Pen. Testing
Content
General Penetration Testing Framework
>Target Scoping
>Information Gathering
>Target Discovery
>Enumerating Target
>Vulnerability Mapping
>Social Engineering
>Target Explotation
>Privilege Escalation
>Maintaining Access
>Documentation and Reporting
Target Scoping
It helps in defining clear objectives towards any kind of secuirty assessment.
It helps to draw a practical road map of
what will be tested,
how it will be tested,
what resources will be allocated,
what limitations will be applied,
what buissness objectives will be acheved, and
how the test project will be planned and scheduled.
Gathering Client Requirements
>>Preparing the test plan
>>Profiling test boundaries
>>Defining buissness Objectives
>>Project Management and Scheduling
Information Gathering Phase
In this phase we try to collect as much information as we can about the target,
for example, information about DNS hostnames, IP addresses, technologies and con
figuration used, username's organization, documents, application code, password
reset information, contact information and so on.
Information Gathering can be categorized in two ways on the method used:
Active information Gathering
In this process we collect information by introducing network traffic to
the target network.
Passive Inofrmation Gathering
In passive information gathering method we gather information about the
target network by utilizing a third party's services like Google Search Engine.
Using Public Resources for Information Gathering
On the internet, there are several public resources that can be used to collect
information regarding a traget domain. The benefit of using these resources is t
hat your network traffic is not sent to the target domain directly, so our activ
ities are not recorded in the target domain logfiles.
www.archive.org
This contains an archive of websites.
www.domaintools.com
This contanins domain name intelligence.
alexa.com
This contains the database of information about websites.
http://serverniff.net
This is the free Swiss Army Knife for networking server checks and routing
http://Centralps.net
This contains free online netwrk utilities such as domain, e-mail,browser, poing
, traceroute, and Whois
WWW.robtex.com
This allows you to search for domain and network information.
WWW.pipl.com
This allows you to search for people on Internet by their names , city, state an
d country
Yoname.com
This allows you to search for people across social networking sites and blogs.
tineye.com
This is a reverse image search engine.We can use it to find out where the image
came from howit is being used whether modified version of the image exist or to
find higher resolution versions.
Quering the domain registration information
After you know the target domain name, the first thing you would want to do is q
uery whois database about that domain to look for the domain registtration infor
mation. The Whois database will give information about the DNS server and the co
ntact information of a domain.
Whois is a protocol for searching internet registrations, database for registred
domain names, IPs and autonomous systems.
By default, Kali Linux already comes with a whois client. To find out the Whois
information for a domain. just type the following command
###########whois example.com
Analyxing the
>Target Scoping
>Information Gathering
>Target Discovery
>Enumerating Target
>Vulnerability Mapping
>Social Engineering
>Target Explotation
>Privilege Escalation
>Maintaining Access
>Documentation and Reporting
Target Scoping
It helps in defining clear objectives towards any kind of secuirty assessment.
It helps to draw a practical road map of
what will be tested,
how it will be tested,
what resources will be allocated,
what limitations will be applied,
what buissness objectives will be acheved, and
how the test project will be planned and scheduled.
Gathering Client Requirements
>>Preparing the test plan
>>Profiling test boundaries
>>Defining buissness Objectives
>>Project Management and Scheduling
Information Gathering Phase
In this phase we try to collect as much information as we can about the target,
for example, information about DNS hostnames, IP addresses, technologies and con
figuration used, username's organization, documents, application code, password
reset information, contact information and so on.
Information Gathering can be categorized in two ways on the method used:
Active information Gathering
In this process we collect information by introducing network traffic to
the target network.
Passive Inofrmation Gathering
In passive information gathering method we gather information about the
target network by utilizing a third party's services like Google Search Engine.
Using Public Resources for Information Gathering
On the internet, there are several public resources that can be used to collect
information regarding a traget domain. The benefit of using these resources is t
hat your network traffic is not sent to the target domain directly, so our activ
ities are not recorded in the target domain logfiles.
www.archive.org
This contains an archive of websites.
www.domaintools.com
This contanins domain name intelligence.
alexa.com
This contains the database of information about websites.
http://serverniff.net
This is the free Swiss Army Knife for networking server checks and routing
http://Centralps.net
This contains free online netwrk utilities such as domain, e-mail,browser, poing
, traceroute, and Whois
WWW.robtex.com
This allows you to search for domain and network information.
WWW.pipl.com
This allows you to search for people on Internet by their names , city, state an
d country
Yoname.com
This allows you to search for people across social networking sites and blogs.
tineye.com
This is a reverse image search engine.We can use it to find out where the image
came from howit is being used whether modified version of the image exist or to
find higher resolution versions.
Quering the domain registration information
After you know the target domain name, the first thing you would want to do is q
uery whois database about that domain to look for the domain registtration infor
mation. The Whois database will give information about the DNS server and the co
ntact information of a domain.
Whois is a protocol for searching internet registrations, database for registred
domain names, IPs and autonomous systems.
By default, Kali Linux already comes with a whois client. To find out the Whois
information for a domain. just type the following command
###########whois example.com
Analyxing the
