May 24, 2021

External Penetration Testing Methodologie

Hey everyone!


I’m currently conducting some black box external pentesting on real world companies as internship trainee. This is my first experience with that.

Basically what i m doing is the following :

Recon: use some tools (whois, theHarvester, amass, dnsenum, Recon-ng, GHDB…) to gather the maximum informations (subdomaines, login pages that uses http protocole – believe me i already found this one -…).

Scan: i try to scan the subdomaines i found with nmap, find Hidden Directories (GOBuster, Dirbuster). Also run nikto, whatweb and Wpscan incase the website is made with wordpress. Then i run the vulnerability scan Nessus.

Gaining Access: identify the vulnerabilities that are exploitable to provide access to the target (brute force ssh, upload reverseshell…).


Since this is my first experience, and there isnt a senior pentester in the company to ask and exchange with (i’m doing the pentesting and report alone), i would like to ask the pentester guys what techniques/tools should i add to this methodo ? Any guidance/helpful information is really much appreciated.


Thanks for taking the time to read!

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.