Penetration Testing Introduction: Complete Guide
Ethical hacking basics. Learn how security professionals find vulnerabilities before attackers do.
🎯 What You'll Learn
- Understand what penetration testing is
- Learn the phases of a pentest
- Know common tools and techniques
- See how it fits in security programs
- Start your pentesting journey
📚 Prerequisites
Before this lesson, you should understand:
Think Like an Attacker
Penetration testing (pentesting) is authorized hacking-simulating real attacks to find vulnerabilities before malicious actors do.
Instead of waiting to be breached, you hire someone to try to breach you first.
The Pentesting Mindset
| Attacker | Defender |
|---|---|
| Needs ONE way in | Must protect EVERYTHING |
| Has unlimited time | Has limited budget |
| Can be creative | Must follow rules |
Pentesters adopt the attacker mindset within ethical boundaries.
Types of Penetration Tests
By Scope
| Type | What’s Tested |
|---|---|
| Network | Infrastructure, servers, devices |
| Web Application | Websites, APIs |
| Mobile | iOS/Android apps |
| Social Engineering | Human vulnerabilities |
| Physical | Building access, hardware |
By Knowledge
| Type | Tester Knowledge |
|---|---|
| Black Box | No prior information |
| Gray Box | Some information (typical user access) |
| White Box | Full information (source code, diagrams) |
The Pentesting Phases
Information gathering → 2. Scanning
Find vulnerabilities → 3. Exploitation
Break in → 4. Post-Exploit
Maintain access → 5. Report
Document findings
Phase 1: Reconnaissance
Gather information before attacking.
Passive Reconnaissance
No direct interaction with target:
# WHOIS lookup
whois example.com
# DNS records
dig example.com ANY
# Search for subdomains
# Google: site:example.com
# Harvesting emails
theHarvester -d example.com -b googleActive Reconnaissance
Direct interaction:
# Port scanning
nmap -sV -sC target.com
# Web technology fingerprinting
whatweb target.comPhase 2: Scanning & Enumeration
Find vulnerabilities to exploit.
Port Scanning
# Quick scan
nmap -F target.com
# Full TCP scan
nmap -p- target.com
# Service version detection
nmap -sV -p 80,443 target.comVulnerability Scanning
# Web vulnerability scanner
nikto -h http://target.com
# Automated scanner
nuclei -u http://target.comPhase 3: Exploitation
Actually break in.
Common Web Attacks
- SQL Injection
- XSS (Cross-Site Scripting)
- Authentication bypass
- File inclusion
Common Network Attacks
- Password attacks
- Exploiting unpatched services
- Man-in-the-middle
Tools
| Tool | Purpose |
|---|---|
| Burp Suite | Web proxy, scanner |
| Metasploit | Exploitation framework |
| SQLMap | Automated SQL injection |
| Hydra | Password cracking |
Phase 4: Post-Exploitation
What can you do once inside?
- Escalate privileges
- Move laterally to other systems
- Access sensitive data
- Plant persistence mechanisms
- Cover tracks
Phase 5: Reporting
A pentest is useless without a good report.
Report Structure
# Executive Summary
Brief overview for leadership
# Scope and Methodology
What was tested, how
# Findings
## Critical
### Finding 1: SQL Injection in Login
- Location: /login endpoint
- Risk: Critical (data breach)
- Evidence: [screenshot]
- Remediation: Use parameterized queries
## High
...
# Remediation Roadmap
Prioritized fix planLegal Considerations
ALWAYS get written authorization.
Without it, you’re committing crimes:
- Computer Fraud and Abuse Act (US)
- Computer Misuse Act (UK)
- Similar laws worldwide
Scope Agreement Must Include
- What systems/networks are in scope
- What methods are allowed
- Testing window (dates/times)
- Point of contact
- Emergency procedures
Practice Exercises
Exercise 1: Recon Practice (Beginner)
Practice passive recon on your own domain or a bug bounty target:
- WHOIS lookup
- DNS enumeration
- Subdomain discovery
Exercise 2: Vulnerable Lab (Intermediate)
Set up a vulnerable practice environment:
- OWASP WebGoat
- DVWA (Damn Vulnerable Web App)
- HackTheBox (online)
Exercise 3: Your First Report (Advanced)
After testing a lab, write a professional pentest report with:
- Executive summary
- Findings with evidence
- Remediation recommendations
Knowledge Check
-
What is penetration testing?
-
What’s the difference between black box and white box testing?
-
Why is written authorization critical?
-
What are the five phases of a pentest?
-
Why is the report important?
Answers
-
Authorized simulation of real attacks to find vulnerabilities before malicious actors do.
-
Black box: No prior knowledge. White box: Full information (source code, architecture).
-
Legal protection. Without authorization, hacking is a crime even with good intentions.
-
Recon, Scanning, Exploitation, Post-Exploitation, Reporting.
-
Findings without remediation are useless. The report communicates risks and fixes to stakeholders.
Summary
| Phase | Goal |
|---|---|
| Recon | Gather information |
| Scanning | Find vulnerabilities |
| Exploitation | Gain access |
| Post-Exploit | Demonstrate impact |
| Reporting | Communicate findings |
What’s Next?
🎯 Continue learning:
- OWASP Top 10 - What to look for
- Network Security - Infrastructure testing
You now know how to think like an ethical hacker. 🎯
Questions about this lesson? Working on related infrastructure?
Let's discuss