Last updated: July 2026
A structured learning path from zero to junior penetration tester - topics, tools, labs, certifications, and hands-on guides.
Live roadmap: securitycipher.com/penetration-testing-roadmap
- Read Intro.md for the recommended learning path and TL;DR
- Work through phases: Foundations → Web → Infrastructure → Specialize → Labs & certs
- Open any topic below for a short guide with tools, labs, and links
- See FAQ.md for career and cert questions
| Phase | Focus | Time (part-time) |
|---|---|---|
| 1. Foundations | Linux, networking, scripting, crypto basics | 4-6 weeks |
| 2. Web security | HTTP, OWASP Top 10, Burp Suite, PortSwigger Academy | 6-8 weeks |
| 3. Infrastructure | AD basics, cloud, wireless, recon | 6-8 weeks |
| 4. Specialize | Web, cloud, mobile, API, or LLM track | Ongoing |
| 5. Prove it | HTB, TryHackMe, certs (eJPT, Security+, OSCP) | 3-6 months |
Full write-up: Intro.md
- OWASP Top 10
- API Security
- Methodology - pentest phases, rules of engagement, reporting
- Recon - OSINT, subdomains, JavaScript analysis
- Active Directory
- Cloud
- Containers - Docker and Kubernetes
- Mobile - Android and iOS testing
- Vulnerability Explain - deep dives with payloads and tools
- Secure Code Explain - fix vulnerabilities in code
- Web Application Security Checklist - 100+ test cases
- AWS Cloud Security Checklist
- OWASP Top 10 for LLM Applications
- Penetration Testing Tricks
| Cert | Guide |
|---|---|
| CEH | CEH.md |
| CISSP | CISSP.md |
| CompTIA Security+ | CompTIA Security+.md |
| OSCP | OSCP.md |
| OSWE | OSWE.md |
| OSWP | OSWP.md |
| eJPT | eJPT.md |
| PNPT | PNPT.md |
| CRTP | CRTP.md |
| BTL1 | BTL1.md |
| Platform | Guide |
|---|---|
| Hack The Box | HackTheBox.md |
| TryHackMe | TryHackMe.md |
| pwn.college | pwn.college.md |
| VulHub | VulHub.md |
| Web Security Academy | Web Security Academy.md |
| Root Me | Root Me.md |
| Altoro Mutual | Altoro Mutual.md |
Contributions are welcome. This repo is the source of truth for roadmap content.
- Fork the repo and create a branch
- Add or edit markdown under the right folder (one topic per file, clear headings, practical links)
- Open a pull request with a short description of what you added or fixed
Guidelines
- Keep guides concise and actionable - labs, tools, and further reading where possible
- Match the tone of existing topics (see Linux.md or SQL Injection.md)
- Fix typos and broken links anytime - small PRs are fine
- New topics: pick the closest folder from Content index above
All contributions are reviewed before merge. After merge, updates appear on the live roadmap on the next publish cycle.
Questions? Open a GitHub issue.