killchain-compendium/pentesting.md

# Pentesting
Authorized audit of security systems of computers and networks.
* [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?)
    * Permissions
    * Scope
    * Rules

## Methodology

* Steps
    * Reconnaissance
    * Enumeration/Scanning
    * Gaining Access
    * Privilege Escalation
    * Covering Tracks
    * Reporting

### Reconnaissance
* Duck / SearX / metacrawler / google
* Wikipedia
* [Shodan.io](http://www.shodan.io)
* PeopleFinder.com
* who.is
* sublist3r
* hunter.io
* builtwith.com
* wappalyzer

### Enumeration
* nmap
* nikto
* gobuster
* dirbuster
* metasploit
* enum4linux / linpeas / winpeas / linenum

### Exploitation

### Post Exploitation
* Pivoting
#### Privilege Escalation
* Vertically or horizontally

#### Covering Tracks

#### Reporting
* Includes
    * Vulnerabilities
    * Criticality
    * Description
    * Countermeasures 
    * Finding summary

## Frameworks
* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
* [NIST](https://www.nist.gov/cyberframework)
* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)