pentest checklist

1. Pre-Engagement Activities

2. Information Gathering

  • Utilize search engines for asset discovery.
  • Leverage tools like Nmap for active scanning.
  • Analyze social media for employee and infrastructure data.
  • Check job postings for technology usage insights.
  • Perform WHOIS lookups to find registrant details.
  • Check domain expiration and registration dates.
  • Use DNS queries to retrieve A, MX, and TXT records.
  • Identify name servers and their configurations.
  • Use tools like ARIN or RIPE for IP range info.
  • Map the network using traceroute to identify hops.
  • Document subnet masks and CIDR notations.
  • Visualize network topology with diagram tools.
  • Survey websites for technology signatures using tools.
  • Review HTTP headers for server and OS details.
  • Identify application frameworks in use.
  • Look for software version information in public repositories.
  • Scan for open ports using Nmap or similar tools.
  • Identify services running on discovered ports.
  • Check for common vulnerabilities in public services.
  • Document all findings for further analysis.

3. Threat Modeling

4. Vulnerability Assessment

5. Exploitation

6. Post-Exploitation

7. Reporting

8. Remediation and Retesting

9. Continuous Improvement

Related Checklists