Complete pentesting methodology guide: phases, tools per phase and deliverables based on PTES and OWASP.
| Phase | Tools |
|---|---|
| 1. Passive Recon | WHOIS, theHarvester, Shodan, Google Dorks |
| 2. Active Recon | Nmap, Nikto, Gobuster |
| 3. Vulnerability Analysis | Nmap NSE, Searchsploit, OpenVAS |
| 4. Exploitation | Metasploit, SQLMap, Hydra, Burp |
| 5. Post-Exploitation | Meterpreter, Mimikatz, BloodHound |
| 6. Reporting | CVSS scoring, evidences, recommendations |