The Backbone of IT Infrastructure Security

A penetration test commonly know as ethical hacking or a pen test, is an authorized simulated cyber attack on a particular computer system to evaluate the security of the system.

Penetration testing involves 6 basic phases.


The act of gathering important information on a target system. This information can be used to better attack the target. For example, open source search engines can be used to find data that can be used in a social engineering attack


Uses technical tools to further the attacker’s knowledge of the system. For example, Nmap can be used to scan for open ports

Gaining Access

Using the data gathered in the reconnaissance and scanning phases, the attacker can use a payload to exploit the targeted system. For example, Metasploit can be used to automate attacks on known vulnerabilities

Maintaining Access

Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible

Covering Tracks

The attacker must clear any trace of compromising the victim system, any type of data gathered, log events, in order to remain anonymous


Compilation of test results in a meaningful reports and recommendations to secure IT infra

Work Flow of Penetration Test

Pen test is carried out in proper flow to find out maximum loopholes and reconfirm same result through different test tools

External Test

1. Website Test
2. External Network Test

Internal Test

1. Network Sniffing
2. Port Scanning & Vulnerability Assessment
3. Social Engineering test
4. Wireless test

Common Tools useful for Penetration Testing

Testing tools are the basis of any such tests, hacker or technology professional use various tools to check systems on various fronts


Script Discovery


The Harvester

Burp Suit