Pentest Tools

Reading time ~2 minutes


框架 Framework

信息搜集 Reconnaissance

1. OSINT 在线工具

  • Dnstrails - Best for enumerating Subdomains
  • - Various tools [Finding Origin IP behind Cloudflare, and so on) - Recommended
  • Google ASE aka Google Dorking [Most effective in some cases]
  • Pentest-tools [Paid/Rate-Limited]
  • Dnsdumpster [Free]
  • VirusTotal [Free]
  • - Best for enumerating related domains [Free]
  • Dnsgoodies [Free]
  • Shodan [Paid/Rate-limited]
  • Censys [Free mostly]
  • [Free mostly]
  • Spiderfoot [Currently Free, just request for a Spiderfoot instance]
  • Zoomeye [Free mostly and works well]
  • Binaryedge [Paid/Rate-Limited]
  • [Free mostly]

入口突破 Entry

1. 钓鱼 Phishing

2. 硬件交互设备 HID Attack

3. 无线入侵 Wireless Attack

漏洞利用 Exploit

漏洞利用 XXE

权限提升 Privilege Escalation

持久化后门 Persistent

后渗透、据点挖掘 Post Exploitation

1. Windows

2. Linux

凭据窃取 Credentials

横向移动 Letaral Movement

绕过检测 Defense Evasion


数据外传 Data Exfiltration

杂项 Misc

法律法规 Laws

1. 美国信息泄露通知法

入侵检测 Detection

中间人 MITM



逆向 Reverse

字典 Wordlist