General penetration testing framework

While some of these standards vary in their number of requirements, they can be loosely be broken down into the following phases:

• Reconnaissance
• Scanning and enumeration
• Gaining access
• Escalation of privileges
• Maintaining access
• Covering your tracks
• Reporting

Let's look at each phase in more detail.