# Objectives of an External Pentest

## Overview

The main goal of an external pentest is to test the security of a company from an outside perspective. We don't have to break into the internal network to be successful, we want to evaluate the opportunities and potential vulnerabilities that could lead to an attack.

For example not having MFA on is a big vulnerability, you could have a strong password policy but that doesn't mean someone can't get phished and give the credentials up.

Protecting the client is the biggest priority so any findings that could lead to them being compromised is worth writing about in the report


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pnpt.adot8.com/external-pentest-playbook/before-starting/objectives-of-an-external-pentest.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.