Discovery: The Penetrator performs information discovery via a wide range of techniques—that is, whois databases, scan utilities, Google data, and more—in order to gain as much information about the target system as possible. These discoveries often reveal sensitive information that can be used to perform specific attacks on a given machine.
Enumeration: Once the specific networks and systems are identified through discovery, it is important to gain as much information possible about each system. The difference between enumeration and discovery depends on the state of intrusion. Enumeration is all about actively trying to obtain usernames as well as software and hardware device version information.
Vulnerability Identification: The vulnerability identification step is a very important phase in penetration testing. This allows the user to determine the weaknesses of the target system and where to launch the attacks.
Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.
Denial of Service: A DOS (Denial of Service) test can be performed to test the stability of production systems in order to show if they can be crashed or not. When performing a penetration test of a preproduction system, it is important to test its stability and how easily can it be crashed. By doing this, its stability will be ensured once it is deployed into a real environment.
It is important to perform DOS testing to ensure the safeness of certain systems. If an attacker takes down your system during busy or peak hours, both you and your customer can incur a significant financial loss.
Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. The reports come in different formats such as html, pdf, and xml. Furthermore, all the reports are open to be modified as of the user’s choice.