01 - Pre-Foothold Operations
#Overview
Pre-foothold work turns an approved scope into a defensible attack-surface map before any attempt to gain access. This module is an operational hub: it provides repeatable workspace conventions and paste-ready discovery scripts, then links into the deeper reconnaissance, enumeration, vulnerability-assessment, and exploitation references.
#Workflow
Rules of engagement
|
v
Normalize scope --> passive asset discovery --> DNS resolution
| |
v v
Network discovery --> TCP/UDP scanning --> service fingerprinting
| |
+--> web surface mapping +--> printer assessment
|
+--> wireless survey / 802.1X inventory
|
v
Evidence normalization --> vulnerability assessment --> operator-selected validation
TEXT
#Pages
| Page | Purpose |
|---|---|
| Scope and Workspace | Scope files, exclusions, output layout, logging, rate limits, and evidence handling |
| External Asset Discovery | Amass, Subfinder, certificate transparency, permutations, DNS resolution, takeover screening, and HTTP probing |
| Network and Service Scanning | Host discovery, TCP/UDP scans, service detection, NSE validation, and XML parsing |
| Web Surface Discovery | Virtual hosts, crawling, directories, TLS, screenshots, and technology inventory |
| Printer Discovery and Assessment | SNMP, IPP, PJL, SMB printing, web consoles, firmware evidence, and non-destructive checks |
| Wireless and 802.1X Assessment | Passive Wi-Fi survey, WPA/WPA2 evidence, WPS, PMKID review, rogue AP analysis, and enterprise EAP inventory |
| Windows Discovery with PowerShell | Native Windows network, DNS, HTTP, printer, and wireless discovery |
#Guardrails Used by Every Script
- Scope is supplied explicitly; no script invents adjacent targets.
- Output is written below a timestamped engagement directory.
- Missing tools are reported and skipped instead of being installed automatically.
- Active checks use bounded rates and conservative timeouts.
- Destructive, disruptive, credential-spraying, persistence, and payload actions are excluded.
- Raw evidence is preserved beside normalized summaries.