Penetration Testing Methodology
Hacking is not random button-pressing — professionals follow a repeatable methodology. A clear process keeps your testing thorough, safe, legal, and properly documented. This is the same seven-phase framework we teach in our workshops.
What you'll achieve in this section: a mental model for approaching any target methodically — so the lab you built (Kali + DVWA + Metasploitable) becomes a place to practise a real engagement from start to finish.
Only ever test systems you own or have explicit written permission to test. In the UK, unauthorised access is a criminal offence under the Computer Misuse Act 1990. Your lab exists precisely so you can practise legally.
The seven phases
Every methodology names these phases slightly differently, but the shape is universal: understand the target, find the weaknesses, prove the impact, and help fix it.
Scoping & Engagement
Agree what's in scope, the rules of engagement, timing, and authorisation — in writing. Nothing starts before this.
Reconnaissance
Gather information about the target. Passive recon uses public sources; active recon touches the target directly.
Scanning & Enumeration
Map live hosts, open ports, services, and versions. Tools like Nmap turn a target into a list of attack surfaces.
Exploitation
Use a vulnerability to gain access — a web flaw on DVWA or a vulnerable service on Metasploitable.
Post-Exploitation
Escalate privileges, move laterally, and understand the real impact of the foothold you gained.
Reporting
The most valuable deliverable: clearly document findings, risk, evidence, and reproduction steps for the client.
Remediation & Retest
Support fixes, then retest to confirm the vulnerabilities are genuinely closed.
Red team, blue team, purple team
This methodology is the red team (offensive) perspective. In the real world it works alongside the blue team (defence and monitoring); when the two collaborate closely it's often called a purple team. Understanding both sides makes you a far stronger tester.
| Team | Focus | Example activities |
|---|---|---|
| Red | Offence | Penetration testing, exploitation, social engineering. |
| Blue | Defence | Monitoring, detection, incident response, hardening. |
| Purple | Collaboration | Red and blue working together to improve detections. |
Put it into practice
You now have everything you need to run a full mini-engagement in your own lab:
- Scope: "Test my Metasploitable host on 192.168.56.20."
- Recon & scan it with Nmap from Kali.
- Exploit a service, or attack DVWA.
- Document what you did and how you'd fix it.
This section will grow with deep-dive guides on each phase. Want to be notified — or get help when you're stuck? Join our learning community.