Pentest Basics

Legal Notice: Only perform penetration testing on systems you own or have explicit written authorization to test. Unauthorized testing is illegal in most jurisdictions.

Penetration Testing Phases

Phase	Activities	Key Tools
1. Planning & Scoping	Define scope, rules of engagement, authorization	Written agreement, scope document
2. Reconnaissance	OSINT, DNS enumeration, port scanning	Shodan, theHarvester, whois, nmap
3. Scanning & Enumeration	Vulnerability scanning, service detection	Nmap, Nikto, Nessus, OpenVAS
4. Exploitation	Exploiting vulnerabilities to gain access	Metasploit, Burp Suite, SQLmap
5. Post-Exploitation	Privilege escalation, lateral movement, persistence	Mimikatz, PowerSploit, Cobalt Strike
6. Reporting	Document findings, risk ratings, remediation	CVSS scoring, Dradis, custom templates

Nmap Common Commands

# Quick scan (top 100 ports)
nmap -F target.com

# Full port scan
nmap -p- target.com

# Service/version detection
nmap -sV -p 80,443,22 target.com

# OS detection (requires root)
nmap -O target.com

# Aggressive scan (OS + version + scripts)
nmap -A target.com

# Scan subnet
nmap 192.168.1.0/24

# Output to file
nmap -oN output.txt target.com

Web Application Testing Checklist

Category	Tests
Authentication	Default creds, brute force, MFA bypass, password reset flaws
Authorization	IDOR, privilege escalation, horizontal/vertical access control
Input Handling	SQLi, XSS, XXE, SSTI, command injection
Session Management	Token prediction, fixation, CSRF, insecure cookies
Business Logic	Price manipulation, quantity bypass, workflow flaws
API Security	Mass assignment, rate limiting, endpoint exposure

CVSS Severity Ratings

Score	Severity	Action
9.0–10.0	Critical	Patch immediately
7.0–8.9	High	Patch within 30 days
4.0–6.9	Medium	Patch within 90 days
0.1–3.9	Low	Patch in next release
0.0	None	Informational

Pentest Basics

Penetration Testing Phases

Nmap Common Commands

Web Application Testing Checklist

CVSS Severity Ratings

Outils associés