The main goal of the scanning phase is to learn more about the target environment and find openings by directly interacting with any detected target system and/or network component. As a positive side-effect, scanning might lead to identifying further items that were not included in the scope of the target environment.
The main aim of the exploitation phase is to demonstrate the actual presence of exploitable vulnerabilities as detected in the previous core phase, with special focus on the ones that could expose card data that can be compromised. During this phase, the tester tries to actively gain access by circumventing security measures that are in place, expand access and elevate the level of privilege obtained.
There are three types of penetration tests: black-box, white-box, and grey-box. In a black-box assessment, the client provides no information prior to the start of testing. In a white-box assessment, the entity may provide the penetration tester with full and complete details of the network and applications. For grey-box assessments, the entity may provide partial details of the target systems.