Are you an IT professional who is looking to get into penetration testing (often called “pentesting”)? If so, then this article is a good place for you to begin. It will, hopefully, serve as a jumping-off point for you to get into the exciting and important field of pentesting.

In the U.S. alone, it is estimated that there is some form of cyber attack every 39 seconds. Given the costs that a company can sustain when it suffers a breach, it is very important to perform regular penetration testings, so that they can identify and address the vulnerabilities. As we said a moment ago, this is a very important field.  So where to start?  Well, pentesting comes in two forms:  Internal and External pentests. This article will deal solely with internal testing.  

What is Internal Penetration Testing?

Where External Pentesting examines a front-facing network, internal penetration testing involves carrying out a series of tests to help and identify what an attacker who has internal access to a network can accomplish.  Disgruntled employees, errors, and bad policies can all produce internal cyber threats. Testing for these things may include monitoring, credential stealing, man in the middle attacks (MITM), privilege escalation, information leakage, malware infections, or any other malicious activity.

The attacker can be a contractor, an employee, or a staff member with internal access. This test will show the organization’s entry points/weaknesses, and help assess an attack’s impact. Even if you are secure from external threats, internal testing is vital should an attacker access your network from the inside. 

Internal Penetration Testing Methodology

An internal Penetration test has four phases:


The first phase involves passive intelligence gathering. This may include analyzing the traffic and “sniffing” networks. It further includes collecting information, such as domain and subdomain names, data leaks, technical information shared on social networks or forums, versions, and types of technologies used. It may also include employee names and – if existent – pwned passwords (a pwned password is a password that has been breached and released to the public). This phase’s main purpose is to identify all the sensitive information. 


During the mapping phase, pentesters gain better insight into the most exposed and critical elements of an organization’s infrastructure. This particular phase is essential, especially if you are looking at vulnerabilities within the entire framework, rather than just one particular aspect (such as, say, guest wi-fi). 


Is the phase where you will actively search for vulnerabilities. This phase generally uses automated programs that are designed to scan the network (and software) as thoroughly as possible. The goal here is to find as many vulnerabilities as you can.


This last phase tests all the possible exploitation flaws that were identified during the discovery phase. Exploitation allows you to discover just how much of an impact a particular vulnerability can have.  For example, a cracked password for an employee who has access to customer and client PII can lead to massive threats of identity theft.

How to do an Internal Penetration Testing

Any potential internal vulnerabilities are identified by carrying out tests on one or more of the following areas:

  • WIFI Networks 
  • Local Servers
  • Firewalls
  • Access Points
  • Computer Systems
  • Employees

Internal Penetration Testing Checklist

The internal penetration checklist ensures that your efforts in penetration testing deliver results.

Scheduling (2-4 months before Penetration Test)

Communicate your testing methodologies, and follow best-practice standards in the industry.

Testing Preparation (5 weeks before Penetration Test)

  • Collect as much information as possible. The amount of information you receive will obviously depend on whether this is a black, grey, or white box test.
  • Outline what the organization can expect to see on their end as you test: impacts on the website, server issues, etc. If the company has an IDS or IPS, they will need to monitor those alerts to make sure it is the pentest, and not a real-time threat.
  • Schedule the penetration test, keeping in mind that you will need time for remediation. Also, when scheduling the test, bear in mind how much of an impact on business it may have, and try to schedule accordingly.

Testing (During Penetration Test)

This is the actual test. During this time, you will run all automated and manual processes, as outlined with the organization beforehand.

  • Work with the organization’s team members. Communicate regularly, asking questions and being willing to answer any of their questions.
  • Stay within the scope of the agreed-upon work! If the job scope includes only email servers, then test only email servers – do not go outside of that! 

Reporting (0-6 weeks after Penetration Test)

After completing the test, you will work up a report, detailing vulnerabilities, any exploitations you were able to introduce, as well as projected impact and suggested remediation.  You must then give the organization time to review the report. Be patient!

  • Do not only address exploitations, but also root causes.
  • Keep yourself available to answer any questions.
  • If requested, work with their Technology/Security Teams to help remediate any issues they wish to address.

Retesting (0-3 months after Penetration Test)

Depending on the company’s budget and resources, they may request you to come back and do a retest.  Bear this in mind when you are scheduling your next pentests!

  • Retest to satisfy that fixes are working (within 90 days after initial report date)
  • Repeat remediation until all corrections have been made

Internal Penetration Testing Tools

The internal penetration testing tools that are popularly used include:

For Frameworks, you can use the following testing tools:

  • Kali Linux
  • Backtrack5 R3
  • Security Onion

For Reconnaissance, some of the internal penetration tools you can use include:

  • Smartwhois
  • dnsstuff
  • CentralOps
  • DIG
  • nslookup
  • netcraft
  • Have I been pwned?

For Discovery, the following are the tools that you can use:

  • OpManager
  • Maltego
  • nmap
  • Colasoft ping tool
  • Angry IP scanner
  • LanSurveyor
  • NetResident

The following tools can be used for Enumeration:

  • Netbios enumerator
  • Superscan
  • Ps Tools
  • Enum4Linux
  • Netscan
  • nslookup
  • NsAuditor
  • Jxplorer
  • DumpSec
  • Hyena
  • WinFingerprint
  • Snmpcheck

Tools you can use for Scanning include:

  • GFI Languard
  • Nexpose
  • Retina

For Password Cracking, you can use the following tools:

  • John The Ripper
  • Cain & Abel
  • Ncrack
  • Ophcrack
  • LC5
  • Rainbow Crack
  • Hydra

For Sniffing, you can use these tools:

  • Ettercap
  • Wireshark
  • Capsa Network Analyzer

For Exploitation, use the following tools:

  • Core Impact
  • Metasploit

Automated Internal Infrastructure Penetration Testing

The Evolve “Automated Internal Infrastructure Penetration Testing” solution helps organizations orchestrate on-demand penetration testing environments. This means you can run an internal penetration test in any location across corporate networks within on-premise data centres and public clouds, including AWS and Azure.

Evolve orchestrates scalable penetration testing environments specifically for the type of penetration test you want to perform. You choose the level of protection and intensity that is right for your business needs with event-driven or daily, weekly and even monthly periodic penetration testing.

If you want to try automating your security in your own time, start our 7-day free trial. Check how easy and fast it is: 

Step 1: Register an Evolve Account

Step 2: Navigate to the Evolve Marketplace 

Step 3: Import the Automated Internal Penetration Test workflow into your account

Step 4: Click to launch a workflow instance to start running a test

Step 5: Done! Evolve does all the work to secure your business! 



Organizations need to carry out internal penetration tests as often as – or perhaps even more often than – external penetration tests. This will ensure that they clearly understand what information can be exposed to attackers, which will help prevent malicious activity.  Data breaches and the exposure of PII is a large and growing threat in today’s global cyber market.  Now, more than ever, pentesting is a valuable and necessary tool for protecting assets of all kinds.