Internal Pentest CheatSheet

Identify used internal networks ranges

nmap 10.0.0.0/8
nmap 172.16.0.0/12
nmap 192.168.0.0/16

Identify hosts

arp-scan -l
netdiscover

Identify Breached Credntials

# https://github.com/hmaverickadams/breach-parse
bash breach-parse.sh @company.com company.com "BreachCompilation/"

Port 139, 445 - SMB

# Nmap SMB scripts scan
sudo nmap -sS  192.168.0.0/24 --script "smb*" -p445

# MS17-010 SMB RCE Detection
auxiliary/scanner/smb/smb_ms17_010

Port 22 - SSH

# Brute Force
hydra -l root -P unix_passwords.txt ssh://192.168.0.1:22 -t 10
auxiliary/scanner/ssh/ssh_login
PreviousBash Scripting

Last updated