I’m currently conducting some black box external pentesting on real world companies as internship trainee. This is my first experience with that.
Basically what i m doing is the following :
Recon: use some tools (whois, theHarvester, amass, dnsenum, Recon-ng, GHDB…) to gather the maximum informations (subdomaines, login pages that uses http protocole – believe me i already found this one -…).
Scan: i try to scan the subdomaines i found with nmap, find Hidden Directories (GOBuster, Dirbuster). Also run nikto, whatweb and Wpscan incase the website is made with wordpress. Then i run the vulnerability scan Nessus.
Gaining Access: identify the vulnerabilities that are exploitable to provide access to the target (brute force ssh, upload reverseshell…).
Since this is my first experience, and there isnt a senior pentester in the company to ask and exchange with (i’m doing the pentesting and report alone), i would like to ask the pentester guys what techniques/tools should i add to this methodo ? Any guidance/helpful information is really much appreciated.
Thanks for taking the time to read!