Standard pen test phases:
Planning →
Reconnaissance →
Scanning/Enumeration →
Exploitation →
Post-Exploitation →
Reporting.
PTES (Penetration Testing Execution Standard) and OSSTMM are formal methodologies. Always start with written authorization. Document everything — reports must be reproducible. Post-exploitation demonstrates real business impact (not just technical access). Reporting is the deliverable clients pay for.