Complete Penetration Test Workflow¶
End-to-end guide for conducting a comprehensive penetration test using Hive and APHIDS CLI.
Overview¶
Duration: 1-2 weeks
Difficulty: Intermediate
Prerequisites: Authorization, Hive account, APHIDS CLI installed
Workflow Phases¶
graph LR
A[Planning] --> B[Reconnaissance]
B --> C[Scanning]
C --> D[Enumeration]
D --> E[Vulnerability Analysis]
E --> F[Exploitation]
F --> G[Post-Exploitation]
G --> H[Reporting]
Phase 1: Planning & Preparation¶
1.1 Obtain Authorization¶
Critical: Never test without written authorization!
Required Documentation: - Scope of work (SOW) - Rules of engagement (ROE) - Emergency contacts - Legal authorization letter
Scanning¶
- Nmap
- Masscan
- Nikto
- WhatWeb
Vulnerability Scanning¶
- Nuclei
- Wapiti
- SSLScan
- TestSSL
Exploitation (If Authorized)¶
- SQLMap
Checklist¶
Pre-Engagement¶
- Authorization obtained
- Scope defined
- Emergency contacts established
- Engagement created in Hive
- Tools configured
- Team briefed
Reconnaissance¶
- Passive OSINT completed
- Subdomains enumerated
- DNS records gathered
- IP ranges identified
- Technologies identified
Scanning¶
- Port scanning completed
- Service enumeration done
- Web scanning finished
- Vulnerability scanning complete
- Results reviewed
Analysis¶
- Findings validated
- False positives removed
- Vulnerabilities prioritized
- Evidence collected
- Impact assessed
Reporting¶
- Technical report generated
- Executive summary created
- Remediation plan provided
- Evidence included
- Report reviewed
Post-Engagement¶
- Findings presented
- Questions answered
- Remediation support provided
- Retesting completed
- Final report delivered
- Cleanup verified