I’m working my way through the PenTesting path on Academy, and I keep running into variations of the same procedure:
Nmap > dns enumeration > vhost enumeration > dir enumeration > etc
Is there a definitive procedure list anywhere online for this kind of thing?
I’m keeping my own .md file of commands I regularly use, but a handy 1 stop shop for all commands would be amazing!
The following steps are used in the pentest process: collecting information, analyzing vulnerabilities, exploiting vulnerabilities, elevating privileges, and eliminating traces. First, information about the target network is collected, then system vulnerabilities are analyzed. After this, opportunities are sought to exploit vulnerabilities in order to gain access to the system or gain privileges. Finally, traces of their activity are eliminated to avoid detection.