Kali Linux Penetration Testing Cycle
Author : Sefira Karina
There are 10 steps in kali linux penetration testing cycle. The steps can be seen in the picture below.
- Target scoping
In this step, we observe the network condition and determine what to do. What objectives we need to achieve, how long does the test going to take, etc.
- Information Gathering
Gather and learn about the target from public sources, such as Google, Yahoo!, and many more. Information gathering can also be done with footprinting tools.
- Target discovery
in this step, we mostly deal with identifying target’s network status, OS, and network architecture.
- Enumerating target
Find open ports of the target. Once the open ports have been identified, they can be enumerated
for the running services.
- Vulnerability mapping
Identify the weakness of the target based on the disclosed ports and services.
- Social Engineering
Manipulate target into executing malicious code that gives access to the auditor. This step is optional.
- Target exploitation
In this step, we really penetrate into the system. This step focused on target acquisition process that has three core area, includes :
- pre-exploitation
- exploitation
- post-exploitation activities
- privilege escalation
The goal of this step is gaining the highest level access of the target.
- maintaining access
Keeping control of the target for a specified amount of time. Provides a clear view of how attacker maintains access without noisy behavior.
- documentation and reporting
Documenting, reporting, and presenting the vulnerabilities found.
Reference :
BackTrack 4: Assuring Security by Penetration Testing, author: Shakeel Ali, Tedi Heriyanto