Pentesting Checklist

Pre-engagement

Reconnaissance

  • Search for public information on the target organization's website
  • Check for any publicly available documents or reports
  • Look for information on social media platforms
  • Search for any news articles or press releases about the organization
  • Perform network scanning using tools like Nmap or Nessus
  • Identify active hosts and their IP addresses
  • Determine open ports and services running on them
  • Map out the network topology
  • Scan for common vulnerabilities using tools like OpenVAS or Qualys
  • Check for outdated software versions and known vulnerabilities
  • Look for misconfigurations in network devices or services
  • Research common attack vectors for the identified technologies

Vulnerability Scanning

Exploitation

Post-exploitation

Reporting and Documentation

Remediation

Retesting

Post-engagement

Related Checklists