Day 1: Pentesting Methodology Overview
Every pentest follows five phases: pre-engagement, recon, scanning, exploitation, and reporting. Skipping any of them produces inconsistent results.
The most common mistake I see from juniors is rushing to exploitation. On a real engagement, 70-80% of your time should be recon and enumeration.
Here is a practical tip -- structure your engagement with logging from minute one:
#!/bin/bash
# Log every action in UTC -- compliance requires it
log_action() {
local phase=$1 action=$2 details=$3
echo "[$(date -u +"%Y-%m-%dT%H:%M:%SZ")] [$phase] [$action] $details" \
>> ./engagement.log
}
log_action "RECON" "DNS" "Queried A records for target.com"
log_action "SCAN" "NMAP" "TCP SYN scan on 192.168.1.0/24 ports 1-1000"
log_action "EXPLOIT" "SQLi" "Confirmed UNION injection on /api/login"
This log format (timestamp, phase, action, details) maps directly to your report timeline. When a client asks "what did you do at 3 AM on Tuesday," you have the answer.
Key takeaway: methodology is not bureaucracy. It is the structure that ensures two testers find the same critical vulnerabilities on the same target.
Next up: setting up a pentesting lab environment.
Top comments (0)