Pentest Tools

Reading time ~1 minute

0 Framework 攻击框架


1 Reconnaissance 信息搜集

OSINT CheckList [Reconnaissance] (Online Tools)

  • Dnstrails - Best for enumerating Subdomains
  • Viewdns.info - Various tools [Finding Origin IP behind Cloudflare, and so on) - Recommended
  • Google ASE aka Google Dorking [Most effective in some cases]
  • Pentest-tools [Paid/Rate-Limited]
  • Dnsdumpster [Free]
  • VirusTotal [Free]
  • Crt.sh - Best for enumerating related domains [Free]
  • Dnsgoodies [Free]
  • Shodan [Paid/Rate-limited]
  • Censys [Free mostly]
  • Fofa.so [Free mostly]
  • Spiderfoot [Currently Free, just request for a Spiderfoot instance]
  • Zoomeye [Free mostly and works well]
  • Binaryedge [Paid/Rate-Limited]
  • onyphe.io [Free mostly]

2 Entry 入口突破

2.1 Phishing


2.2 HID Attack

2.3 Wireless Attack


3 Exploit 漏洞利用


4 Privilege Escalation 权限提升


5 Persistent 持久化后门


6 Post Exploitation 后渗透、据点挖掘

Windows

Linux


7 凭据窃取

8 Letaral Movement 横向移动、内网渗透

9 Defense Evasion 绕过检测


10 C&C


11 Data Exfiltration

12 Misc

13 Laws

美国信息泄露通知法:

14 Detection

15 MITM