Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What are the External Penetration Testing phases and tools used in?

user-image
Question added by Fares Elias Hamad , Managing Director , Cimeras Digital Services
Date Posted: 2017/03/22
Salih Tamim
by Salih Tamim , Special Purpose Intern, IT strategy and governance , Flydubai

Penetration tests are conducted to discover vulnerabilities in the network to efficiently deploy the correct security measures, policies. Trusted individuals usually use the same attacking methods an intruder would use. Pen-tests have to regularly be conducted. External penetration testing is when an organization hires a third party to try to gain access to the network (as an intruder).

 

Phases and tools vary greatly, depending on the desired outcomes. Some typical phases include: 

   -  Reconnaissance : Listing potential vulnerabilities to be tested

  - Scanning: Identify resources, ports, etc. 

  - Access: Gain access to the network (as an intruder) 

  - Maintaining access: Evaluate whether an intruder has enough time to accomplish his/her objectives.

  - Cover: Determine whether an intruder can be traces back

Another informal, more traditional steps:

  - List potential vulnerabilities

  - Categorize and prioritize vulnerabilities

  - Identify resources, personnel, and tools needed 

  - Devise penetration plan/strategy 

  - Perform penetration test

  - Evaluate outcomes 

  - Update and back up system

 

Common Tools used in penetration testing: 

  - Wireshark : Network protocol analyzer. Reads packet information (port, protocols, destination, encryption, etc.) Useful in analyzing flow of traffic. 

  - Nmap: Port scanning. Used to optain information about open ports and to draw a virtual network. 

  - Nessus: Scans potential vulnerabilities in the network. (backdoor, honeypot, etc.)

  - Brutus: Used to crack Telnet and FTP accounts. 

  - SQLMap: Similar to NMAP, but cracks SQL injections.

 

External penetration testing is a security assessment that focuses on the vulnerabilities of an organization's external-facing assets, such as its website, web applications, and email servers. The goal of external penetration testing is to identify and exploit vulnerabilities that could be exploited by attackers to gain access to the organization's network or systems.

The phases of external penetration testing are:

  1. Planning and scoping: This phase involves defining the scope of the test, identifying the assets to be tested, and developing a test plan.
  2. Reconnaissance: This phase involves gathering information about the target assets, such as their IP addresses, web server software, and open ports.
  3. Scanning: This phase uses automated tools to scan the target assets for known vulnerabilities.
  4. Exploitation: This phase attempts to exploit the vulnerabilities identified in the scanning phase.
  5. Post-exploitation: This phase involves gaining access to the target system and assessing the damage that could be done.
  6. Reporting: This phase involves documenting the findings of the penetration test and providing recommendations for remediation.

The tools used in external penetration testing vary depending on the specific assets being tested. However, some common tools include:

  • Nmap: A network scanner that can be used to identify open ports and services.
  • Metasploit: A penetration testing framework that can be used to exploit vulnerabilities.
  • Burp Suite: A web application security testing tool that can be used to scan for vulnerabilities and intercept traffic.
  • OWASP ZAP: Another web application security testing tool that can be used to scan for vulnerabilities and intercept traffic.
  • Wireshark: A network traffic analyzer that can be used to capture and analyze network traffic.

External penetration testing is an important part of any organization's security program. By identifying and fixing vulnerabilities, external penetration testing can help organizations protect themselves from malicious https://www.webcluesinfotech.com/penetration-testing-services you are considering having your organization's external-facing assets assessed by a penetration test, it is important to choose a qualified and experienced Penetration Testing Serivces provider. There are many different penetration testing providers available, so it is important to do your research and select one that is right for your needs. You can also look for  Mobile App Pen Testing and Web app pen Testing.

 

 

Romi Syuhada
by Romi Syuhada , senior security consultant , Xtremax Pte Ltd

Before answering, I will explain my point of view about the external and internal pentest. 

Based on my experience, most of the scope in the pentest project usually is an application, it can be mobile apps, web apps, IP address, API, or thick client apps depending on customer needs.  This scope of the target can be accessible from the internet also otherwise, it is only an internal application that is used by internal teams inside the organization.

If it can be accessible on the internet and pentest is conducted from an internet user perspective we call that it is external pentest. 

Otherwise, if the scope of the target is only accessible internally, and the pentester must be on the internal network (on-site, VPN, etc.) to pentest the target, we call it internal pentest. 

This is my answer based on the meaning of penetration testing.

Phase :

Information Gathering

Vulnerability Scanning

Exploitation (Gaining access etc.)

Privilege Escalation

Post Exploitation (if any)

Documentation and Reporting (Scoring etc.)

 

Tools :

internet: Google Dork, youtube, censys, shodan, Github, Pastebin, LinkedIn etc. any search engine on the internet is your friend, information come from everywhere

scanner : nessus, nikto, w3af, wpscan, joomscan, dropescan, vega scanner,acunetix, burpsuite scanner

exploit : metasploit, sqlmap, burpsuite repeater, any script that is poc of some cve 

privesc : sudo, suid, kernel exploit, missconfig ( if you are allowed to do post exploitation)

document and reporting : it depend of the pentest vendor and the pentester,but usually you will need screen capture application to capture the poc, cvss 3.1 calc to calculate the risk of findings, and the patience.

Sathish Rao
by Sathish Rao , Technical Service Specialist , IBM

The External Penetration testing phases includes:

  • Footprinting

  • Public Information & Information Leakage

  • DNS Analysis & DNS Bruteforcing

  • Port Scanning

  • System Fingerprinting

  • Services Probing

  • Exploit Research

  • Manual Vulnerability Testing and Verification of Identified Vulnerabilities

  • Intrusion Detection/Prevention System Testing

  • Password Service Strength Testing

Tools used for External Penetration Testing includes:

  • Wireshark

  • Nmap Port Scanning

  • Nessus

  • SQLmap

More Questions Like This