It can often be difficult for infosec outsiders to understand a lot of what is talked about and understand the differences between even the most commonly used terms, like penetration testing and ethical hacking for example. In this explainer I will attempt to explain hacking methodology in simple terms and classic ELI5 style.

Ethical hacking, Penetration testing are the two titles usually held to be related, however, there is a small but well-defined border between them. Penetration testing can be described as a legitimate and sanctioned effort to find and strongly exploit websites, mobile applications for the goal of making them safer.

Ethical hacking, on the other hand, covers all hacking methodologies, and other similar attack techniques. It is similar to that of Penetration testing, but it requires widespread services. According to the EC-Council, the ethical hacking is “an individual who is usually employed with an organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.”

This post explores the basics and core aspects of the hacking methodology. It can also be termed as the penetration testing methodology or phases of ethical hacking.

The method involves penetrating for vulnerabilities as well as presenting the testimony of theory attacks to show the vulnerabilities are evident. Decent penetration testing perpetually concludes with particular suggestions for directing and correcting the problems that were encountered during the analysis. In other words, this method is applied to improve the security of the systems against coming assaults. The overall purpose is to determine security problems by applying a particular methodology, tools, and techniques as an attacker. These conclusions can then be lessened before a true hacker abuses them.

Ethical Hacking Methodology

“You hit home runs not by chance but by preparation” ~ Roger Maris

Yes, preparation is the key thing to achieve success in ethical hacking. Like most factors, the entire method of ethical hacking can be divided into a sequence of phases. When putting together, these phases develop a complete hacking methodology for performing a penetration test.

The meticulous study of any breach disclosures establishes the doctrine that most hackers also follow a method when striking an objective. The application of a planned strategy is essential. The following is the step by step phases of the hacking.


The reconnaissance phase is the most important phase of the hacking methodology. You can never win a war if your reconnaissance skill is poor. The importance of reconnaissance is to accumulate important information and facts about the selected target. This information can then be applied, in the grass, to reach the potential necessary position.

It is necessary to spread your webs as wide as possible. In this method, each aspect and every bit of information about the target system is gathered and saved. The penetration testing/Hacking world is full of numerous great examples when an apparently small piece of data was gathered in the reconnaissance phase, and later became a critical element for successfully creating an exploit and obtaining access to the system.

Passive: Passive reconnaissance is what happens when you don’t communicate with the target. This is accomplished by inspecting the webpage, exploring Google, studying social media accounts for information and much more. In short, you’re watching for any data that can be applied to hold against the target. This is the only phase that is not prohibited. Anything beyond this phase can be considered a crime if you are ignoring the word ethical.

Active: Active reconnaissance is the phase you apply when you are investigating your target. It involves communicating directly with the target. It is necessary to perceive that during this method, the target may log your IP address and log your movement. This has a greater probability of being caught if you are trying to execute in a secrecy mode.

In other words, reconnaissance (information gathering) is the practice of applying passive/active methods of obtaining information about the target system before performing the attack. The communication with the target system is in a shadow to evade exposure and signal the target about the assault. The reconnaissance can expose vulnerabilities of the target system and increase the efficiency with which they can be exploited. There are numerous tools/methods which can be applied for reconnaissance, for example, whois, Google search, forums, network inventory, operating system credentials, etc. Here is the list of some of the amazing reconnaissance tools.


In this stage, Scanning tools are applied to know how a target reacts to intrusions. After footprinting and reconnaissance, scanning is the next stage of information gathering that hackers apply. Scanning is where hackers enter into the system to scan for relevant data and settings in a particular IP address series. Network scans are also an important tool in the armory of ethical hackers, who act to thwart assaults on the company’s foundation and data. There are many scanning tools already available in the Kali Linux. Some of the amazing tools can be found here.


In the simplest words, exploitation is the method of gaining authority over a system. However, it is necessary to know that not every exploit points to complete system compromise. More precisely described, an exploit is a method to avoid a security defect or bypass security checks. This method can take many diverse patterns.

The ultimate aim is to obtain controlling access to the computer. In many systems, exploitation is an effort to shift the victim machine into a servant that will fulfill your instructions and take your direction. Just to be fair, exploitation is the method of starting an exploit. An exploit is an achievement. They are problems or flaws in the software code that present a hacker the capability to start or perform a payload against the victim system. A payload is a process to convert the victim machine into a servant and push it to follow our directions. Payloads can change the initial working of the software and enable us to execute any kind of tasks like installing new software, damage working services, add new users and much more.

Post Exploitation and Maintaining Access

Post-exploitation or maintaining access is the next phase of the ethical hacking methodology. Keeping access to a computer system is a pressing exercise that demands to be explained and explicitly disclosed to the client. Many businesses are engaged in begetting a penetration test completed but are suspicious of providing the penetration testing firm to take control of backdoors. Most companies or people are nervous that these backdoors will be found and utilized by an illegal third party.

In other words, post exploitation essentially means the stages of the ethical hacking job once a sufferer’s system has been jeopardized by the hacker. The condition of the endangered system is defined by the utility of the real data stored in it and how a hacker may gain the advantage of it for wicked ideas. The idea of post exploitation has grown from this experience only as to how people can utilize the victim's system's data. This step truly involves gathering raw information, reporting it, and gathering other essential information such as configuration frameworks, network interfaces, and other information courses. These may be applied to control the determined path to the system as per the hacker’s requirements.


Like every other phase we have mentioned in this post, drafting a sound ethical hacking report is crucial. Many ethical hackers wrongly think that they can just present the immature output from the tools that they use.

Correct or incorrect, your status as a ethical hacker will have a linear association with the nature of the reports that you submit. Mastering to put a well-written report is important for getting clients and getting a prospective job. It is eternally a solid plan to have a specimen report available. Many promised customers will demand a specimen report before reaching a conclusive judgment.


In short, hacking is not all about tools and following this only methodology mentioned in this post. If you are a beginner then this methodology is an ideal methodology. If you rely only on tools then you are not a hacker, you are just a script kiddie. A script kiddie is primarily someone who desires to be a hacker but needs the real experience of how to really hack anything. A script kiddie will apply the tools, scripts/codes built by real hackers. They will essentially just shoot the code/tool and it will produce whatever it was coded for. The kiddie truly doesn't execute anything but they take the pleasure of "hacking".

A hacker, unlike a script kiddie, truly understands how to enter into the system without applying a code/tool of someone else. Now I'm not stating that they won't use a tool or a code. The real ethical hacker will normally have a well-built hacking methodology, tools and a vast knowledge of networking, programming languages like Python, PHP, SQL, and Javascript.

The awesome image used in this article is called "So far so good" and was created by Julien Laureau.