The penetration testing methodology, end to end — authorization and scope, reconnaissance, scanning and enumeration, vulnerability identification, controlled exploitation, privilege escalation, and reporting. Taught to help you test authorized systems and, just as importantly, defend them.
Before you start — authorization is mandatory
Penetration testing without written authorization is a crime. Every technique here is for a signed engagement, an in-scope bug-bounty program, or a lab you own. Build a legal practice lab — Kali Linux plus a deliberately-vulnerable target like Metasploitable or a HackTheBox / TryHackMe VM — and test only there.
Authorization, Ethics & Methodology
A pentest without written authorization is a crime, not a test. Start with scope and rules of engagement, understand the phases, and build a legal lab to practice in.
Reconnaissance
Every test starts by learning about the target — mostly from public sources that touch nothing. Passive recon maps the attack surface before a single packet is sent.
Scanning & Enumeration
Now you touch the target: find live hosts, open ports, and the exact services behind them. nmap is the workhorse — the map of what can be attacked (and defended).
Vulnerability Identification
Turn "what’s running" into "what’s weak." Match service versions to known vulnerabilities, use a scanner to cast a wide net, and separate real risk from noise.
Controlled Exploitation
Exploitation proves a vulnerability is real, safely and within scope. Use a framework against a lab target to demonstrate impact — the goal is evidence, not damage.
Post-Exploitation & Privilege Escalation
A foothold is rarely the goal — attackers escalate to full control. Understand how privilege escalation works so you can demonstrate impact and, more importantly, prevent it.
Reporting & Remediation
The report is the product of a pentest — findings are worthless if they can’t be understood and fixed. Write for two audiences, rate risk clearly, and drive remediation.