Target Scoping – a process for gathering target assessment, requirements, and characterizing each of it’s parameters to generate a test plan, limitations, business objectives, and time schedule. To give an example what the end result of Target Scoping would look like here are what the parameters are.
-Company Name
-Address
-Website
-E-mails and Phone Numbers
-Penetration Testing Objectives and Penetration Testing Type
-Devices to be Tested: Servers, Workstations, Network Devices, etc.
-Operating Systems Supported
Target Scoping can be done with enumeration tools that are pre-installed on our Kali Linux machines. Such tools are
-whois command: provides when the website was created, the expiration date of the website, status of the website, the name of the servers, potential location of the company, phone number and email of Sponsoring Registrar.
-nslookup command: provides the potential IP Address and how many web servers are accepting requests
-dig command: provides about the same thing as nslookup but it doesn’t hurt to try
-whatweb command: provides Country, HTTP Server, IP Address, Web Servers, Technologies Used, Potential Operating System.
-theHarvester command: this tool crawls a search engine with your target in mind and provides Emails and Subdomains.
All these tools and strategy of Target Scoping can give us insight of how the network topology of the target is arranged. But what is Network Topology??
Network Topology
arrangement of the links, nodes, etc. of a communication network. The network topology is the structure of a network and may be depicted physically or logically. The physical topology is the placement of the various components of a network. Logical topology illustrates how data flows within a network. There is also something called and OSI Model that divides part of a networks communication functions into layers.
OSI Model – this is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying structure and technology. The goal of the OSI model is interoperability. This model partitions the flow of data in a communication system into seven abstraction layers. This model represents the physical implementation of transmitting bits across a communications medium to the highest level representation of a distributed application. Each intermediate layer serves a class of functionality to the layer above it and served by the layer below it
