Scanning

This phase is a more direct approach in engaging the actual target. The scanning phase helps the penetration tester identify open and closed ports, active hosts on a network, services running on a system and network, operating system types, and vulnerabilities on systems. During the scanning phase, the information gathered will provide the penetration tester with a topological view of the target's environment.

Here are the objectives of scanning:

  • Checking for live machines
  • Checking for intrusion prevention system (IPS)
  • Checking for Firewalls
  • Checking for open and closed ports
  • Checking for service versions
  • Checking for vulnerabilities
  • Creating a network diagram