loading
Loading content
loading
Also known as pentest, pen testing
A penetration test puts an authorized attacker against a target to find weaknesses and prove they can be used. The tester works within an agreed scope and rules of engagement, then chains discovery, exploitation, and post-exploitation to show real impact rather than a theoretical list of issues. The deliverable is a report that ranks findings and explains how each one was reached.
The distinction from a scan matters. Vulnerability scanning flags conditions that might be exploitable; a pentest confirms which ones actually are by exploiting them and capturing a proof of concept. That confirmation cuts through the noise of unvalidated alerts and gives owners evidence they can act on.
Scope also separates a pentest from a red team engagement, which tests detection and response across a broader, stealthier campaign. A pentest aims for coverage of a defined target in a fixed window.
In a Trickest workflow, automation handles the repeatable groundwork: recon, enumeration, and triage feed the tester a curated set of live targets and likely entry points. The human then spends time on the exploitation and chaining that tooling cannot judge, the same muscle a bug bounty hunter relies on.
Related terms