Home/Roadmaps/Ethical Hacker & Penetration Tester
🔓

Ethical Hacker & Penetration Tester Roadmap

Master ethical hacking and penetration testing. Cybersecurity is one of the fastest-growing fields in India, with a shortage of 7 lakh+ professionals. Bug bounties alone can pay Rs 10+ LPA.

5-8 months4-8 LPA → 25-50 LPA expected7 steps • 25 free resources
1

Linux & Networking Essentials

3-4 weeks

Hackers live in the terminal. Master Linux commands, networking fundamentals, TCP/IP, and how the internet works under the hood.

By the end, you'll be able to

  • Navigate Linux command line confidently
  • Understand TCP/IP, DNS, HTTP, and network protocols
  • Use networking tools: nmap, netcat, Wireshark
🛠️

Mini-project

Set up a Kali Linux VM. Use Wireshark to capture and analyze traffic from 5 different protocols. Map a network with nmap.

Recommended Resources

PayloadsAllTheThings - Pentest Cheatsheet

GitHub Community

free

Awesome Hacking - Ethical Hacking Resources

Awesome Hacking / GitHub

free

Metasploit Unleashed - Free Course

Offensive Security

free

Offensive Security Proving Grounds Play

Offensive Security

free
2

Web Application Hacking

4-5 weeks

Web apps are the #1 target. Learn OWASP Top 10, SQL injection, XSS, CSRF, authentication bypasses, and how to find bugs in web apps.

By the end, you'll be able to

  • Exploit OWASP Top 10 vulnerabilities
  • Find SQL injection, XSS, and CSRF bugs
  • Use tools: Burp Suite, OWASP ZAP
🛠️

Mini-project

Complete 20 challenges on PortSwigger Web Security Academy. Find 5 bugs in DVWA and write reports.

Recommended Resources

CompTIA Network+ N10-009 Training - Professor Messer

Professor Messer (YouTube)

free

Have I Been Pwned - Data Breach Checker

Troy Hunt

free

Darknet Diaries - Cybersecurity Podcast

Jack Rhysider

free

OWASP Top 10 - Web Security Risks

OWASP

free
3

Network Penetration Testing

3-4 weeks

Attack networks like a pro. Learn scanning, enumeration, exploitation, privilege escalation, and lateral movement.

By the end, you'll be able to

  • Perform network scanning and enumeration
  • Exploit vulnerable services with Metasploit
  • Escalate privileges on Linux and Windows
🛠️

Mini-project

Complete 10 HTB (HackTheBox) machines: easy to medium. Document each with a professional pentest report.

Recommended Resources

CompTIA Network+ N10-009 Training - Professor Messer

Professor Messer (YouTube)

free

Have I Been Pwned - Data Breach Checker

Troy Hunt

free

Darknet Diaries - Cybersecurity Podcast

Jack Rhysider

free

OWASP Top 10 - Web Security Risks

OWASP

free
4

System Hacking & Post-Exploitation

2-3 weeks

What happens after you get in. Learn privilege escalation, persistence, data exfiltration, and covering tracks.

By the end, you'll be able to

  • Escalate privileges on Windows and Linux
  • Maintain persistence and move laterally
  • Write professional penetration test reports
🛠️

Mini-project

Complete a full pentest on a lab network: recon, scanning, exploitation, post-exploitation, and a detailed report.

Recommended Resources

Aprenda como os Hackers agem jogando Street Hacker no PC

Udemy

free

Hands-on Hacking

Packt

free

Exploitation and Penetration Testing with Metasploit

IBM

free
5

Bug Bounty Hunting

3-4 weeks

Earn money finding bugs. Learn bug bounty methodology, scope management, and how to write reports that get accepted and paid.

By the end, you'll be able to

  • Understand bug bounty programs and scope
  • Find real vulnerabilities in production apps
  • Write reports that maximize payout
🛠️

Mini-project

Sign up for HackerOne and Bugcrowd. Hunt on 5 programs. Submit at least 3 valid vulnerability reports.

Recommended Resources

HackerOne Hacker101 - Free Web Security Training

HackerOne

free

Hacker101 Video Course

HackerOne

free

Bugcrowd University - Free Training

Bugcrowd

free
6

Mobile & API Hacking

2-3 weeks

Expand your skillset to mobile apps and APIs. Learn Android/iOS app analysis, API testing, and mobile-specific vulnerabilities.

By the end, you'll be able to

  • Decompile and analyze Android apps
  • Test APIs for authentication and authorization flaws
  • Find mobile-specific vulnerabilities
🛠️

Mini-project

Analyze 5 Android apps for security issues: decompile, find hardcoded secrets, test API endpoints.

Recommended Resources

Introduction to Application Security (AppSec)

Udemy

free

Advanced Penetration Techniques

Packt

free

Cyber Security: Mobile Security

Macquarie University (via Coursera)

free
7

CEH / OSCP Certification

4-6 weeks

CEH opens doors in corporate India. OSCP proves real skills. Prepare for one (or both) to fast-track your security career.

By the end, you'll be able to

  • Pass CEH or OSCP certification
  • Solve all OSCP-like boxes in practice labs
  • Build a security portfolio and blog
🛠️

Mini-project

Complete 30 HTB machines. Take CEH/OSCP practice exams. Write 10 security blog posts. Apply to security roles.

Recommended Resources

Metasploit Unleashed - Free Course

Offensive Security

free

Offensive Security Proving Grounds Play

Offensive Security

free

Exploit Database

Offensive Security

free

Offensive Security Blog

Offensive Security

free
🎉

Pick the path that fits you

Not sure if this is the right roadmap? Browse all our career paths and find the one that matches your goals.

Explore Other Roadmaps