Welches Tool wann?
| Phase | Tool |
|---|---|
| Subdomains finden | crt.sh, amass, subfinder |
| Port‑Scan | nmap, masscan |
| Web‑Vuln‑Scan | Nuclei, Nikto |
| Web‑Manuell | Burp Suite, OWASP ZAP |
| Verzeichnisse Brute‑Force | ffuf, dirsearch |
| SQL Injection | SQLmap |
| Active Directory | BloodHound, CrackMapExec |
| PrivEsc Linux | linPEAS |
| PrivEsc Windows | winPEAS, PowerUp |
| Passwort‑Cracking | Hashcat, John |
| Metasploit Modul | Exploitation, Payloads |
Zurück zu Technik