Offensive-Security-Lab-by-DAG
Educational pentesting lab – Red Team exercises with Kali Linux, Metasploitable2, Nessus, Burp Suit, Wireshark, tcpdump, Nmap, Metasploit Framework, SET, Hydra, sqlmap, aircrack-ng and vulnerable apps. Step-by-step reports, commands, and captures.
Overview
This project documents a structured 15-day Red Team pentesting lab. Each day covers a different offensive security concept, from reconnaissance and exploitation to post-exploitation and reporting.
The goal is both personal learning and providing a step-by-step educational resource for other beginners in cybersecurity.
Tools Used
- Nmap – host discovery and port scanning
- tcpdump – raw network traffic capture
- Wireshark – network packet analysis
- Metasploit Framework – exploitation and post-exploitation
- msfvenom – custom payload generation
- sqlmap – automated SQL Injection exploitation and database extraction
- Hydra – brute-force attacks on services (FTP, HTTP login)
- SET (Social Engineering Toolkit) – phishing and payload delivery
- aircrack-ng / airodump-ng – capturing and cracking WPA2 handshakes
- arpspoof / dnsspoof – Man-in-the-Middle and DNS spoofing
- iptables – traffic redirection and packet manipulation
- dnsmasq – lightweight DHCP & DNS server for FakeWiFi / captive portal
- hostapd – create a fake WiFi access point (FakeWiFi)
- Nessus – vulnerability scanning and assessment (incl. bind shell exploitation)
- Burp Suite – web application testing (proxy, repeater, intruder)
Structure
day01/ ├── commands.md # Commands used with explanations ├── report.md # Step-by-step report and analysis └── captures/ # Screenshots, PCAP files, payloads
day02/ ├── commands.md ├── report.md └── captures/
...
day15/ └── final-report.md # Full project summary and conclusions
Role of ChatGPT
The project was fully designed and executed manually by me.
ChatGPT was used only for:
- validation of steps,
- clarification of concepts,
- and structuring the documentation.
How to Use
How to use
- Clone the repository:
git clone https://github.com/dagcybersec/Defensive-Security-Lab-by-DAG.git
- Navigate through each day’s folder (day01 → day11).
- Open commands.md → contains all commands used with step-by-step explanations.
- Open report.md → daily analysis, results, and conclusions.
- Check the captures/ folder → screenshots, PCAP files, logs, or additional artifacts
License This project is released under the MIT License – see the LICENSE file for details.