| name | pentest-checklist |
| description | Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities. |
| risk | offensive |
| source | community |
| author | zebbern |
| date_added | 2026-02-27 |
AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.
Pentest Checklist
Purpose
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.
Inputs/Prerequisites
- Clear business objectives for testing
- Target environment information
- Budget and timeline constraints
- Stakeholder contacts and authorization
- Legal agreements and scope documents
Outputs/Deliverables
- Defined pentest scope and objectives
- Prepared testing environment
- Security monitoring data
- Vulnerability findings report
- Remediation plan and verification
Core Workflow
Phase 1: Scope Definition
Define Objectives
Reference Questions:
- Why are you doing this pentest?
- What specific outcomes do you expect?
- What will you do with the findings?
Know Your Test Types
| Type | Purpose | Scope |
|---|
| External Pentest | Assess external attack surface | Public-facing systems |
| Internal Pentest | Assess insider threat risk | Internal network |
| Web Application | Find application vulnerabilities | Specific applications |
| Social Engineering | Test human security | Employees, processes |
| Red Team | Full adversary simulation | Entire organization |
Enumerate Likely Threats
Define Scope
Budget Planning
| Factor | Consideration |
|---|
| Asset Value | Higher value = higher investment |
| Complexity | More systems = more time |
| Depth Required | Thorough testing costs more |
| Reputation Value | Brand-name firms cost more |
Budget Reality Check:
- Cheap pentests often produce poor results
- Align budget with asset criticality
- Consider ongoing vs. one-time testing
Phase 2: Environment Preparation
Prepare Test Environment
Environment Options:
Production - Realistic but risky
Staging - Safer but may differ from production
Clone - Ideal but resource-intensive
Run Preliminary Scans
Common Pre-Scan Tools:
nmap -sV --script vuln TARGET
nikto -h http://TARGET
Review Security Policy
Notify Hosting Provider
Cloud Provider Policies:
Freeze Developments
Phase 3: Expertise Selection
Find Qualified Pentesters
Evaluation Criteria:
| Factor | Questions to Ask |
|---|
| Experience | Years in field, similar projects |
| Methodology | OWASP, PTES, custom approach |
| Reporting | Sample reports, detail level |
| Communication | Availability, update frequency |
Define Methodology
Testing Approaches:
| Type | Access Level | Simulates |
|---|
| Black Box | No information | External attacker |
| Gray Box | Partial access | Insider with limited access |
| White Box | Full access | Insider/detailed audit |
Define Report Format
Report Should Include:
- Executive summary for management
- Technical findings with evidence
- Risk ratings and prioritization
- Remediation recommendations
- Retesting guidance
Phase 4: Monitoring
Implement Security Monitoring
Monitoring Tools:
tail -f /var/log/auth.log
tail -f /var/log/apache2/access.log
tcpdump -i eth0 -w capture.pcap
Configure Logging
Key Logs to Monitor:
- Authentication events
- Application errors
- Network connections
- File access
- System changes
Monitor Exception Tools
Watch Security Tools
Phase 5: Remediation
Ensure Backups
Reserve Remediation Time
Patch During Testing Policy
Cleanup Procedure
Schedule Next Pentest
Testing Frequency Factors:
- Release frequency
- Regulatory requirements
- Risk tolerance
- Past findings severity
Quick Reference
Pre-Pentest Checklist
□ Scope defined and documented
□ Authorization obtained
□ Environment prepared
□ Hosting provider notified
□ Team briefed
□ Monitoring enabled
□ Backups verified
Post-Pentest Checklist
□ Report received and reviewed
□ Findings prioritized
□ Remediation assigned
□ Fixes implemented
□ Verification testing scheduled
□ Environment cleaned up
□ Next test scheduled
Constraints
- Production testing carries inherent risks
- Budget limitations affect thoroughness
- Time constraints may limit coverage
- Tester expertise varies significantly
- Findings become stale quickly
Examples
Example 1: Quick Scope Definition
**Target:** Corporate web application (app.company.com)
**Type:** Gray box web application pentest
**Duration:** 5 business days
**Excluded:** DoS testing, production database access
**Access:** Standard user account provided
Example 2: Monitoring Setup
sudo systemctl restart rsyslog
sudo systemctl restart auditd
tcpdump -i eth0 -w /tmp/pentest_capture.pcap &
Troubleshooting
| Issue | Solution |
|---|
| Scope creep | Document and require change approval |
| Testing impacts production | Schedule off-hours, use staging |
| Findings disputed | Provide detailed evidence, retest |
| Remediation delayed | Prioritize by risk, set deadlines |
| Budget exceeded | Define clear scope, fixed-price contracts |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
