Penetration Testing Framework walks its viewer through several methods, step by step guide, covering reconnaissance, scanning, social engineering, exploitation, enumeration of target systems, and more. Penetration Testing Framework focus on specific technology, such as Voice over IP (VoIP), AS400 machines security, wireless LAN (WLAN) assessments, and Bluetooth security analysis. Penetration Testing Framework also has a section on analyzing Cisco routers and similar devices. The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilising a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack.