---
name: pentest-network-internal
description: Internal network penetration testing, Active Directory enumeration, and lateral movement simulation.
---

# Pentest Network Internal

## Purpose
Simulate an internal attacker to identify weak credentials, misconfigured services, and Active Directory paths to high-value assets.

## Core Workflow
1. **Network Discovery**: Map the internal network, live hosts, and open ports using `nmap` and `masscan`.
2. **Service Enumeration**: Identify running services, versions, and potential entry points (SMB, RDP, SSH, etc.).
3. **Vulnerability Scanning**: Check for known service vulnerabilities (e.g., EternalBlue, ZeroLogon) using `nuclei` and `nmap-scripts`.
4. **Credential Auditing**: Test weak passwords and default credentials using `hydra` and `netexec` (CrackMapExec).
5. **Active Directory Enum**: Map AD trust relationships, users, and groups using `bloodhound` and `ldapdomaindump`.
6. **Lateral Movement**: Simulate movement between hosts using valid credentials or exploits.

## References
- `references/tools.md`
- `references/workflows.md`