are not a new story now days, you hear about it every other day. And the reason is obvious; no one bothers about security. Think about the last web development course that talks about SQL Injection or XSS attack. When you learn about Information security and that too at such a practical level, you can offer your skills to big and small companies get hired there or work as a free lancer. This penetration-testing course also talks about getting payment via BUG BOUNTIES too.

Every major company like Google, Apple, PayPal etc. have a security division which requires security experts like you, not even an official degree is required for it. All they ask for is your skills that this covers up. World require so many security professionals but we are not able to produce even the fractions of requirement.

This course is designed very carefully so that everyone can learn from it, even non-programmers. Also this course is very crisp in covering topics, this means we will not be wasting 3-4 hours just on installation or learning jargon terms.

Mac, Linux or Windows is not at all a problem. We only use tools that are cross platform. Our strategy is to take students from all operating system and merge them on same platform like Kali Linux and Parrot OS, so that it gives best learning experience.

We will introduce you to most advance topics in Pentesting as well as teach you that how you can learn by yourself, without reading any book or taking any course in future. Along with course, we will point you towards dedication and free resources that will make you subject expert.

Also we will install our custom vulnerable test beds and attack on them. This will   washes out the worry of legal issues. Also there are few challenges for you that will push you little hard to use your capabilities at the fullest. 

Jump in the course and Welcome to the world of Information Security, Penetration Testing, Ethical hacking and Bug Bounties

Important note: Support of windows XP is dropped by Microsoft, we have used it in few lectures. Regardless, you can either skip those couple lectures or just watch them, as concept goes same.

What are the requirements?

  • A computer (MAC/Windows/Linux) any will work
  • Basics of computer technology
  • Virtual box - FREE (installation covered in the course)
  • NO prerequisites for this course

What am I going to get from this course?

  • By the end you will be able to understand all Information Security terminologies
  • You will be able to install and use all pentesting tools, even the new ones too
  • you will be able to hunt bugs and will be able to earn with them by reporting them
  • you will be able to document the pentesting reports
  • You will be able to defend your products and network from intrusion by Hackers

Who is the target audience?

  • Individuals looking to earn via BUG BOUNTIES
  • Students looking to expand their knowledge in IT security
  • Become a paid penetration tester
  • Develop secure websites and secure products

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Must have basics for a Penetration Tester

Before we even jump into the course, let's explore the interface of our learning platform, adjusting the settings and detailed overview of what is about to come


Lets be clear on what is pentesting and what is our area of scope. Penetration testing is a formal procedure to find vulnerabilities in the product and fix them.


We will not only teach a skill we will also teach you that how you can offer your skills to others and get paid for it. Lets explore the options of bug bounties


Lets explore the terms like white hat hacking, black hat hacking, black box testing and white box testing. These terms are the most common terms, so it's a good idea to get friendly with them


Few more important terms are proxy because we will be installing proxy chains to hide our identity. Also we will be using virtual box to take every user on same page


now finally it's time to grab all the tools that we will be needing. Ofcourse this will not be a full list but we can just work with this for a start. If we will need anything else, for sure it will be cross platform and will be informed in advance.

Section 2: Installation and configuration of lab for pentesting

Virtual box is a software that allows us to install a complete operating system in just a software, also it can be said that OS in controlled environment. If anything goes wrong then we can simply delete the OS and our original os will be safe


The tools that we will go through will be open source. Although you can install them on any linux but sometimes there is an issue of dependencies. Therefore we will be using a dedicated operating system to make sure that we can focus on learning the rather spending half of the time in just installation.


UPDATE : A new update for the windows users in installation


Now that our Virtual box is installed, we will now take a toor of this new software. We will try to be friendly with all menu items as well as learn the solution of problems such as full screen mode.


As talked earlier, we might require more tools to proceed, so this movie will help you to grab more tools like metasploitable and few windows trial version in order to practice.


Metasploitable is an intentionally vulnerable machine that is specially designed to practice all the attacks without getting too much worried about the legal issues. Let's learn to install it and crack it down


Finding windows XP is not an easy task but microsoft still gives a few trial and free virtual machines, on which we can practice. Of Course, windows XP is a very good playing platform for exploitation


Now that our attacker machine AKA Kali linux is installed, its a good idea that we take a little tour to the operating system. there are a few small settings that we need to do, to make sure that scan keeps on with no hurdles.


There are many tools that are installed in the kali, in this movie we will take a tour of these tools. Also we will learn to update the machine. By updating the machine we can be sure that more tools can be easily updated.

Section 3: UPDATE - optional linux section. Just basics yet important part of all linux
Bash shell and navigation in linux
Files and files permission in linux
Case study, directories and files with VIM and NANO
Manipulation of file data
Grep, piping and sudo in linux
Section 4: Gathering information to perform pentesting

Tor or also known as onion browser is known for anonymity. We will learn to install and configure this browser on kali linux. Also we will have a quick look at dark web sites


Proxies are a way to hide your location or basically route the entire traffic via a different server. It helps us to improve the anonymity. We will install proxychains and with this we can make n number of stops between the traffic.


MAC address also know as physical address of your ethernet device or wireless device is your main identity over the internet, apart from IP. We will learn to mask or change the current mac address.


there are many methods to gather information of our client, one of them is DNS enumeration. We also take a look on what is open DNS


Although, zone transfer vulnerability is very rare to see now a days but still we will look at this vulnerability on a dedicated platform.


DIG is another tool that gives more detail information about DNS information. Let's have a look on DIG tool which ships in Kali linux.


DNStracer is the utility which calculates the path of our request to the server and plots it nicely on graphical interface. We will also have a quick look on wireshark.


Dimitry is a built in tool in kali that gather a lots of information about the company like email ID and DNS information but there are many better tools available now.


Finding email is one of the important part as it can be later used for social engineering. Also we will look at generating reports.


Now that we have talked about a lot of tools, here is the time give you a very small and easy assignment. Also let's have a look on recon-ng

Section 5: Learning about Nmap, Nikto, OpenVas and report genrating

Some little tweaks are necessary to make our lab good and ready for future exploitation labs. In order to work it is necessary to get ping reply from other virtual machines.


Nmap is like the best tool for network mapping and a must known for every pentester. Let's open our wireshark which comes as a default in kali linux and capture some traffic


In the last movie there was an assignment and in this movie we will solve this assignment. Let's learn to do port scanning in vulnerable machine.


Ok now we have a knowledge of vulnerability, so it's time to take advantage of that vulnerability and exploit the machine.


Just like other scanning tool, nikto is one more scanning tools available in kali linux. Nikto gives us a bunch of information that we will explore in this movie

OpenVas Installation and configuration

Submitting a report is the final task is the pentesting, there are a lot of tools that generate report and submit it to client. Every company follows their own report format.

Section 6: Performing a Penetration Testing on a client

NDA stands for Non Disclosure Agreement, which is an official document stating that you are authorised to perform penetration testing. Also make sure that if you are not allowed to use particular tool, that is also mentioned in the document


After signing NDA, first step is to gather information about client like domain info, emails, servers used and scanning of open port and related services.


Now that we have an idea about vulnerabilities, we can now process to exploit those vulnerabilities. We will learn to run the exploits using msfconsole, which we will take in detail later in this course


It is not compulsory that you always get success in exploiting the first vulnerability. Sometimes vulnerability is there but we are not able to get success, in that case search for another one to present prof of concept


One new thing that we will learn in this movie is to use wireshark to sniff traffic. If the application is not encrypting the traffic then we can even grap username and password.


Nmap also allows you to use some basic inbuilt or custom designed scripts too. In this movie we will learn to use one of these scritps for pentesting

Section 7: Web Application Penetration Testing

Web application pentesting is the most hot topic out there because there are many websites and application are out there, having many potential vulnerability and of course getting hacked everyday. More chances of Bug bounties are here


There are many test beds that can be installed for learning purpose but we will start from easy ones like DVWA aka Damn Vulnerable Web Application


There are a few important tools and addons that Kali is missing, we will learn to install them and learn a little about their interface


Our first vulnerability in the test bed is going to be the serious one. Recently this vulnerability was in google cloud based service and was paid with 3000 dollars when reported.


XSS or cross site scripting is most common with the increasing domination of javascript. Also the impact of XSS is now more aggressive.


There is a great one page learning resource for learning about all kind of XSS. This is a trusted resouce and we recommend this resource to all


Google has it's own program to reward responsible disclosure of vulnerabilities in their products just like facebook, paypal and several others. 


CSRF attack can allow unwanted actions from the user and user may even change their password without knowing about it. Let's take a close look at CSRF


Yes, there is a great resource to learn more about SQL Injection in detail and that too for free. Watch the video and get started with it. Resource is free and will be free

Section 8: Automation of Web Application pentesting
Web application Pentesting automation with Vega

SQL map is a python based tools that perform SQL Injection and checks for many injection vulnerability. Best part is tools is completely open source and can be edited for custom usage with little knowledge of python


Open Web Application Security Project did launched a tool known as Zed Attack proxy, although the name use proxy but it is much more than that.


Present internet scenario says that you will get a lot of pentesting for CMS based site and most popular CMS is Wordpress. We will learn to perform an automated pentesting on such CMS


usually, we don't recommend paid tools in any of our course, keeping in mind that most of you are starting from scratch but it's always good to show all the options and let you decide, what is best and what is not

Section 9: Wep App Pentesting Challenge

Installation of this test bed is going be biggest challenge of the entire series. If you will solve all these challenges (solutions are already in the test bed, watch next movie for hints) then for sure, your first BUG BOUNTY is not going to be far


Here is a quick tip to get started and learn about How to solve the above challenge. Make sure you take a little time to solve this challenge

Section 10: Getting started with metasploit Framework

Metasploit is the biggest framework for exploitation in the entire pentesting industry, completely designed in ruby. In this movie we will explore the architecture of the metasploit.


msfconsole is the major and most famous way to interact with metasploit framework. Let's explore msfconsole, along with types on exploits.


Setting up msf database is easy and makes search operation a lot faster. Also if the database is not set, then we cannot run armitage in next movie


Armitage is a graphical version of msfconsole but don't be mistaken, it is very powerful, automted and easy to easy. Let's look at the interface of Armitage.


SET or Social Engineering Toolkit is a framework that helps you to use your social skills to launch some client side attacks. Let's take a look on client side attacks

Section 11: Wireless Pentesting

Wireless pentesting is fairly new domain in pentesting and has been overlooked for a long time. Before we even get started with it, let's learn the new terminologies


We expect that you got a new alfa card for this section, so it's a good idea that we take a look on the possibilities with this card and its capabilities.


Cracking WEP is not a big deal now, anyone can do it with right tools and cracking is for sure. Also there are a few attacks that can be made on WPA and WPA2, let's have a look on them


Airmon-ng and airodump-ng is one of the tool that comes as a package in aircrack-ng suite of tools. In this movie we will learn to use them along with capturing traffic from wireless using wireshark


Evil twin is the method in which we create a malicious SoftAP aka an Access point completely from software. Also we will learn about DeAuth attack in wireless

Section 12: Thanks for taking the course and future updates

Thanks for taking this course. We really enjoyed in putting up this course for you. We would really appreciate if you could take few more minutes of your valuable time in rating the course too.
Thanks in advance!

Section 13: UPDATE - Password attacks
Basics of Password attacks and Crunch password generators
Cracking linux password with john

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Igneus Technologies, Best Comprehensive Courses

We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.

IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.

IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.

Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.

Ready to start learning?
Take This Course