Ethical Hacking Course Roadmap

Phase 1: Basics & Fundamentals

Introduction to Ethical Hacking
Networks & Protocols (TCP/IP, DNS, HTTP, FTP)
Linux & Windows Basics
Lab Setup: Kali Linux, Metasploitable, DVWA
Tools: Wireshark, Nmap, VirtualBox
Phase 2: Intermediate Hacking Techniques
Footprinting & Recon (OSINT, WHOIS, Shodan)
Scanning & Enumeration (Nmap, Netcat, SMB)
Vulnerability Analysis (Nessus, OpenVAS)
Password Attacks (John the Ripper, Hydra)
Social Engineering (Phishing, SET Toolkit)
Phase 3: Advanced Exploitation
Web Hacking (OWASP Top 10, Burp Suite)
Wireless Attacks (WEP/WPA2, Aircrack-ng)
Post-Exploitation (Meterpreter, Persistence)
Buffer Overflows & Exploit Writing
Phase 4: Certification & Practice
CEH, eJPT, OSCP, PNPT, Security+
Practice Labs: TryHackMe, Hack The Box, VulnHub
Tools: Burp Suite, SQLMap, Metasploit
90-Day Learning Plan (Sample)
Days 130: Networking, Linux, Lab Setup
Days 3160: Scanning, Attacks, TryHackMe Paths
Ethical Hacking Course Roadmap
Days 6190: Web Attacks, Burp Suite, Bug Bounty Practice
Specialization Paths
1. Penetration Testing (Red Team)
2. Blue Team (SOC Analyst, SIEM)
3. Bug Bounty Hunting
4. Malware Analysis & RE
5. Cloud Security (AWS, Azure)
Ethical Hacking Course Roadmap
Phase 1: Basics & Fundamentals
Introduction to Ethical Hacking
Networks & Protocols (TCP/IP, DNS, HTTP, FTP)
Linux & Windows Basics
Lab Setup: Kali Linux, Metasploitable, DVWA
Tools: Wireshark, Nmap, VirtualBox
Phase 2: Intermediate Hacking Techniques
Footprinting & Recon (OSINT, WHOIS, Shodan)
Scanning & Enumeration (Nmap, Netcat, SMB)
Vulnerability Analysis (Nessus, OpenVAS)
Password Attacks (John the Ripper, Hydra)
Social Engineering (Phishing, SET Toolkit)
Phase 3: Advanced Exploitation
Web Hacking (OWASP Top 10, Burp Suite)
Wireless Attacks (WEP/WPA2, Aircrack-ng)
Post-Exploitation (Meterpreter, Persistence)
Buffer Overflows & Exploit Writing
Phase 4: Certification & Practice
CEH, eJPT, OSCP, PNPT, Security+
Practice Labs: TryHackMe, Hack The Box, VulnHub
Tools: Burp Suite, SQLMap, Metasploit
90-Day Learning Plan (Sample)
Days 130: Networking, Linux, Lab Setup
Days 3160: Scanning, Attacks, TryHackMe Paths
Ethical Hacking Course Roadmap
Days 6190: Web Attacks, Burp Suite, Bug Bounty Practice
Specialization Paths
1. Penetration Testing (Red Team)
2. Blue Team (SOC Analyst, SIEM)
3. Bug Bounty Hunting
4. Malware Analysis & RE
5. Cloud Security (AWS, Azure)

Ethical Hacking Master Checklist

Essential Tools to Learn
- Nmap: Network scanning
- Wireshark: Packet analysis
- Burp Suite: Web vulnerability testing
- Metasploit: Exploitation framework
- Hydra: Brute force attacks
- SQLMap: SQL injection automation
- John the Ripper / Hashcat: Password cracking
- Nikto / Gobuster: Web directory scanning
Mindset & Soft Skills
- Analytical thinking: Trace logical paths
- Problem solving: Practice via CTFs
- Creativity: Think outside the box
- Patience & curiosity: Real-world hacks take time
Free Learning Platforms
- TryHackMe: Interactive labs
- Hack The Box: Real-world challenges
- OverTheWire: Linux/network basics
- Cyberseek.org: Career roadmap
- PentesterLab: Web security exercises
Certification Path (Progressive Levels)
Beginner:
- Google Cybersecurity Certificate
- CompTIA Security+
Intermediate:
Ethical Hacking Master Checklist
- eJPT (INE/OffSec)
- CEH (Certified Ethical Hacker)
Advanced:
- OSCP (Offensive Security)
- PNPT, CRTO, OSEP, OSWE
Optional Learning Areas
- Cloud Security (AWS, Azure, GCP)
- Mobile Hacking (Android/iOS)
- Reverse Engineering (Malware/Binary)
- Red Team vs Blue Team (Offensive/Defensive roles)
Prerequisites for Ethical Hacking
1. Basic Computer Knowledge
Understanding file systems and OS (especially Windows and Linux). Be
comfortable using a computer,
installing software, and exploring file paths.
2. Networking Fundamentals
Learn about IP addresses, MAC addresses, DNS, TCP/IP model, common ports
(80, 443, 22), and network
devices (router, switch). Tools: Wireshark, ping, traceroute.
3. Linux & Command Line Skills
Most ethical hacking tools are Linux-based. Practice commands like cd, ls,
ifconfig, netstat, chmod, grep, ssh.
Use Kali Linux or Ubuntu.
4. Understanding Programming (Basic)
Python is the most useful for automation and scripts. JavaScript is key for web
hacking. Learn Bash for shell
scripting. Optional: C/C++ for low-level exploits.
5. Virtualization Knowledge
Install and manage virtual machines using VirtualBox or VMware. Set up Kali
Linux, Metasploitable, DVWA in
a safe lab environment.
6. Cybersecurity Mindset
Be curious, persistent, and think like a hacker. Start solving CTFs and challenges
on platforms like
TryHackMe, Hack The Box, or OverTheWire.

Top 10 Programming Languages in 2025

1. Python
Best For: AI, Data Science, Web, Automation
Why: Easy syntax, massive libraries, widely used in academia and industry.
2. JavaScript
Best For: Web Development (Frontend + Backend)
Why: Powers most websites; used with frameworks like React, Vue, Node.js.
3. Java
Best For: Android Apps, Enterprise Systems
Why: Platform-independent, highly stable, used by big corporations.
4. C/C++
Best For: System Software, Game Dev, OS
Why: Extremely fast and powerful, used for performance-critical systems.
5. Go (Golang)
Best For: Cloud Systems, Microservices
Why: Simple, fast, excellent concurrency, built by Google.
6. Rust
Best For: Systems Programming, WebAssembly
Why: Memory-safe, fast, popular among developers replacing C++.
7. TypeScript
Best For: Large Web Applications
Why: JavaScript with type safety; scales better in teams/projects.
Top 10 Programming Languages in 2025
8. SQL
Best For: Databases, Data Analysis
Why: Essential for querying relational databases.
9. Kotlin
Best For: Android App Development
Why: Google-preferred over Java, concise syntax.
10. Shell/Bash
Best For: Scripting, Automation, DevOps
Why: Key for Linux environments, ethical hacking, and automation.