Ethical Hacking

12. Reporting Results of Penetration Testing

Reporting Results

The result of an ethical hacker or pen-tester's work is the report. This will generally follow an established format.

  1. Executive summary: Summarises the overall results, findings and recommendations.
  2. Context: Details what the pen-tester has been hired to do and sets out the 'rules of engagement' for example What they will test for, what they will do when testing, what precautions they will take, how success will be judged, who they will report to etc.
  3. Results of Reconnaissance: Much of this will be optional as much of this will fall into the publicly accessible information. Some may be included though especially if that information has a bearing on the discovery of later vulnerabilities which are subsequently exploited.
  4. Scanning and any results, especially those indicating possible areas of weakness.
  5. The Pen-test Plan guided by the results of earlier stages.
  6. The identification of vulnerabilities revealed in the process of attempting to gain access.
  7. Recommendations as to further action and actions to take close down any vulnerabilities.

The aim in writing the report, is to create a clear chain of events or audit trail between each stage. So that a reader can follow what's been asked for, to what's been tested and why, through to the pen-test plan, its results and recommendations.

Why Pen-test? aka Vulnerability Assessment


This unit has focussed on the first stages of a hack, namely Reconnaissance, Scanning, Planning and Gaining Access. The remaining stages, Maintaining Access and Covering Tracks are beyond the scope of this unit. Those with a particular interest can find more on the internet and are covered in greater detail in University based courses.

No tool or set of tools will work all of the time in every situation. Like the engineer or woodworker choosing tools for a particular tasks, ethical hackers will choose tools according to the context. And one of the aims of this unit has been to provide experience of as broad range of tools as possible in the time available. Each tool has its own strengths and weaknesses and has to be selected accordingly.

  1. In reconnaissance Maltego, Dmitry, Recon-ng are popular tools. Of the 3, Maltego is perhaps the most powerful and comprehensive. The downside is that it's one the most difficult to use.
  2. Crossing the boundary between reconnaissance and scanning are Zenmap and The Harvester. Both involve scanning, with Zenmap helping to establish the nature of networks and the Harvester helping to gather email addresses and contact information.
  3. Experience was gained with the use of Uniscan and Sparta scanning tools. Sparta is graphical user interface that lies upon the powerful nmap scanning tool and nikto tool.
  4. Metasploit and Armitage were introduced as powerful tools that lie on the boundary between reconnaissance and tools for gaining access. Hackers in particular like Metasploit for its extensive and growing range of exploits and payloads that can be used. With Armitage, it was shown how access to one computer in a network could be used to attack others in a pivot attack.
  5. As an alternative to actual 'breaking and entering' the Social Engineering Toolkit (SET) was introduced as method for gaining access. SET is a collection of powerful methods that can be used to help trick entry into a system. Such methods include Credential Harvesting, Redirecting Mail, MITM, DNS Spoofing and Spear Fishing.
  6. Organisations now make considerable use of Browser based apps. The Browser Exploitation Framework (BeEF) was introduced as a tool for gaining access via the internet. Like Metasploit, BeEF is a collection of methods that can be used to break in using the browser.
  7. BURP is another framework used for hacking web applications. For practice it was used to hack into the DVWA web app that comes with Metasploitable 2, a vulnerable 'operating system'. BURP is a versatile tool. It can be used for conducting Brute force and Dictionary attacks on passwords as well as SQL Injection attacks on web hosted databases.

While the list of tools introduced appears extensive, they are only a small sample of what's available. These are not necessarily the best which is a matter of opinion. They are perhaps the best known but the number and type of tools are constantly changing, with new improved one's replacing older much established one's on a regular basis.

Attack Phases

Gaining Access

Use the information gathered in the report to complete the hack. Make sure that the relevant section of the report is completed. Again:-

  1. Record all your results.
  2. If there are any screen shots showing your successful entry, make sure you attach them to your report.
  3. Complete your assessment with recommendations on how to close down the vulnerabilities and improve security. - There has to be a clear trail from the scan to the identification of a vulnerability, to the exploit and access of the system. i.e you can't recommend the shut down of a loop hole that you haven't identified or used to gain access.

Your teacher will tell you what to do with the final report.

Can You hack it

Level 6 pupils have to conduct an additional hack to finish the unit. Download the Scenario. Read it carefully before continuing. Approach it in the same way in the previous exercise.

Ethical Hack Scenario
You should be able to:-
  • Explain what should be contained within a pen-tester's final report
  • Communicate the results of a penetration test.
  • Discuss a broad range of pen-tester's tools and their use in each phase of an ethical hack.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee