What are different phases of Ethical Hacking?

In this article I will tell you about different phases of ethical hacking, and I will also tell you about few tools you can use for each phase. If you are a beginner and you don’t know that what is ethical hacking and why should we learnt it then read this article.

So below are the different phases of Ethical Hacking:

  1. Reconnaissance
  2. Scanning
  3. Exploitation
  4. Maintaining Access
  5. Covering Tracks
  6. Reporting
Ethical Hacking


Reconnaissance is a phase where an ethical hacker collects the information about the target, so that it will easy to understand, how to hack the target. The most basic information an ethical hacker needs is the IP address of the target, IP address range, architecture of the network and DNS record. These are very basic information needed by ethical hacker to hack the target. And this information may vary according to what your target is.

Most common tools used for reconnaissance are:

  • Search Engine
  • NSLookup
  • WHOis Lookup


Scanning is the second phase of ethical hacking. It is basically a process of identifying the weak points or we can say the loopholes of the target from where a hacker can try to hack the target. Some of the basic information that hacker requires are active ports and active hosts, these are actually active ports on the network that are up and running. So, if you want to hack a network then you must hack it through any active computer on it which is live at that time. After that you need to collect information about services. These services can be security services, firewall services, inclusion detection. And the you need to know about applications running and operating system.

Most common tools for scanning are as follow:

  • OpenVAS
  • Nikto
  • WireShark
  • Nessus


Exploitation is the third phase of ethical hacking, in which hackers take advantage of the loopholes and weaknesses scanned in phase 2 to hack the target with appropriate tools. You have to choose and perform appropriate attack depending on the weaknesses and loopholes of your target. It means Every attack is not applicable on every target. We need to analyze that, which attack can be performed on our target. And then we have to launch the attack. Finally, we will gain the access on our target.

Some of the most popular tools used for exploitation phase are:

  • BeEF
  • MetaSpoilt
  • SQLMap

Maintaining Access

Maintaining access id the fourth phase of ethical hacking, in which after hacking hacker install some software or make some changes in target system in such a manner, so that he can access the target later in the future, without perform whole attack from starting.

Some of the most popular and efficient ways of doing this are:

  • Installing Backdoors
  • Creating new Users
  • Escalate privileges
  • Installing Rootkits
  • Installing Trojans

Some of the most common tools used for this purpose are:

  • PowerSploit
  • Weevly
  • dns2tcp

Covering Tracks

Covering tracks is fifth phase of ethical hacking, in which hacker hides his identity and the way in which he exploits the target. So, target would never know that who hacked him and how. Most common ways of clearing the tracks are:

  • Clearing Cache/Cookies
  • Tampering Log files
  • Close ports/ Stop Services


Reporting is the final phase of ethical hacking, where hacker creates a documentation of all the weaknesses and loopholes found on the target, the way he used these weaknesses and loopholes to exploit the target and also some precautions that target can take to make the security better. This is the phase which differentiates the malicious hacker from an ethical hacker.

So, these are the six phases of ethical hacker. I hope this article is informative. If I miss something please tell me in comments.

One thought on “What are different phases of Ethical Hacking?

Leave a Reply

Your email address will not be published. Required fields are marked *