How to Organize Your Tools by Pentest Stages
In this tut i will give you steps for hacking ... steps how hacking work and how to find everything about victim .. in every steps i have mention soft which we need to used in kali linux ... you can learn about their work from this website or from other....
I like to organize tools based on the phases of a pentest. Then, in each directory, I will symlink to the tool itself (if it's a tool I don't use often), unless I built the tool from source in that directory. With tools installed via Homebrew or from a .pkg, it can help to maintain a copy of the readme file in the directory with the tool named something like $toolname.readme. This will help with more obscure tools, and it can also help by giving you a place to note things about the tool.
Phase 1: Reconnaissance
This is the information gathering stage, and can be either active or passive. The whole purpose of this phase is to learn—the more information you can gather on a target before the actual attack, the better.Don't Miss:
Advanced Nmap for Reconnaissance
- What is the target?
- How do they operate?
- What IP ranges do they have allocated?
- What do they do for mail?
- What do their DNS records show?
- What subdomains do they have?
- What's going on in their company?
- Who works there?
- How do they assign login names?
- What's their password policy?
- What do their networks look like?
- Are any of the people who work there vulnerable to social engineering?
- What are there valuable assets?
- Where do they store valuable assets?
- theHarvester
- birdwatcher
- Nmap
Phase 2: Scanning & Enumeration
If we did Phase 1 properly, we should have a wealth of information, IP addresses, employee names and e-mail addresses, etc. The next phase is to begin scanning.Not all of the information gathered will be fruitful, so we have to narrow down and hone into certain targets. We examine perimeter and internal network devices looking for weaknesses, and learn more about the systems they have in place, as well as the services those systems are running. We see what ports are open, look for firewalls, locate vulnerabilities, and detect operating systems.
- Nmap
- Nikto
- WPScan
Phase 3: Gaining Access
In this phase, we put the previous steps' information to use. We will have lots of data on our targets and some ideas on which hosts we'll be focusing on. We've researched out-of-date services and checked for vulnerabilities. We might launch a social engineering campaign and target some known vulnerable services on a host.- THC Hydra
- Nmap
- Armitage
- Metasploit
- SET (Social Engineering Toolkit)
Phase 4: Maintaining Access
Once we've compromised something, we want to maintain access to gather even more information. Stealth will play a roll here since we don't want to be discovered acting on the target host(s). This phase involves privilege escalation, RATs (remote access tools), root kits, etc. The goal is to be able to access the system whenever we want.- Metasploit
- Shellter
- Webshells