Penetration Testing
5 min read Quiz at the end
Pentest phases: recon, scanning, exploitation, reporting — nmap, Burp Suite, SQLMap, Nuclei.
Penetration Testing Methodology
# Pentest phases (ethical hacking)
# 1. Reconnaissance -- gather info without touching target
nmap -sn 192.168.1.0/24 # host discovery
nmap -sV -sC -p 80,443,8080 target # service detection
whois target.com
dig target.com ANY
subfinder -d target.com # subdomain enumeration
# 2. Scanning and Enumeration
nmap -A -p- target.com # full port scan
dirsearch -u https://target.com # directory brute force
nuclei -u https://target.com # CVE/template scanning
# 3. Exploitation (authorised only!)
sqlmap -u 'https://target.com/search?q=1' --level=3
hydra -l admin -P wordlist.txt target.com http-post-form
# 4. Post-exploitation and Reporting
# Document: vulnerability, evidence, severity, remediation
# Bug bounty platforms
# HackerOne, Bugcrowd, Intigriti
# Common tools
# Burp Suite -- web app proxy (essential for web testing)
# Metasploit -- exploitation framework
# Nessus -- vulnerability scanner
# Kali Linux -- pentesting OS with all tools