Tavo-IT Logo
🎯

Penetration Testing Methodologie

Experte25 min Lesezeit📅25. Mai 2025
PentestingOWASPSecurity Assessment

Umfassender Leitfaden für professionelle Penetrationstests nach OWASP und NIST Standards. Von der Planung bis zur Berichterstattung - alle Phasen eines erfolgreichen Pentests.

Inhaltsverzeichnis

1. Penetration Testing Methodik

⚠️ Rechtliche Hinweise

Penetrationstests dürfen nur mit expliziter schriftlicher Genehmigung durchgeführt werden. Unauthorized Testing ist illegal und kann strafrechtliche Konsequenzen haben.

PTES (Penetration Testing Execution Standard)

📋

Pre-Engagement

Scope Definition, Legal Agreements, Rules of Engagement

🕵️

Intelligence Gathering

OSINT, Reconnaissance, Information Collection

🔍

Threat Modeling

Attack Vectors, Asset Valuation, Threat Analysis

Vulnerability Analysis

Scanning, Enumeration, Weakness Identification

💥

Exploitation

Proof of Concept, Access Gaining, Privilege Escalation

📊

Reporting

Documentation, Risk Assessment, Remediation

2. Planungs- & Reconnaissance Phase

OSINT (Open Source Intelligence)

🔍 Information Gathering Checklist

Domain Intelligence
  • • Subdomain Enumeration
  • • DNS Records Analysis
  • • WHOIS Information
  • • Certificate Transparency Logs
  • • Email Addresses
Technical Intelligence
  • • Technology Stack Identification
  • • Public Code Repositories
  • • Social Media Profiles
  • • Job Postings Analysis
  • • Leaked Credentials

Reconnaissance Tools & Commands

# Subdomain Enumeration
subfinder -d target.com -o subdomains.txt
amass enum -d target.com
assetfinder target.com

# DNS Reconnaissance
dig target.com ANY
dnsrecon -d target.com -t std
fierce -dns target.com

# Port Scanning (Initial)
nmap -sn 192.168.1.0/24
masscan -p1-65535 192.168.1.1 --rate=1000

# Web Technology Detection
whatweb target.com
wafw00f target.com
wappalyzer target.com

3. Scanning & Enumeration

💡 Scanning-Strategie

Beginnen Sie mit passiven Scans und arbeiten Sie sich zu aktiven Scans vor. Dokumentieren Sie alle Findings systematisch.

Nmap Scanning Techniques

🎯 Target Discovery

# Host Discovery
nmap -sn 192.168.1.0/24
nmap -PS22,80,443 192.168.1.0/24

# TCP SYN Scan (Stealth)
nmap -sS -T4 -p- target.com

# Service Version Detection
nmap -sV -sC -p 1-65535 target.com

# UDP Scan (Top 1000 ports)
nmap -sU --top-ports 1000 target.com

🔍 Service Enumeration

# HTTP/HTTPS Enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
nikto -h http://target.com
dirb http://target.com

# SMB Enumeration
enum4linux target.com
smbclient -L //target.com
smbmap -H target.com

# FTP Enumeration
nmap --script ftp-anon,ftp-bounce,ftp-libopie -p 21 target.com

4. Exploitation & Post-Exploitation

⚠️ Exploitation Ethics

Führen Sie nur Proof-of-Concept Exploits durch. Vermeiden Sie Schäden am Zielsystem. Dokumentieren Sie alle Schritte für den Bericht.

Common Attack Vectors

🌐 Web Application Attacks

  • • SQL Injection (SQLi)
  • • Cross-Site Scripting (XSS)
  • • Cross-Site Request Forgery (CSRF)
  • • Local/Remote File Inclusion
  • • Server-Side Request Forgery (SSRF)
  • • Insecure Direct Object References

🖥️ System-Level Attacks

  • • Buffer Overflow Exploits
  • • Privilege Escalation
  • • Weak Service Configurations
  • • Default Credentials
  • • Unpatched Vulnerabilities
  • • Misconfigured Services

Post-Exploitation Activities

# System Information Gathering
uname -a
cat /etc/passwd
ps aux
netstat -tulpn

# Privilege Escalation Check
sudo -l
find / -perm -u=s -type f 2>/dev/null
getcap -r / 2>/dev/null

# Network Reconnaissance
arp -a
route -n
cat /etc/hosts

# Data Exfiltration (Proof of Concept only)
find / -name "*.txt" -o -name "*.doc" -o -name "*.pdf" 2>/dev/null
locate password
grep -r "password" /var/log/ 2>/dev/null

5. Reporting & Dokumentation

Report Structure

📋 Executive Summary

  • • High-level overview of findings
  • • Risk assessment matrix
  • • Business impact analysis
  • • Strategic recommendations

🔍 Technical Details

  • • Detailed vulnerability descriptions
  • • Proof-of-concept evidence
  • • CVSS scoring and classification
  • • Step-by-step reproduction guides

🛠️ Remediation

  • • Prioritized remediation roadmap
  • • Technical implementation guides
  • • Compliance mapping (OWASP, NIST)
  • • Timeline recommendations

Risk Classification

CRITICAL
9.0 - 10.0
HIGH
7.0 - 8.9
MEDIUM
4.0 - 6.9
LOW
0.1 - 3.9

6. Essential Penetration Testing Tools

🔧 Reconnaissance Tools

NmapNetwork Discovery & Port Scanning
MasscanHigh-Speed Port Scanner
GobusterDirectory/File Enumeration
SubfinderSubdomain Discovery

💥 Exploitation Tools

MetasploitExploitation Framework
Burp SuiteWeb Application Testing
SQLmapSQL Injection Testing
John the RipperPassword Cracking

🛡️ G-Data Security Tools

G-Data Endpoint ProtectionBehavioral Analysis & Detection
G-Data Security AwarenessPhishing Simulation Platform
G-Data Network SecurityAdvanced Threat Protection

📊 Reporting Tools

DradisCollaboration & Reporting
FaradayVulnerability Management
MagicTreeData Correlation
SerpicoReport Generation
🎯

Tavo-IT Penetration Testing Services

Als zertifizierte G-Data Security Partner bieten wir professionelle Penetrationstests mit deutschen Sicherheitsstandards.

🔍 Web App Pentests
OWASP Top 10 Compliance
🌐 Network Pentests
Infrastructure Assessment
📱 Mobile App Tests
iOS & Android Security
Pentest beauftragenKostenlose Beratung

OWASP Top 10 2021

A01Broken Access Control
A02Cryptographic Failures
A03Injection
A04Insecure Design
A05Security Misconfiguration

Verwandte Artikel

Firewall-Konfiguration
Network Security
Malware Detection
Threat Response
Security Monitoring
SIEM & SOC

Downloads

Vorheriger Artikel: Firewall-KonfigurationNächster Artikel: Malware Detection