Notes:

Vulnerability scanning Locates and fixes potential vulnerabilities

Penetration Testing Finds and exploits vulnerbulties. Finds and fixes proven vulnerabilities. Doesn't try to not get detected.

Red Teaming Tries to not get detected

5 stages of pen testing 1. Reconnaissance where targets are indentified. 2. Scanning for hosts and finding potential vulnerabilities. 3. Explotioning those vulnerabilities 4. Maintaining access (maintaining persistence, escalating privileges), 5. Reporting

Passive Recon OSINT, public info. Can use domain registration (ICANN). IP Registration (IANA). Google Dorking, Shodan

Passive Recon Tools

theHarvester (command line tool which queries search engines)

Netcraft (gives tech reports on sites)

Metagoofil (extracts metadata from public docs)

Active Recon Interact with target