What order do typical open-source penetration tests operate? Which tools are run first, second, third -- and how do you control them?

Does one simply use Metasploit RC files? A network vulnerability scanner in a special way? A command-line, custom, or headless web application security scanner?

Any other ways (or even ideas) to speed up penetration-tests that you would be willing to share?

Are there open-source projects to help with this process (besides Metasploit RC files or the `save' command under the MSF console)?

Show more