A gray box penetration test is the halfway point between the white box and black box test. In a typical gray box test, the pen tester is provided with some knowledge of the applications, systems, or networks. Because of its nature, this type of test is quite efficient and more focused on an organization that has a deadline in place. Using the information provided by the client, the pen tester can focus on the systems with greater risks and save a lot of time performing their own recon.

Now that we have a clear understanding of the types of pen tests that can be done, let's look at the stages of a penetration test.