This content originally appeared on DEV Community and was authored by CRUD5th-273-
Penetration testing — or pentesting — is not just an ethical hack.
It’s a structured simulation of real-world attacks, conducted to uncover vulnerabilities before adversaries do.
This post outlines the lifecycle of a typical pentest engagement, along with tools and tactics at each stage.
1. Reconnaissance (Passive & Active)
Objective: Gather intel without alerting the target.
- Passive: WHOIS, DNS records, public repos, social profiles
- Active: Port scanning, service enumeration
Tools:
whois example.com
nmap -sV -p- target.ip
2. Scanning & Enumeration
Map the attack surface and identify open services, software versions, and potential misconfigurations.
nmap -A -T4 target.ip
nikto -h http://target
3. Exploitation
Leverage known vulnerabilities to gain access.
Targets can include web apps, network services, weak credentials, or outdated software.
Example: CVE exploitation via Metasploit
msfconsole
use exploit/windows/smb/ms17_010_eternalblue
Or custom scripts for targeted payloads.
4. Privilege Escalation
Once inside, escalate to root or admin to access sensitive data or full control.
- Check for misconfigured sudoers
- Inspect running services
- Scan for known kernel exploits
Toolkits:
- LinPEAS
- winPEAS
- GTFOBins
5. Persistence & Lateral Movement
Simulate real-world adversaries by maintaining access and pivoting across systems.
- Add new users, cronjobs
- SSH keys
- Tunneling via SSH or reverse shells
6. Reporting
Deliver a clear, actionable, and technically precise report.
Sections:
- Executive summary
- Vulnerability breakdown (CVSS)
- Proof-of-concept evidence
- Mitigation strategies
Final Thoughts
Pentesting is a blend of engineering, psychology, and discipline.
It’s not about chaos — it’s about clarity.
Know your tools, document your steps, and always respect the scope.
In future posts, we’ll deep-dive into each stage with real-world examples and lab exercises.
This content originally appeared on DEV Community and was authored by CRUD5th-273-