Process – Like a good project, ethical hacking too has a set of distinct phases,It helps hackers to make a structured ethcal hacking attack.

Different security training manuals explain the process of hacking in different ways, but for make a certified Ethical Hacker, the entire process can be cetegorized into following six phases:-

  1. Reconnaissance
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Clearing Access
  6. Reporting

Reconnaissance – Reconnaissance is the phase where the attacker gathers the information  about a target using active or passive means.The tools that are widely used in the process are NMAP, Hping, Maltego and Google Dorks.

Scanning – In this process, the hackers begins to actively probe a target machine or a network for vulnerabilities that can be exploited.The tools used in the process are Nessus, Nexpose and NMAP.

Gaining Access – In the process, the vulnerability is located and you attempt to exploit it in order to enter into system. The primary tools that are used in the process of Metasploit.

Maintaining Access – It is the process where the hacker  has already gained access into a system,  After gaining access, the hackers install some backdoors in  order to enter into system when he needs access in the owned system in future. Metasploit is preferred tool in this process.

Clearing Tracks – The process is actually an unethical activity. It has to do with the deletion of logs of all active that take place during the hacking process.

Reporting – Report is the last step of finishing the ethical process.  Here the Ethical Hacker complies a report with the finding and   the job that was done such as a tools used , the source rate, vulnerabilities found, and the exploit process.


Information gathering and getting to know the target system is the first process in ethical hacking. Reconnaissance is a set of process and techniques (Footprinting, scanning & Enumeration) used to covertly discover and collect information about a target system.

During reconnaissance, an ethical hackers attempts to gather as much information  about a target  system as possible, following the seven steps listed below –

  • Gather initial Information
  • Determine the network range
  • identify active machine
  • Discover open ports and access points
  • Fingerprinting and operating system]
  • Uncover services on ports
  • Map a Network

We will discuss in detail all these steps in subsequent chapters on these tutorial reconnaissance in two parts – Active reconnaissance and Passive reconnaissance.

Active reconnaissance – In this process, you will directly interact with the computer system to  gain Information. The information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are are detected, then system admin can take seven action against you and trail you subsequent activities.

Passive reconnaissance – In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with target system.