Designed to determine possible gaps and vulnerabilities at the configuration andpatches level. Attacks are made pretending to be an attacker, in order to determine the degree of access that would be achieved with malicious intentions.