The form of penetration test that you’ll conduct depends on the needs of your client. In
this part of the book, you’ll learn about the different kinds of “pen tests”.
Black Box Tests
In a black box test, you don’t have any information regarding your target. Your first task is
to research about your client’s network. Your client will define the results they need, but
they won’t give you other pieces of data.
Black box tests offer the following advantages:
The tester will start from scratch. Thus, he will act like a malicious hacker who
wants to access a network.
The tester will have higher chances of detecting conflicts in the network.
The tester doesn’t need to be an expert programmer. Unlike other types of pen tests,
black box tests don’t rely on ready-made scripts.
The disadvantages of black box tests are:
It can be time-consuming.
It is extremely complex. The tester needs to spend time and effort in designing and
launching an attack.
White Box Tests
These tests are detailed and comprehensive, since the hacker has access to all the
information related to his target. For example, the hacker can use the IP addresses and
source codes of a network as basis for his attack.
This form of test relies heavily on codes and programming skills.
The main advantages of white box testing are:
It makes sure that each module path is working properly.
It makes sure that each logical decision is verified and comes with the right
It allows the hacker to detect errors in scripts.
It helps the hacker in identifying design flaws that result from conflicts between the
target’s logical flow and actual implementation.
Gray Box Tests
Here, the hacker has access to some information regarding his target. You may think of a
gray box test as a combination of black box and white box tests.
The hacker can perform the test even without using the network’s source code.
Thus, the penetration test is objective and non-intrusive.
There will be minimal connection between the tester and the developer.
The client doesn’t need to supply every piece of information to the tester. Sharing
private or sensitive information with an outsider is extremely risky, especially if
that third-party is skilled in attacking networks.
Different Facets of a Penetration Test
You can divide a penetration test into three facets, namely:
This facet focuses on the physical attributes of your target. The main goal of this facet is to
identify vulnerabilities, determine risks, and ensure the security of a network. As the
hacker, you should search for flaws in the design, operation, or implementation of the
network you’re dealing with. You will probably hack modems, computers, and access
devices in this part of the attack.
In this facet, you will concentrate on the target’s logical structure. It simulates hacking
attacks to verify the effectiveness of the network’s existing defenses. Application
penetration usually requires hackers to test the firewall and/or monitoring mechanisms of
System Workflows or Responses
This facet focuses on how the organization’s workflows and responses will change during
an attack. It also involves the relationship of end-users with their computers. During this,
the penetration tester will know whether the members of the network can prevent
Manual and Automated Tests
Penetration testers divide tests into two categories: manual and automated. Manual tests
rely on the skills of a white hat hacker. The tester has complete control over the process. If
he makes a mistake, the entire penetration test can prove to be useless. Automated tests,
on the other hand, don’t need human intervention. Once the test runs, the computer will
take care of everything: from selecting targets to recording the results.
In this part of the book, you’ll learn important information regarding these types of tests.
You need to master this concept if you’re serious about hacking. With this knowledge, you
can easily determine the type of test that must be used in any situation.
Manual Penetration Tests
You will run manual tests most of the time. Here, you will use your tools, skills, and
knowledge to find the weaknesses of a network.
Manual tests involve the following steps:
Research – This step has a huge influence over the entire process. If you have a lot
of information about your target, attacking it will be easy. You can conduct research
using the internet. For example, you may look for specific information manually or
run your hacking tools.
Kali Linux has a wide of range of tools that you can use in this “reconnaissance” phase.
With Kali’s built-in programs, you can easily collect data about your targets (e.g.
hardware, software, database, plugins, etc.).
Assessment of Weaknesses – Analyze the information you collected and identify
the potential weaknesses of the target. Your knowledge and experience will help
you in this task. Obviously, you need to work on the obvious weaknesses first.
That’s because these weaknesses attract black hat hackers.
Exploitation – Now that you know the specific weaknesses of your target, you must
perform an attack. You will “exploit” a weakness by attacking it with a hacking
Preparation and Submission of Output – Record all the information you gathered
during the test. Arrange the data so that your clients can easily determine the next
steps. Make sure that your report is clearly explained. Don’t use jargon.
White hat hackers divide manual penetration tests into the following categories:
Comprehensive Tests – This kind of test covers an entire network. A
comprehensive test aims to determine the connections between the parts of a target.
However, comprehensive tests are time-consuming and situational.
Focused Tests – Tests that belong to this category concentrate on a specific risk or
vulnerability. Here, the hacker will use his skills in pinpointing and exploiting
certain vulnerabilities in a network.
Automated Penetration Tests
Automated tests are easy, fast, reliable and efficient. You can get detailed reports just by
pressing a single button. The program will take care of everything on your behalf. In
general, the programs used in this test are newbie-friendly. They don’t require special
skills or knowledge. If you can read and use a mouse, you’re good to go.
The most popular programs for automated tests are Metasploit, Nessus, and OpenVAs.
Metasploit is a hacking framework that can launch attacks against any operating system.
Hackers consider Metasploit as their primary weapon.
A computer system or network usually consists of multiple devices. Most of these devices
play an important role in keeping the system/network stable and effective. If one of these
devices malfunctions, the entire system or network might suffer. That is the reason why
penetration testers must attack the infrastructure of their targets.