infrastructure
Infrastructure
Test network infrastructure for vulnerabilities including network services, protocols, and perimeter security.
Techniques
| Type | Key Vectors |
|---|---|
| Port Scanning | SYN scan, UDP scan, service detection, OS fingerprinting |
| DNS | Zone transfers, cache poisoning, subdomain takeover, DNS rebinding |
| MITM | ARP spoofing, DNS spoofing, SSL stripping, LLMNR/NBT-NS poisoning |
| VLAN Hopping | Switch spoofing, double tagging |
| IPv6 | RA flooding, neighbor spoofing, tunneling attacks |
| SMB/NetBIOS | Null sessions, relay attacks, enumeration |
| Sniffing | Packet capture, credential harvesting, protocol analysis |
| DoS | Resource exhaustion, amplification, application-layer |
| ICS/SCADA | Modbus TCP, PLC exploitation, coil/register manipulation, session hijacking |
| UPnP / IoT / CPE | rootDesc/SCPD enumeration, vendor SOAP info disclosure (GetPassword), command injection via vendor actions, cross-action auth-key reuse |
| Hardware / Embedded | Logic captures (Saleae .sal), CAN/UART decoding, side-channel password recovery, legacy CPU errata, i386 tools via docker |
Workflow
- Network discovery and topology mapping
- Port scanning and service enumeration
- Protocol-specific vulnerability testing
- Network attack execution (authorized scope only)
- Evidence capture with packet captures and logs
Reference
Quickstart guides (per attack type):
reference/port-scanning-quickstart.md- Port scanning and service discoveryreference/dns-quickstart.md- DNS attacks and enumerationreference/mitm-quickstart.md- Man-in-the-middle attacksreference/vlan-hopping-quickstart.md- VLAN hopping techniquesreference/ipv6-quickstart.md- IPv6 attack vectorsreference/smb-netbios-quickstart.md- SMB/NetBIOS exploitationreference/sniffing-quickstart.md- Network sniffing and capturereference/dos-quickstart.md- DoS assessmentreference/ics-modbus-quickstart.md- ICS/SCADA Modbus PLC exploitationreference/upnp-iot-quickstart.md- UPnP / IoT / CPE firmware web UI enumeration and exploitationreference/hardware-embedded-quickstart.md- Logic captures, CAN/UART decoding, side-channel char-by-char recovery, legacy CPU bugs (6502), i386 tooling on ARM macOS
Scan techniques: reference/syn-scan.md, reference/udp-scan.md, reference/icmp-scan.md, reference/os-fingerprint.md
Other: reference/firewall-detection.md, reference/service-enum.md, reference/ip-reputation.md, reference/overview.md
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
52reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
42social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
40ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
39osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
38source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
36