Ethical Hacking

Explore the Five Phases Of Hacking

Explore the Five Phases Of Hacking

Hello Hackers,

Our last blog is about Ethical Hacking and now it’s time to move forward and learn something new about phases of ethical hacking.

Hackers always follow some steps to take access to any system or testing the security, this all steps are known as Phases of Hacking“.

In this ethical hacking, there are 5 phases are;

  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Clearing tracks

All the phases are very important according to the Hacking point of view

PHASE 1 : Reconnaissance

This phase is very important in hacking & even it is the most time spending phase in Hacking. It is also called Footprinting & Information Gathering phase, in which we need to collect all information about our target.

It is divided into 2 types:

Active Reconnaissance :

In this phase, we need to collect information by directly interacting with the target and its system.

Passive Reconnaissance :

In this phase, we collect information of target by the medium of Social media, website surfing, and some other resources but no direct interaction with the target.

The tools used are:

  • Maltego
  • shodan
  • Google Dorking
  •  whois lookup
  • Red hawk
  • theHarvester etc.

PHASE 2 : Scanning

It is the second phase of hacking in which we need to scan our target on the basis of information that we have gathered in the Reconnaise phase. Several techniques are used to scan the Target.

It involves

  • Scanning Ports
  • Finding Vulnerabilities
  • Network mapping
  • Firewalls, OS detection
  • Sniffing.

For finding vulnerability you can use an “automated scanner” or “Manual hunting for vulnerabilities“.

Most intermediate or advanced level hackers prefer manual hunting.


  • Nmap
  • Nessus
  • Nikto
  • wpscan
  • Nexpose
  • OpenVAS
  • W3AF etc.

PHASE 3 : Gaining Access

In this phase, we start exploiting the vulnerability that we have founded in the scanning phase. Like if you got any open ports then you need to try exploiting them to reach inside the system.

For exploiting, you can use the tool Searchsploitwhich is the same as exploit DB“.

Some more techniques are:

  • Phishing attacks.
  • Buffer Overflow
  • Open Port Access
  • Session Hijack
  • BEEF
  • Man in the Middle attack (MITM attack)

PHASE 4 : Maintaining Access

Once we have taken successful access to the target machine if we need to keep persistent access to that system, so we should leave some backdoor open, or inject any Rootkits, Trojan, or RAT for keeping at all-time access to the target system.

Usually, we use PHP backdoor for websites or rootkits for the system to have persistent access to the target machine

PHASE 5 : Clearing tracks

Always an Intelligent hacker will never leave any tracks which help ethical hackers to caught them.

  • Clearing cache or cookies
  • Close all open ports
  • Modify logs

This phase is never used by Ethical hackers.

Its done for today Good Bye for now..

Happy Hacking!!

Share this post

About the author


  1. I like the helpful information you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I’ll learn much new stuff right here! Good luck with the next!

Leave a Reply

Your email address will not be published. Required fields are marked *