Smart contracts powered by blockchain ensure transaction processes are effective, secure and efficient as compared to conventional contacts. Smart contracts facilitate trustless process, time efficiency, cost effectiveness and transparency without any intervention by third party intermediaries like lawyers. While blockchain can counter traditional cybersecurity attacks on smart contract applications, cyberattacks keep evolving in the form of new threats and attack vectors that influence blockchain similar to other web and application based systems. Effective blockchain testing help organizations to build and utilize the technology securely withe connected infrastructure. However, during the course of our research, the authors detected that Blockchain technology comes with security considerations like irreversible transactions, insufficient access, and non-competent strategies. Attack vectors, like these are not found on web portals and other applications. This research presents a new Penetration Testing framework for smart contracts and decentralized apps. The authors compared results from the proposed penetration-testing framework with automated penetration test Scanners. The results detected missing vulnerability that were not reported during regular pen test process.