How to Run An External Pentest

(with Recon-ng, Nmap & Metasploit)

Introduction

Pentesting is the practice of checking a computer system, network or web application to find vulnerabilities that a hacker could exploit.

I’ll walk you through how to do an External Pentest of your own. You will need to use an ubuntu server and install these tools:

Dave Kennedy’s PTF — https://github.com/trustedsec/ptf

Alex’s Metasploit shell script — http://AlexLevinson.com/metastatic ploit.txt

Recon-ng — for OSINT research

Nmap — for port scanning

Metasploit — for exploitation and scanning

Tmux — Collaboration/learning

VPS Provider — for scanning

Utilize Dave Kennedy’s Penetration Testing Framework by opening up a terminal and

Typing: “ git clone https://github.com/trustedsec/ptf.git ”

“ git clone https://github.com/trustedsec/ptf.git “

Next navigate to the config/ptf.config file which should have installed in the /pentest directory.

Type:

“ ./ptf ”

“use modules/install_update_all”

“yes”