whatisgithub

What is intranet_penetration_tips?

ridter/intranet_penetration_tips — explained in plain English

Analysis updated 2026-05-18

4,606Audience · developerComplexity · 4/5Setup · hard

In one sentence

A Chinese-language reference collection for security professionals testing corporate networks, covering the full intranet penetration cycle from external recon through privilege escalation and trace cleanup.

Mindmap

mindmap
  root((Intranet Pen Tips))
    External Recon
      OSINT tools
      Subdomain enum
      Leaked credentials
    Initial Access
      Weak passwords
      Web app attacks
      Wi-Fi entry
    Internal Recon
      Port scanning
      User enumeration
      Network mapping
    Active Directory
      Kerberos attacks
      Hash extraction
      Domain persistence
    Privilege Escalation
      UAC bypass
      Linux kernel exploits
    Trace Cleanup
      Log clearing
      Backdoor removal
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Test a corporate network systematically to find how far an attacker could get after initial access

USE CASE 2

Build a checklist of Active Directory attack paths during an authorized red team engagement

USE CASE 3

Look up specific Windows persistence techniques when conducting a security audit

USE CASE 4

Extract password hashes from a compromised machine and identify weak credential policies

What is it built with?

WindowsLinuxPowerShellPythonMetasploit

How does it compare?

ridter/intranet_penetration_tipsjlcodes99/vscode-antigravity-cockpitmapsme/omim
Stars4,6064,6064,606
LanguageTypeScriptC++
Setup difficultyhardeasyhard
Complexity4/52/55/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Each technique requires a controlled test environment and legal authorization, no single install step covers everything.

So what is it?

This is a Chinese-language resource collection for security professionals who test corporate networks for weaknesses. Assembled in early 2018 by a contributor known as Evi1cg, and expanded over time with community input, it covers the full sequence of steps involved in what the security community calls intranet penetration: probing from the outside, getting in, moving around inside, and removing traces afterward. The collection starts with external information gathering. This means finding company email addresses, subdomain names, leaked credentials, and other details publicly visible online before touching the target network. It then covers ways to gain initial access, including exploiting weak passwords, attacking web applications, and connecting via wireless networks. Much of this section is a curated list of named tools with direct links to their repositories. Once inside a network, the guide covers how to stay hidden. This includes setting up communication channels that look like normal web traffic, routing connections through proxies, and bouncing traffic through multiple machines. A large section then goes deep into gathering information about the internal network itself: listing users, checking which services are running, scanning for open ports, and building a map of how machines are connected. A substantial portion is dedicated to Windows domain environments, which most corporate networks use. Techniques here include attacking Kerberos authentication (the ticket system Windows uses to prove identity), extracting password hashes stored in memory, taking over domain controllers, and setting up ways to maintain access that survive reboots. Both Windows and Linux are covered, with separate sections on backdoors, scheduled tasks, and registry modifications. The final sections address privilege escalation (getting higher-level access than you started with), spreading to additional machines, and removing traces of your activity. The content is organized as a structured list of tools, commands, and brief notes. It reads as a practical working reference for authorized security testers rather than a beginner tutorial. Most content is in Chinese, though many linked tools have English documentation.

Copy-paste prompts

Prompt 1
I have access to a Windows machine inside a corporate network. Give me PowerShell commands to enumerate domain users, find the domain controller, and identify service accounts.
Prompt 2
Show me step-by-step how Kerberos Golden Ticket attacks work and what defenses can detect them.
Prompt 3
I need to set up a SOCKS proxy tunnel from a compromised machine through a firewall to reach internal services. What tools should I use?
Prompt 4
What are the most reliable methods for maintaining persistent access on a Windows server after gaining admin privileges?
Prompt 5
Give me a checklist of log files to clear on Windows and Linux after a penetration test to remove evidence of access.

Frequently asked questions

What is intranet_penetration_tips?

A Chinese-language reference collection for security professionals testing corporate networks, covering the full intranet penetration cycle from external recon through privilege escalation and trace cleanup.

How hard is intranet_penetration_tips to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is intranet_penetration_tips for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.