Skip to content

Pentest#

The networkscan pentest command provides penetration testing capabilities against network services with a service-first approach.

Usage#

networkscan pentest [service]

Available Services#

SMB#

Perform penetration testing against SMB services including authentication testing, command execution, and enumeration.

Usage#

networkscan pentest smb --targets 192.168.1.100:445 --usernames admin,user --passwords password,123456 --actions auth,command

Available Actions#

  • auth - Credential authentication testing
  • command - Execute commands on successful authentication
  • user_enum - Enumerate users with valid credentials
  • share_enum - Enumerate accessible shares

Key Flags#

  • --targets - Target hosts (required)
  • --usernames / -u - Usernames for authentication
  • --passwords / -p - Passwords for authentication
  • --domain / -d - Domain for authentication (optional, will auto-detect from NTLM)
  • --actions - Actions to perform
  • --execute / -x - Commands to execute on successful auth
  • --timeout - Connection timeout in milliseconds (default: 10000)

SSH#

Perform penetration testing against SSH services.

Usage#

networkscan pentest ssh --targets 192.168.1.100:22 --usernames root,admin --passwords password,123456 --actions auth,command

Available Actions#

  • auth - Credential authentication testing
  • command - Execute commands on successful authentication
  • file_transfer - Upload/download files

Key Flags#

  • --targets - Target hosts (required)
  • --usernames / -u - Usernames for authentication
  • --passwords / -p - Passwords for authentication
  • --key-file - SSH private key file
  • --execute / -x - Commands to execute
  • --upload - Files to upload (local:remote format)
  • --download - Remote files to download

Telnet#

Perform penetration testing against Telnet services.

Usage#

networkscan pentest telnet --targets 192.168.1.100:23 --usernames admin --passwords password --actions auth,command

Available Actions#

  • auth - Credential authentication testing
  • command - Execute commands on successful authentication

Common Options#

All pentest commands support these common options:

  • --username-file - File containing usernames (one per line)
  • --password-file - File containing passwords (one per line)
  • --credentials - Credentials in user:pass format
  • --timeout - Connection timeout in milliseconds (default: 10000)
  • --retries - Number of retry attempts (default: 2)
  • --stop-first-success - Stop after first successful auth
  • --successful-only - Show only successful results
  • --verbose - Verbose output

Examples#

Basic Authentication Testing#

# Test SMB authentication with domain
networkscan pentest smb --targets server.domain.com --usernames admin --passwords Password123 --domain CORP

# Test SSH with key-based auth
networkscan pentest ssh --targets 192.168.1.10 --usernames root --key-file ~/.ssh/id_rsa --actions auth,command --execute "whoami"

# Test Telnet with wordlists
networkscan pentest telnet --targets 192.168.1.20:23 --username-file users.txt --password-file passwords.txt

Advanced Usage#

# SMB with multiple actions
networkscan pentest smb --targets 192.168.1.100 \
  --usernames admin,user --passwords password,123456 \
  --actions auth,user_enum,share_enum \
  --domain-auto-detect

# SSH with command execution
networkscan pentest ssh --targets webserver:22 \
  --usernames deploy --passwords secret123 \
  --actions auth,command \
  --execute "systemctl status nginx" "df -h"