Summary

In this chapter, we focused on all that is necessary to prepare and plan for a successful penetration test. We discussed the differences between penetration testing and vulnerability assessments.

The steps involved with proper scoping were detailed, as were the necessary steps to ensure all information has been gathered prior to testing. One thing to remember is that proper scoping and planning are just as important as ensuring you test against the latest and greatest vulnerabilities.

Last but not least, we discussed three very powerful tools that allow you to perform data collections and that offer reporting features: MagicTree, which is a powerhouse of data collection and analysis; Dradis, which is incredible in its ability to allow centralized data collection and sharing; and KeepNote, which provides us with a note taking capability to support the others.

In the next chapter, we will learn about various reconnaissance techniques and why they are needed. Some of these include effective use of Internet search engines to locate company and employee data, manipulating and reading metadata from various file types, and fully exploiting the power of DNS to make the task of penetration testing easier.