There are many variants of testing techniques. The following list provides a general overview of a few:
- Black box – In this type of assessment, the testers are not given any details about the systems in question. No credentials, no architectural diagrams. This type of testing is used to simulate an external attacker with no inside knowledge.
- Grey box – This type of assessment has many definitions to many people. It is in between black box and white box testing. In this scenario, the tester may receive architectural diagrams, credentials, demonstrations of the application, communication with the target, and much more.
- White box – In this type of assessment, the tester is given a lot of information about the application. This will include credentials, architectural diagrams, source code, and any other information that will help get a full view of the system. There is nothing hidden from the tester for this assessment.
As I understood the Penetrator working in Black box mode only. Is it right?
You can submit credentials when performing the scan and run a more white box scan.
As default it can work also as a Black box mode scanning without being provided any information