pentest-network-internal
Pentest Network Internal
Purpose
Simulate an internal attacker to identify weak credentials, misconfigured services, and Active Directory paths to high-value assets.
Core Workflow
- Network Discovery: Map the internal network, live hosts, and open ports using
nmapandmasscan. - Service Enumeration: Identify running services, versions, and potential entry points (SMB, RDP, SSH, etc.).
- Vulnerability Scanning: Check for known service vulnerabilities (e.g., EternalBlue, ZeroLogon) using
nucleiandnmap-scripts. - Credential Auditing: Test weak passwords and default credentials using
hydraandnetexec(CrackMapExec). - Active Directory Enum: Map AD trust relationships, users, and groups using
bloodhoundandldapdomaindump. - Lateral Movement: Simulate movement between hosts using valid credentials or exploits.
References
references/tools.mdreferences/workflows.md
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
84pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
56pentest-ctf-binary
Binary exploitation (Pwn) and reverse engineering tools for CTF challenges and software analysis.
49pentest-whitebox-code-review
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
45pentest-race-conditions
Concurrency exploitation — race conditions, TOCTOU vulnerabilities, and parallel request abuse in web applications.
42pentest-ctf-forensics
Digital forensics, steganography, and packet analysis for CTF challenges and investigation.
37