100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Penetration Testing Basics Cheat Sheet

Penetration Testing Basics Cheat Sheet

Introduces the penetration testing methodology, phases, common toolsets, and reporting practices used in authorized security assessments.

2 PagesBeginnerFeb 20, 2026

Standard Pentest Phases

The typical lifecycle of an authorized penetration test.

  • 1. Pre-engagement- Define scope, rules of engagement, and get written authorization
  • 2. Reconnaissance- Passive/active info gathering (OSINT, DNS, WHOIS)
  • 3. Scanning & enumeration- Identify live hosts, open ports, services, and versions
  • 4. Vulnerability analysis- Map discovered services to known CVEs and misconfigurations
  • 5. Exploitation- Attempt to gain access using validated vulnerabilities
  • 6. Post-exploitation- Privilege escalation, lateral movement, data access proof
  • 7. Reporting- Document findings, risk ratings, evidence, and remediation steps

Basic Recon Commands

Common first steps to gather information about a target.

bash
# DNS lookupsdig ANY example.comwhois example.com# Subdomain enumerationsubfinder -d example.com# Quick host/port discoverynmap -sn 192.168.1.0/24        # Ping sweepnmap -sV -sC -p- target.com    # Version + default scripts, all ports

Types of Penetration Tests

Different testing approaches based on information provided.

  • Black box- Tester has no prior knowledge of the target environment
  • White box- Tester has full knowledge (source code, architecture, credentials)
  • Gray box- Tester has partial knowledge, simulating an insider or limited-access attacker
  • External test- Targets internet-facing assets only
  • Internal test- Simulates an attacker already inside the network

Common Toolset by Purpose

Widely used tools organized by pentest activity.

  • Reconnaissance- theHarvester, Shodan, Maltego
  • Scanning- Nmap, Masscan
  • Vulnerability scanning- Nessus, OpenVAS
  • Exploitation- Metasploit, sqlmap
  • Web app testing- Burp Suite, OWASP ZAP
  • Password attacks- Hydra, John the Ripper, Hashcat
Pro Tip

Always get scope and authorization in writing before touching a target — even scanning systems you don't own without permission can violate laws like the CFAA, regardless of intent.

Was this cheat sheet helpful?

Explore Topics

#PenetrationTestingBasics#PenetrationTestingBasicsCheatSheet#Cybersecurity#Beginner#StandardPentestPhases#BasicReconCommands#TypesOfPenetrationTests#CommonToolsetByPurpose#Security#Testing#CheatSheet#SkillVeris