Overview

This project serves as a structured repository and documentation hub for the eJPT v2 (Junior Penetration Tester) certification preparation. It goes beyond theoretical study by implementing a hands-on approach to mastering the Penetration Testing Student (PTS) curriculum.

The project involves the creation of isolated, vulnerable sandbox environments to simulate real-world attack vectors, focusing on network pivoting, system hardening, and web application security. Additionally, it includes a repository of custom automation scripts written in Python and Bash to streamline the enumeration and exploitation phases.

Problem

Theoretical knowledge of cybersecurity concepts often lacks the depth required for real-world application. Standard study materials do not always cover the intricacies of setting up custom attack infrastructure or dealing with the nuances of specific OS configurations (specifically Linux internals).

Furthermore, manual execution of repetitive tasks during the reconnaissance phase (such as port scanning and service enumeration) is inefficient. There is a need for a unified workflow that combines manual pentesting precision with automated efficiency.

Solution

The solution is a dual-focused lab environment and toolkit:

  1. Infrastructure as Code: Deployment of local vulnerability labs using Docker containers and Virtual Machines (Fedora/Kali/Target Windows Systems) to practice exploitation safely.
  2. Tool Development: creation of a custom “Swiss Army Knife” library using Python to automate interaction with tools like Nmap and interact with network sockets directly.

The architecture emphasizes a “Linux-first” workflow, utilizing terminal-based tools and scripting to minimize GUI dependency and maximize understanding of underlying protocols (TCP/IP, ARP, DNS).

Technologies

  • Scripting & Automation: Python (Socket, Scapy, Requests), Bash Scripting.
  • Reconnaissance & Enumeration: Nmap, Wireshark, TheHarvester.
  • Exploitation Frameworks: Metasploit Framework (MSF), Burp Suite Community.
  • Environment & Virtualization: Fedora Linux (Host), Kali Linux (Attacker), Docker (Vulnerable Apps), VirtualBox/KVM.
  • Documentation: Markdown, Obsidian (for knowledge graph).

Key Features

  • Automated Network Scanner: A Python script that wraps Nmap to identify live hosts and open ports, outputting parsed results for rapid analysis.
  • Vulnerable Lab Setup: Docker Compose configurations to instantly spin up instances of DVWA (Damn Vulnerable Web App) and OWASP Juice Shop.
  • Traffic Analysis: Deep dive into packet capture analysis using Wireshark to understand the footprint of various attacks (SYN scans, Brute Force).
  • Exploit Customization: Modifying public exploits (PoCs) to fit specific lab environment constraints.

Results

  • Proficiency: Achieved deep understanding of the PTS lifecycle: Assessment, Enumeration, Exploitation, and Reporting.
  • Efficiency: Reduced initial reconnaissance time by approximately 40% through custom automation scripts.
  • Security Posture: Identified and patched configured vulnerabilities within the local lab environment, simulating Blue Team mitigation strategies.