✒️
Pentesting Cheatsheet
  • Introduction
  • Basics
  • Information Gathering | OSINT
  • Penetration Testing
    • Scanning and Enumeration
    • HTTP and HTTPS
    • SMB | Windows Domain Enumeration
    • NFS
    • SMTP
    • Reverse Shells
    • Buffer Overflow | Buf Exploitation
    • Linux Privilege Escalation
    • Miscellaneous
    • Redis
  • Active Directory
    • AD Extras
    • Attack Vectors
    • Post Compromise Enumeration
    • Post Compromise Attacks
  • Pivoting
  • Windows Privesc
    • Window Tools/Resources
    • Meterpreter Privesc
    • Powershell Scripting
  • Vulnhub/ PG/ THM/ HTB
  • Apache Log4j
  • Linux Forensics Cheatsheet
Powered by GitBook
On this page
  • What is a Penetration Test?
  • Penetration Test Methodology

Was this helpful?

Penetration Testing

PreviousInformation Gathering | OSINTNextScanning and Enumeration

Last updated 3 years ago

Was this helpful?

What is a Penetration Test?

A penetration test consists in testing the security of an information system by carrying out attacks in order to identify system vulnerabilities and to recommend security corrections. Penetration testing and vulnerability testing differ in their objectives. Vulnerability testing relies on automatic scanners to quickly identify the most common vulnerabilities. Penetration testing goes further. In particular, it includes the search for logical flaws, which cannot be detected by automatic tools, and a phase of manual exploitation of the identified vulnerabilities. It is a more comprehensive and proven security audit method, which enables to measure the real impact of any type of flaw.

A penetration test can include black box, grey box or white box tests. Black-box tests target the attack surface available to any external attacker, while grey-box tests target areas accessible only to customers, partners or employees of an organisation. As for the white box audit, it allows to analyze the security level by having the same level of access as a system administrator (server, application…).

The deliverable handed out following a penetration test is a security audit report that presents the identified vulnerabilities, classified by criticality level, as well as technical suggestions for remediation. In addition to the report, a non-technical summary can also be delivered, for presentation to the management committee or partners.

Penetration Test Methodology

A penetration test is based on a four-phase methodology, which is a cyclic process: Recon, Mapping, Discovery, Exploitation.

Recon

The recon phase consists in searching for open-source information on the target of the security audit. All information potentially useful for an attacker is collected, for example: IP addresses, domain and sub-domain names, types and versions of technologies used, technical information shared on forums or social networks, data leaks…

Mapping

The mapping phase allows listing all functionalities of the audit target. This step enables pentesters to have a better visibility on the most critical and exposed elements. This step is particularly essential when the objective of the security audit is to conduct tests on all the functionalities of a target.

Discovery

The discovery phase is an attack phase: pentesters look for vulnerabilities through manual searches complemented by automated tools. The objective is to discover as many vulnerabilities as possible on the target.

Exploitation

The exploitation phase consists in testing possible exploitations of the flaws identified in the previous phase. This step allows using certain flaws as “pivots”, in order to discover new vulnerabilities. The exploitation of security vulnerabilities allows evaluating their real impact and thus their criticality level.

Penetration Testing Tools Cheat Sheet
Logo