Network Penetration Testing Checklist (Updated 2022)

What is Penetration Testing?



A network penetration test identifies security vulnerabilities in applications and systems by using malicious techniques on purpose to evaluate the network’s security or lack thereof.

A network penetration test, also known as a pen test, is similar to vulnerability assessments in that it seeks to identify vulnerabilities in a network.

On the other hand, a penetration test is an exact simulation of a potential attack to identify vulnerabilities that are harder to find in a network.

What Steps Are Involved In Network Penetration Testing?

Network penetration testing and vulnerability assessments are terms that are frequently used interchangeably.

However, there are some significant differences. For example, most security practitioners consider network penetration testing to be a step after your vulnerability assessment.

Particularly after the vulnerabilities identified in the vulnerability assessment have been addressed, the business owner wishes to further test the network’s security.

List of top Network penetration testing checklist

  1. Host Discovery
  2. Port Scanning
  3. Banner Grabbing/OS Fingerprinting
  4. Scan for Vulnerabilities
  5. Draw Network Diagrams
  6. Prepare Proxies
  7. Document all Findings

Let’s explain in brief

1. Host Discovery

Footprinting is the first and important phase in which information on your target system is collected.
DNS footprinting helps list DNS records such as (A, MX, NS, SRV, PTR, SOA, CNAME) in the target domain.



  1. A– A record is used to point the domain name, like cybersguards.com, to its hosting server’s IP address.
  2. MX– Email exchange records responsible.
  3. NS– NS records identify the DNS servers in charge of the domain.
  4. SRV– Distinguish records for the service hosted on specific servers. PTR– Reverse DNS lookup, you can use the IP to associate domain with it.
  5. SOA– Record start, it’s nothing but information about the DNS Zone and other DNS records in the DNS system.
  6. CNAME– Cname maps a domain to a different domain name.

Live hosts, accessible hosts in the target network can be detected using network scanning tools like Advanced IP Scanner, NMAP, HPING3, NESSUS.

Ping & Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128
root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IP
root@kali:~# nmap -sn 192.168.169.* Wildcard
root@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois data

To obtain Whois information and name server of a website

root@kali:~# whois testdomain.com

http://whois.domaintools.com/
https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packets

root@kali:~# traceroute google.com

Online Tools



http://www.monitis.com/traceroute/
http://ping.eu/traceroute/

2. Port Scanning

Conduct port scanning with tools such as Nmap, Hping3, Netscan, Network monitor. These tools help us to test a server or host for open ports on the target network.

The open ports are the gateway for attackers to enter and install malicious backdoor applications.

root@kali:~# nmap –open cybersguards.com To find all open ports
root@kali:~# nmap -p 80 192.168.123.126 Specific Port
root@kali:~# nmap -p 80 192.168.123.126 Range of ports
root@kali:~# nmap -p “*”192.168.123.126 To scan all ports

Online Tools

http://www.yougetsignal.com/
https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting

Banner Grabbing / OS fingerprinting like Telnet, IDServe, NMAP determines the target host and operating system.
Once you know the target version and operating system, we need to identify and exploit the vulnerabilities. Try to get system control.

root@kali:~# nmap -A 192.168.123.126
root@kali:~# nmap -v -A 192.168.123.126 with high verbosity level

Online Tools

https://www.netcraft.com/
https://w3dt.net/tools/httprecon
https://www.shodan.io/

4. Vulnerabilities scanning

Scan the network using GIFLanguard, Nessus, Ratina CS, SAINT vulnerabilities.

These tools help us to identify vulnerabilities in the target system and operating systems. You can find loopholes in the target network system with these steps.

GFILanguard

It acts as a security consultant and offers patch management, vulnerability evaluation and network auditing services.

Nessus

Nessus is a vulnerability scanner tool that looks for a bug in the software and finds a specific way to violate software security.

  • Data collection
  • Identification of the host
  • Port scan
  • Selection of the plug- in
  • Data reporting

5. Draw Network Diagrams

Draw an organization network diagram that helps you understand the logical network connection path to the network host. LANmanager, LANstate, Friendly pinger, network view can draw the network diagram.

6. Prepare Proxies

Prepare acts as a link between two networking devices. A proxy can protect the LAN from external access.

We can anonymize web browsing with proxy servers and filter unwanted content like ads and many others.

To hide you from being caught, proxies like Proxifier, SSL Proxy, Proxy Finder etc.



7. Document all results

The last and most important step is to document all Penetration test findings.

This document helps you to identify potential vulnerabilities within your network. Once the vulnerabilities have been determined you can plan counteractions accordingly.

You can download rules and scope of worksheet here– rules and scope sheet. Penetration testing therefore helps to evaluate your network before it gets into real difficulties that can lead to serious losses in value and finance.

Network pentesting checklist

Important Tools used for Network Pen-testing

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

Metasploit, Core Impact

These are the most important checklist you should focus on network testing.

Conclusion

Network penetration testing is an essential component of a company’s security strategy. In this article, you learned how to conduct a successful penetration test and report the results to your client.

Network penetration tests are important for improving a company’s cyber security posture, and it’s your job to find their flaws before the real attackers do.

Are you ready to collaborate? Request a no-obligation consultation to discuss your penetration testing requirements.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.