Pentest Basics
Legal Notice: Only perform penetration testing on systems you own or have explicit written authorization to test. Unauthorized testing is illegal in most jurisdictions.
Penetration Testing Phases
| Phase | Activities | Key Tools |
|---|---|---|
| 1. Planning & Scoping | Define scope, rules of engagement, authorization | Written agreement, scope document |
| 2. Reconnaissance | OSINT, DNS enumeration, port scanning | Shodan, theHarvester, whois, nmap |
| 3. Scanning & Enumeration | Vulnerability scanning, service detection | Nmap, Nikto, Nessus, OpenVAS |
| 4. Exploitation | Exploiting vulnerabilities to gain access | Metasploit, Burp Suite, SQLmap |
| 5. Post-Exploitation | Privilege escalation, lateral movement, persistence | Mimikatz, PowerSploit, Cobalt Strike |
| 6. Reporting | Document findings, risk ratings, remediation | CVSS scoring, Dradis, custom templates |
Nmap Common Commands
# Quick scan (top 100 ports)
nmap -F target.com
# Full port scan
nmap -p- target.com
# Service/version detection
nmap -sV -p 80,443,22 target.com
# OS detection (requires root)
nmap -O target.com
# Aggressive scan (OS + version + scripts)
nmap -A target.com
# Scan subnet
nmap 192.168.1.0/24
# Output to file
nmap -oN output.txt target.com
Web Application Testing Checklist
| Category | Tests |
|---|---|
| Authentication | Default creds, brute force, MFA bypass, password reset flaws |
| Authorization | IDOR, privilege escalation, horizontal/vertical access control |
| Input Handling | SQLi, XSS, XXE, SSTI, command injection |
| Session Management | Token prediction, fixation, CSRF, insecure cookies |
| Business Logic | Price manipulation, quantity bypass, workflow flaws |
| API Security | Mass assignment, rate limiting, endpoint exposure |
CVSS Severity Ratings
| Score | Severity | Action |
|---|---|---|
| 9.0โ10.0 | Critical | Patch immediately |
| 7.0โ8.9 | High | Patch within 30 days |
| 4.0โ6.9 | Medium | Patch within 90 days |
| 0.1โ3.9 | Low | Patch in next release |
| 0.0 | None | Informational |