Learning Hub / Methodology / Overview

Penetration Testing Methodology

Section 04 Difficulty: Beginner

Hacking is not random button-pressing — professionals follow a repeatable methodology. A clear process keeps your testing thorough, safe, legal, and properly documented. This is the same seven-phase framework we teach in our workshops.

What you'll achieve in this section: a mental model for approaching any target methodically — so the lab you built (Kali + DVWA + Metasploitable) becomes a place to practise a real engagement from start to finish.

Only ever test systems you own or have explicit written permission to test. In the UK, unauthorised access is a criminal offence under the Computer Misuse Act 1990. Your lab exists precisely so you can practise legally.

The seven phases

Every methodology names these phases slightly differently, but the shape is universal: understand the target, find the weaknesses, prove the impact, and help fix it.

1

Scoping & Engagement

Agree what's in scope, the rules of engagement, timing, and authorisation — in writing. Nothing starts before this.

2

Reconnaissance

Gather information about the target. Passive recon uses public sources; active recon touches the target directly.

3

Scanning & Enumeration

Map live hosts, open ports, services, and versions. Tools like Nmap turn a target into a list of attack surfaces.

4

Exploitation

Use a vulnerability to gain access — a web flaw on DVWA or a vulnerable service on Metasploitable.

5

Post-Exploitation

Escalate privileges, move laterally, and understand the real impact of the foothold you gained.

6

Reporting

The most valuable deliverable: clearly document findings, risk, evidence, and reproduction steps for the client.

7

Remediation & Retest

Support fixes, then retest to confirm the vulnerabilities are genuinely closed.

Diagram of the seven phases of penetration testing arranged as a cycle from scoping through to remediation and retest
Figure 1. The seven-phase methodology as a repeatable cycle.

Red team, blue team, purple team

This methodology is the red team (offensive) perspective. In the real world it works alongside the blue team (defence and monitoring); when the two collaborate closely it's often called a purple team. Understanding both sides makes you a far stronger tester.

TeamFocusExample activities
RedOffencePenetration testing, exploitation, social engineering.
BlueDefenceMonitoring, detection, incident response, hardening.
PurpleCollaborationRed and blue working together to improve detections.

Put it into practice

You now have everything you need to run a full mini-engagement in your own lab:

  1. Scope: "Test my Metasploitable host on 192.168.56.20."
  2. Recon & scan it with Nmap from Kali.
  3. Exploit a service, or attack DVWA.
  4. Document what you did and how you'd fix it.

This section will grow with deep-dive guides on each phase. Want to be notified — or get help when you're stuck? Join our learning community.