Back to BlogsCareer

How to Learn Ethical Hacking in 6 Months — Roadmap 2025

Anuj Singh (Admin) 30 April 2026 1530 views

Zero to Ethical Hacker in 6 Months

Cybersecurity is one of the fastest-growing career fields in the world. India alone needs 1 million+ cybersecurity professionals by 2025, but the talent pool is severely short. This means exceptional opportunities for those who invest in the right skills.

This is the exact roadmap we'd follow if we were starting from scratch today.

Month 1 — Foundations

Week 1-2: Linux Basics

  • Install Kali Linux in VirtualBox
  • Learn terminal commands: ls, cd, mkdir, cp, mv, rm, grep, find, chmod, chown
  • Understand file system structure (/etc, /var, /home, /usr)
  • Learn vi/nano text editors
  • Practice: complete at least 20 Linux exercises

Week 3-4: Networking Basics

  • TCP/IP model and OSI model
  • IP addresses, subnets, CIDR notation
  • Common protocols: HTTP/HTTPS, DNS, FTP, SSH, SMB, SMTP
  • How DNS works (crucial for hacking)
  • Tools: Wireshark, ping, traceroute, netstat, ifconfig

Month 2 — Core Hacking Skills

Week 1-2: Python for Hackers

  • Python basics: variables, loops, functions, file I/O
  • requests library for HTTP interactions
  • socket programming for network tools
  • Build: simple port scanner, banner grabber

Week 3-4: Nmap & Reconnaissance

  • Master all Nmap scan types
  • Nmap Scripting Engine (NSE)
  • OSINT tools: theHarvester, Maltego, Shodan
  • Subdomain enumeration: subfinder, amass

Month 3 — Web Application Security

  • How HTTP works in depth (requests, responses, cookies, sessions)
  • Burp Suite installation and configuration
  • OWASP Top 10: hands-on labs for each vulnerability
  • SQL Injection (manual + SQLMap)
  • XSS: reflected, stored, DOM-based
  • IDOR, SSRF, XXE, File Upload vulnerabilities
  • Practice platforms: DVWA, WebGoat, Hack The Box Web Challenges

Month 4 — Network Hacking & Exploitation

  • Metasploit Framework: modules, payloads, listeners
  • EternalBlue (MS17-010) exploitation
  • Password cracking: Hashcat, John the Ripper, wordlists
  • Wi-Fi security: WPA2 cracking with Aircrack-ng
  • ARP spoofing and man-in-the-middle attacks
  • Privilege escalation on Linux and Windows

Month 5 — Practice on Real Platforms

  • TryHackMe: Complete beginner paths (free tier available)
  • Hack The Box: Start with Easy machines (Lame, Blue, Legacy)
  • PentesterLab: Web vulnerability exercises
  • Complete at least 10 full CTF (Capture The Flag) challenges
  • Write up solutions — building your portfolio

Month 6 — Bug Bounty or Certification

Option A: Bug Bounty

  • Create HackerOne or Bugcrowd account
  • Start with programs that have broad scope
  • Focus on 2-3 vulnerability types you know well
  • Submit your first P3/P4 finding

Option B: CEH Certification

  • Certified Ethical Hacker (CEH) by EC-Council
  • 125 MCQ exam, 4 hours
  • Covers all major hacking domains
  • India exam fee: approximately ₹25,000

Salary Expectations in India (2025)

RoleExperienceSalary (LPA)
Junior Penetration Tester0-1 year₹3-6 LPA
Security Analyst1-3 years₹6-12 LPA
Penetration Tester3-5 years₹12-25 LPA
Security Architect5+ years₹25-60 LPA
Bug Bounty HunterVariable₹5-100+ LPA

🔥 Start your ethical hacking journey at ONLY4YOU — ₹99/year →

Want to Learn This Practically?

Subscribe to ONLY4YOU and get hands-on access to 40+ premium courses — Ethical Hacking, Kali Linux, Metasploit, Network Hacking, Bug Bounty & more!

Sign Up & SubscribeRead More Blogs

Continue Learning

← All ArticlesBrowse CoursesAbout ONLY4YOU