تشغيل أي مهارة في Manus بنقرة واحدة

ابدأ الآن

pentest-network

Network penetration testing — service enumeration, vulnerability scanning, credential auditing, Active Directory

تشغيل في Manus

نظرة عامة

Network penetration testing — service enumeration, vulnerability scanning, credential auditing, Active Directory

أمر التثبيت

npx skills add https://github.com/TheophilusChinomona/athena-pentest --skill pentest-network

انسخ والصق هذا الأمر في Claude Code لتثبيت المهارة

المصدر

TheophilusChinomona/athena-pentest

النجوم٠

التفرعات٠

آخر تحديث٣٠ أبريل ٢٠٢٦ في ٠٣:٥٤

SKILL.md

readonly

name	pentest_network
description	Network penetration testing — service enumeration, vulnerability scanning, credential auditing, Active Directory
triggers	["network pentest","network scan","port scan","service enum","smb","active directory"]

Network Penetration Testing Skill

Test network infrastructure for misconfigurations, weak credentials, and known vulnerabilities.

Prerequisites

Open ports/services from recon phase (nmap results)
Target IPs/hosts
Explicit authorization confirmation before active testing

Phase 1: Service Enumeration

1.1 Deep Service Scanning

nmap -sV -sC -p {ports} --script=default,vuln,discovery -oA /tmp/nmap-scripts {host}

1.2 SMB Enumeration (Windows)

nmap -p 139,445 --script smb-enum-shares,smb-enum-users,smb-vuln* -oA /tmp/nmap-smb {host}

enum4linux-ng -A {host} -oY /tmp/enum4linux-{host}.yaml

netexec smb {host} --shares
netexec smb {host} --users
netexec smb {host} --sessions
netexec smb {host} --pass-pol

# Null session check
smbclient -L //{host} -N

1.3 Other Services

# SNMP
nmap -p 161 --script snmp-info,snmp-interfaces,snmp-processes {host}

# LDAP
nmap -p 389,636 --script ldap-search {host}

# FTP anonymous
nmap -p 21 --script ftp-anon {host}

# SSH algo enum
nmap -p 22 --script ssh2-enum-algos,ssh-auth-methods {host}

Phase 2: Vulnerability Scanning

2.1 Nuclei (Network Templates)

nuclei -l /tmp/live-hosts.txt -t network/ -t ssl/ -t default-logins/ \
  -severity critical,high,medium -o /tmp/nuclei-network.txt

2.2 SSL/TLS Testing

nmap --script ssl-enum-ciphers -p 443 {host}

Phase 3: Credential Auditing (CONFIRMATION REQUIRED)

3.1 Brute Force

Wait for explicit user authorization before running.

# SSH
hydra -l {user} -P /usr/share/wordlists/SecLists/Passwords/Common-Credentials/top-100.txt \
  ssh://{host} -t 4 -o /tmp/hydra-ssh.txt

# FTP
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  ftp://{host} -t 4

# HTTP POST form
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  {host} http-post-form "/login:user=^USER^&pass=^PASS^:Invalid" -t 4

# SMB
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  smb://{host} -t 4

3.2 Hash Cracking

If hashes obtained during engagement:

john --format=... hashfile.txt
hashcat -m ... hashfile.txt /usr/share/wordlists/top-100-passwords.txt

Phase 4: Active Directory (if applicable)

4.1 Enumeration (with credentials)

netexec ldap {dc_ip} -u {user} -p {pass} --bloodhound
netexec ldap {dc_ip} -u {user} -p {pass} -M get-desc-users

# Impacket
GetADUsers.py {domain}/{user}:{pass}@{dc_ip}
secretsdump.py {domain}/{user}:{pass}@{host}

4.2 Lateral Movement (EXPLICIT CONFIRMATION REQUIRED)

Only test within authorized scope.

Output Files

/tmp/nmap-scripts.nmap
/tmp/nmap-smb.nmap
/tmp/enum4linux-*.yaml
/tmp/nuclei-network.txt
/tmp/hydra-*.txt
/tmp/network-findings.md

Safety

Rate limit credential attacks (hydra -t 4 max)
Never brute force without written authorization
Document account lockout risks
Store cracked credentials securely (encrypt if needed)
Scope: only authorized hosts/ports

المزيد من هذا المستودع

نفس المستودع

pentest-api

TheophilusChinomona/athena-pentest

API security testing — REST, GraphQL, authentication, authorization, rate limiting, business logic

2026-04-300

pentest-orchestrator

TheophilusChinomona/athena-pentest

Master pentest orchestration — full pipeline from target to report with confirmation gates

2026-04-300

pentest-recon

TheophilusChinomona/athena-pentest

Comprehensive reconnaissance — passive OSINT, subdomain enumeration, port scanning, technology fingerprinting

2026-04-300

pentest-report

TheophilusChinomona/athena-pentest

Generate professional penetration testing reports from findings

2026-04-300

pentest-web

TheophilusChinomona/athena-pentest

Web application penetration testing — XSS, SQLi, CSRF, SSRF, command injection, file upload, WAF bypass

2026-04-300

pentest-code

TheophilusChinomona/athena-pentest

Code security testing — SAST, SCA, secret detection, container scanning, IaC analysis

2026-04-200

المصدر

TheophilusChinomona

TheophilusChinomona/athena-pentest

فتح مستودع GitHub عرض مستودعات المنشئ

أمر التثبيت

تنزيل

تشغيل في Manus

مفيد لـSOC

محللو أمن المعلوماتمهن الحاسوب والرياضيات15-1212L4

name	pentest_network
description	Network penetration testing — service enumeration, vulnerability scanning, credential auditing, Active Directory
triggers	["network pentest","network scan","port scan","service enum","smb","active directory"]

Network Penetration Testing Skill

Test network infrastructure for misconfigurations, weak credentials, and known vulnerabilities.

Prerequisites

Open ports/services from recon phase (nmap results)
Target IPs/hosts
Explicit authorization confirmation before active testing

Phase 1: Service Enumeration

1.1 Deep Service Scanning

nmap -sV -sC -p {ports} --script=default,vuln,discovery -oA /tmp/nmap-scripts {host}

1.2 SMB Enumeration (Windows)

nmap -p 139,445 --script smb-enum-shares,smb-enum-users,smb-vuln* -oA /tmp/nmap-smb {host}

enum4linux-ng -A {host} -oY /tmp/enum4linux-{host}.yaml

netexec smb {host} --shares
netexec smb {host} --users
netexec smb {host} --sessions
netexec smb {host} --pass-pol

# Null session check
smbclient -L //{host} -N

1.3 Other Services

# SNMP
nmap -p 161 --script snmp-info,snmp-interfaces,snmp-processes {host}

# LDAP
nmap -p 389,636 --script ldap-search {host}

# FTP anonymous
nmap -p 21 --script ftp-anon {host}

# SSH algo enum
nmap -p 22 --script ssh2-enum-algos,ssh-auth-methods {host}

Phase 2: Vulnerability Scanning

2.1 Nuclei (Network Templates)

nuclei -l /tmp/live-hosts.txt -t network/ -t ssl/ -t default-logins/ \
  -severity critical,high,medium -o /tmp/nuclei-network.txt

2.2 SSL/TLS Testing

nmap --script ssl-enum-ciphers -p 443 {host}

Phase 3: Credential Auditing (CONFIRMATION REQUIRED)

3.1 Brute Force

Wait for explicit user authorization before running.

# SSH
hydra -l {user} -P /usr/share/wordlists/SecLists/Passwords/Common-Credentials/top-100.txt \
  ssh://{host} -t 4 -o /tmp/hydra-ssh.txt

# FTP
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  ftp://{host} -t 4

# HTTP POST form
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  {host} http-post-form "/login:user=^USER^&pass=^PASS^:Invalid" -t 4

# SMB
hydra -l {user} -P /usr/share/wordlists/top-100-passwords.txt \
  smb://{host} -t 4

3.2 Hash Cracking

If hashes obtained during engagement:

john --format=... hashfile.txt
hashcat -m ... hashfile.txt /usr/share/wordlists/top-100-passwords.txt

Phase 4: Active Directory (if applicable)

4.1 Enumeration (with credentials)

netexec ldap {dc_ip} -u {user} -p {pass} --bloodhound
netexec ldap {dc_ip} -u {user} -p {pass} -M get-desc-users

# Impacket
GetADUsers.py {domain}/{user}:{pass}@{dc_ip}
secretsdump.py {domain}/{user}:{pass}@{host}

4.2 Lateral Movement (EXPLICIT CONFIRMATION REQUIRED)

Only test within authorized scope.

Output Files

/tmp/nmap-scripts.nmap
/tmp/nmap-smb.nmap
/tmp/enum4linux-*.yaml
/tmp/nuclei-network.txt
/tmp/hydra-*.txt
/tmp/network-findings.md

Safety

Rate limit credential attacks (hydra -t 4 max)
Never brute force without written authorization
Document account lockout risks
Store cracked credentials securely (encrypt if needed)
Scope: only authorized hosts/ports