Notes

Scanning Penetration Testing Methodology

Step l: Host Discovery
The first step of network penetration testing is to detect live hosts on the target network. You can attempt to detect the live host, i.e., accessible hosts in the target network, using network scanning tools such as Angry IP Scanner, Nmap, Netscan, etc. It is difficult to detect live hosts behind the firewall.

Step 2: Port Scanning
Perform port scanning using tools such as Nmap, Netscan Tools Pro, PRTG Network Monitor, Net Tools, etc. These tools will help you to probe a server or host on the target network for open ports. Open ports are the doorways for attackers to install malware on a system. Therefore, you should check for open ports and close them if not necessary.

Step 3: Banner Grabbing or OS Finger Printing
Perform banner grabbing/OS fingerprinting using tools such as Telnet, Netcraft, ID Serve, Netcat, etc. This determines the operating system running on the target host of a network and its version. Once you know the version and operating system running on the target system, find and exploit the vulnerabilities related to that OS. Try to gain control over the system and
compromise the whole network.

Step 4: Scan for Vulnerabilities
Scan the network for vulnerabilities using network vulnerability scanning tools such as Nessus, GFI LANGuard, SAINT, Core Impact Professional, Ratina CS, MBSA, SARA, etc. These tools help you to find the vulnerabilities present in the target network. In this step, you will able to determine the security weaknesses/loopholes of the target system or network.

Step 5: Draw Network Diagrams
Draw a network diagram of the target organization that helps you to understand the logical connection and path to the target host in the network. The network diagram can be drawn with the help of tools such as LAN surveyor, OpManager, LANState, FriendlyPinger, etc. The network diagrams provide valuable information about the network and its architecture.

Step 6 : Prepare Proxies
Prepare proxies using tools such as Proxifier, SocksChain, SSL Proxy, Proxy+, Gproxy, ProxyFinder, etc. to hide yourself from being caught.

Step 7: Document all Findings
The last but the most important step in scanning penetration testing is preserving all outcomes of tests conducted in previous steps in a document. This document will assist you in finding potential vulnerabilities in your network. Once you determine the potential vulnerabilities, you can plan the counteractions accordingly. Thus, penetration testing helps in assessing your
network before it gets into real trouble that may cause severe loss in terms of value and finance.

The objective of scanning is to discover live systems, active/running ports, the operating systems, and the services running on the network.
Attacker determines the live hosts from a range of IP addresses by sending ICMP ECHO requests to multiple hosts.
Attackers use various scanning techniques to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic.
Banner Grabbing or OS fingerprinting is the method to determine the operating system running on a remote target system.
Drawing target's network diagram gives valuable information about the network and its architecture to an attacker.
HTTP Tunneling technology allows users to perform various Internet tasks despite the restrictions imposed by firewalls.
Proxy is a network computer that can serve as an intermediary for connecting with other computers.
A chain of proxies can be created to evade a traceback to the attacker.