root@rumais:~# enumerate --surface web

root@rumais:~# ls /srv/playbooks

Playbooks

Topic-based notes distilled from INE PTS and PEH lab work. These are structured as reusable workflows rather than challenge-specific answer sheets.

INE PTS

SQL Injection Workflow

Start by fingerprinting parameters and request flow, confirm the behavior manually, and only then move into automation. Focus on differentiating reflected input, boolean influence, error-based disclosure, and database-backed behavior before reaching for tooling.

Input validation | manual probing | controlled exploitation

INE PTS

Burp Suite Basics

Use Burp as a traffic microscope: capture, replay, mutate, and compare. The workflow in the lab centered on hidden routes, debug parameters, and request replay through Proxy, Repeater, and Intruder until sensitive functionality was exposed.

Proxy | Repeater | Intruder | content discovery

INE PTS

Scanning and Fingerprinting

Move from host discovery into service and OS detection in layers. The key lesson is to correlate ICMP discovery, SYN scan results, service versions, and operating system signals before making assumptions about server and client roles.

fping | nmap -sn | nmap -sS | nmap -sV | nmap -O

INE PTS

Nessus Validation Workflow

Use discovery to identify the target, profile the exposed services, scope the plugin set to reduce noise, then validate critical findings manually. The value is not the scanner output alone, but the analyst’s ability to verify exploitability and explain risk clearly.

Asset discovery | plugin tuning | validation | reporting

INE PTS

Null Session Enumeration

Anonymous SMB access can still expose valuable information. The repeatable workflow is: identify SMB services, test null session behavior, enumerate shares and account data, then validate access using smbclient or equivalent tooling.

enum4linux | smbclient | share enumeration

PEH

Kioptrix Method Notes

This lab is useful for old-school service-driven exploitation. Enumeration linked web disclosure, Samba fingerprinting, and exploit research into a working foothold, with both Metasploit and manual exploitation paths considered.

nikto | samba versioning | exploit validation

PEH

Blue Notes

Blue remains a good Windows fundamentals lab for learning how service discovery, exploit selection, and post-exploitation fit together in a straightforward workflow.

Windows enumeration | exploit selection | post-exploitation

PEH

Juice Shop Workflow

Juice Shop is treated here as a controlled target for learning modern web testing habits: map the application, observe client-side behavior, locate hidden features, and tie each bug back to risk rather than just collecting challenge solves.

Web mapping | client-side analysis | OWASP patterns

Why These Notes Matter

These notes show how I document repeatable workflows, reduce trial-and-error testing, and turn lab work into something practical and reusable.