# 3. The Ethical Hacker Methodology ![Phases of Ethical Hacking - InfosecTrain](/files/wbrIeIptLsuFQGLTBf9E) ➡️ **Ethical hacking**, or **penetration testing**, identifies and addresses vulnerabilities in computer systems and networks through a structured process. The five stages are: 1. **Reconnaissance**: Gathering information about the target using passive techniques like public searches, website browsing and DNS examination to understand the target and find potential entry points. 2. **Scanning**: Actively probing the target to discover open ports, services and vulnerabilities using tools like port scanners, network mappers and vulnerability scanners to identify exploitable weaknesses. 3. **Gaining Access**: Exploiting discovered vulnerabilities to gain unauthorized access using methods like password cracking, social engineering and software exploits. 4. **Maintaining Access**: Ensuring continued access by bypassing security, setting up backdoors and establishing persistent access to mimic a real attacker and assess potential impact. 5. **Covering Tracks**: Removing traces of activity by deleting logs, modifying files and restoring the system to its original state to remain undetected and to leave no evidence. > Ethical hacking must always be **authorized**, legal and conducted with strict adherence to **ethical guidelines**, **confidentiality** and necessary **permissions** from system owners. > > ❗ **Use these techniques responsibly, ethically and with proper authorization for security testing!** *** ## Sections 1. [Information Gathering](/tcm/courses/peh/3-eth-hack/recon.md) 2. [Scanning & Enumeration](/tcm/courses/peh/3-eth-hack/enum.md) 3. [Vulnerability Scanning with Nessus](/tcm/courses/peh/3-eth-hack/va.md) 4. [Exploitation Basics](/tcm/courses/peh/3-eth-hack/exploit.md) 5. [Capstone Practical Labs](/tcm/courses/peh/3-eth-hack/capstone.md) *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.syselement.com/tcm/courses/peh/3-eth-hack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.