Skip to content
High level overview of GoVanguard's blackbox network penetration testing methodology (PTES based)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Blackbox Network Penetration Testing Process (PTES Based)


Find vulnerabilities and attack vectors, exploit them and develop a thoughtful retrospective with compelling evidence.

Causes of vulnerabilities:

– Design and development errors – Poor system configuration – Human errors (specific or architectural)

High Level Process:

  • Organization Profiling
    • Creating profiled passwords
    • Understanding organization relationships
    • User information
    • Looking for past breaches and compromised passwords
  • Data Collection
    • Ports, services, operating systems
    • URL fuzzing and crawling
    • DNS maps
  • Automated Vulnerability Analysis
    • OpenVAS system scanning & report generation
    • OWASP ZAP and Nikto web application scanning & report generation
    • Metasploit Framework
  • Manual Vulnerability Analysis
    • Analyzing returned custom errors
    • Analyzing web schemas
    • Google dorking
  • Automated Exploitation
    • CVE exploitation
  • Manual Exploitation
    • Creating maliciously crafted packets and responses
    • Profiled password brute-forcing
  • Data Rollup and Data Point Correlation
    • Reporting prep
    • Custom and Deep Manual Exploits
  • Report Delivery
    • List of systems, scopes, vulnerabilities, successful attacks/breaches, remediation recommendation

Engineering Process: (DRAFT v2)

MS1 (Day 1-3)

Organization Profiling
  • DNS Scanning
Email Address Scanning

Password Profiling

  • Based on intelligence gathered from Maltego CE, mostly emails and names
DNS/IP Dorking
SSL/TLS Analysis
  • tlssled
  • sslscan for quick scan (this is also called from tlssled)
  • (requires host to have a domain name)
User Breach Lookup
  • Hacked-DB Script (available on GVIT github)
  • Dropbox Hack Search
User Password Lookup
  • Using password DB on Christian's workstation and penbox03
  • Dropbox Hack Search (Grab SHA1 Hash and decipher with HashCat)
Vulnerability Scanning

MS2 (Day 3-5)

MS3 (Day 5-8)

  • Create Maltego Maps (company intelligence & systems topology)
  • Screenshot Data Roll Up
  • Exploit Data Roll Up
  • MS4 (Day 8-12)
  • Generate Dradis Report
  • Word Document Customizations
    • Add in any additional screenshots and scale & crop as necessary
    • Check for proper language usage (Third-Person-Formal & Past Tense)
    • Look for and correct any non-sequiturs
    • Check for soft returns, spacing and correct font (Lato)
    • Ensure issue titles are all using Title Case
    • Ensure all fields contain proper entries (No n/a or empty fields)
    • Simplify summary, insight and mitigation fields wherever possible
    • Format tables, lists or other data collections in clean easy to read tables with alternating colors
    • Insert page breaks where needed to ensure good flow of report
    • Check “Affected Hosts” for duplicates and trailing commas
    • Insert comments for any incomplete items
  • Proof Read and Review
You can’t perform that action at this time.