🖊️ Author: Nairuz Abulhul
🌐 Blog: R3dbuck3t
<aside> 💡 An external penetration test is a security assessment that simulates an attack on an organization's systems and defenses from the internet. The assessment goal is to provide the tested organization with a profile of the threat models of potentials attacks that could be carried out against the organization systems and assets.
</aside>
📌 External Assessment Tools Cheatsheet
The planning phase is an essential part of an external pentest assessment, as it sets the stage for the rest of the assessment and helps ensure keeping everything organized. The planning phase includes the following items:
It refers to the systems, networks, and assets included in the pentest assessment. In this step, the pentester would work with the client to define the scope they want to evaluate. The scope usually consists of IP addresses/ranges (CIDR notations), domains, subdomains, vhosts, cloud assets, API endpoints, etc. After the client provides the needed information for the scope, the pentester verifies the scope to ensure the accuracy of the client's information.
Standard tools for verification are:
<aside> 💡 Additional Tools in the External Pentest Cheatsheet [link]
</aside>
RoEs are guidelines that outline acceptable actions and tests during a security assessment. The client should approve the document before the beginning of the assessment.