Penetration Testing Basics Cheat Sheet
Introduces the penetration testing methodology, phases, common toolsets, and reporting practices used in authorized security assessments.
2 PagesBeginnerFeb 20, 2026
Standard Pentest Phases
The typical lifecycle of an authorized penetration test.
- 1. Pre-engagement- Define scope, rules of engagement, and get written authorization
- 2. Reconnaissance- Passive/active info gathering (OSINT, DNS, WHOIS)
- 3. Scanning & enumeration- Identify live hosts, open ports, services, and versions
- 4. Vulnerability analysis- Map discovered services to known CVEs and misconfigurations
- 5. Exploitation- Attempt to gain access using validated vulnerabilities
- 6. Post-exploitation- Privilege escalation, lateral movement, data access proof
- 7. Reporting- Document findings, risk ratings, evidence, and remediation steps
Basic Recon Commands
Common first steps to gather information about a target.
bash
# DNS lookupsdig ANY example.comwhois example.com# Subdomain enumerationsubfinder -d example.com# Quick host/port discoverynmap -sn 192.168.1.0/24 # Ping sweepnmap -sV -sC -p- target.com # Version + default scripts, all ports
Types of Penetration Tests
Different testing approaches based on information provided.
- Black box- Tester has no prior knowledge of the target environment
- White box- Tester has full knowledge (source code, architecture, credentials)
- Gray box- Tester has partial knowledge, simulating an insider or limited-access attacker
- External test- Targets internet-facing assets only
- Internal test- Simulates an attacker already inside the network
Common Toolset by Purpose
Widely used tools organized by pentest activity.
- Reconnaissance- theHarvester, Shodan, Maltego
- Scanning- Nmap, Masscan
- Vulnerability scanning- Nessus, OpenVAS
- Exploitation- Metasploit, sqlmap
- Web app testing- Burp Suite, OWASP ZAP
- Password attacks- Hydra, John the Ripper, Hashcat
Pro Tip
Always get scope and authorization in writing before touching a target — even scanning systems you don't own without permission can violate laws like the CFAA, regardless of intent.
Was this cheat sheet helpful?
Explore Topics
#PenetrationTestingBasics#PenetrationTestingBasicsCheatSheet#Cybersecurity#Beginner#StandardPentestPhases#BasicReconCommands#TypesOfPenetrationTests#CommonToolsetByPurpose#Security#Testing#CheatSheet#SkillVeris