Entre las etapas podemos encontrar las siguientes:

• Network Footprinting (Reconnaissance)
• Authoratitive Bodies
• Internet Search
• Metadata Search
• Social/ Business Networks
• DNS Record Retrieval from publically available servers
• Social Engineering
• Dumpster Diving
• Web Site copy
• Discovery & Probing
• Default Port Lists
• Enumeration tools and techniques
• Active Hosts
• Service Probing
• Banner Grabbing
• ICMP Responses
• Source Port Scans
• Firewall Assessment
• Enumeration
• Fingerprint server/ service
• DNS Enumeration
• Web Directory enumeration
• Vulnerability Assessment
• Method Testing
• Vulnerability Scanners
• Examine configuration files
• Exploit Frameworks
• Privilege Escalation
• Current Level of access
• Access passwords
• SQL injection
• Password cracking
• Bluetooth Specific Testing
• Penetration
• Wireless Penetration
• Physical Security

Entre las herramientas a utilizar:

• Netcraft
• Robtex
• Maltego
• Sam Spade
• Google
• FOCA
• VMWare
• Httcrack
• Nmap
• Netcat
• Amap
• Xprobe2
• Hping
• Unicornscan
• Fping
• Firewalk
• Scanssh
• Hydra
• Brutus
• Firecat
• Httprint
• Nikto
• Dirbuster
• Cadaver
• W3AF
• GrendelScan
• JoomlaScan
• Paros
• WebScarab
• Cain & Abel
• LDAP_Brute.pl
• Repscan
• TSGrinder
• VNCrack
• Ophcrack
• Medusa
• SARA
• Nessus
• Xscan
• Metasploit

Más información / Página Oficial de Penetration Testing Framework >>

Descargar Penetration Testing Framework >>