Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
Documentation
Pentest Checklist
Purpose
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.
Inputs/Prerequisites
- Clear business objectives for testing
- Target environment information
- Budget and timeline constraints
- Stakeholder contacts and authorization
- Legal agreements and scope documents
Outputs/Deliverables
- Defined pentest scope and objectives
- Prepared testing environment
- Security monitoring data
- Vulnerability findings report
- Remediation plan and verification
Core Workflow
Phase 1: Scope Definition
Define Objectives
- Clarify testing purpose - Determine goals (find vulnerabilities, compliance, customer assurance)
- Validate pentest necessity - Ensure penetration test is the right solution
- Align outcomes with objectives - Define success criteria
Reference Questions:
- Why are you doing this pentest?
- What specific outcomes do you expect?
- What will you do with the findings?
Know Your Test Types
| Type | Purpose | Scope |
|---|---|---|
| External Pentest | Assess external attack surface | Public-facing systems |
| Internal Pentest | Assess insider threat risk | Internal network |
| Web Application | Find application vulnerabilities | Specific applications |
| Social Engineering | Test human security | Employees, processes |
| Red Team | Full adversary simulation | Entire organization |
Enumerate Likely Threats
- Identify high-risk areas - Where could damage occur?
- Assess data sensitivity - What data could be compromised?
- Review legacy systems - Old systems often have vulnerabilities
- Map critical assets - Prioritize testing targets
Define Scope
- List in-scope systems - IPs, domains, applications
- Define out-of-scope items - Systems to avoid
- Set testing boundaries - What techniques are allowed?
- Document exclusions - Third-party systems, production data
Budget Planning
| Factor | Consideration |
|---|---|
| Asset Value | Higher value = higher investment |
| Complexity | More systems = more time |
| Depth Required | Thorough testing costs more |
| Reputation Value | Brand-name firms cost more |
Budget Reality Check:
- Cheap pentests often produce poor results
- Align budget with asset criticality
- Consider ongoing vs. one-time testing
Phase 2: Environment Preparation
Prepare Test Environment
- Production vs. staging decision - Determine where to test
- Set testing limits - No DoS on production
- Schedule testing window - Minimize business impact
- Create test accounts - Provide appropriate access levels
Environment Options:
Production - Realistic but risky
Staging - Safer but may differ from production
Clone - Ideal but resource-intensive
Run Preliminary Scans
- Execute vulnerability scanners - Find known issues first
- Fix obvious vulnerabilities - Don't waste pentest time
- Document existing issues - Share with testers
Common Pre-Scan Tools:
# Network vulnerability scan
nmap -sV --script vuln TARGET
# Web vulnerability scan
nikto -h http://TARGET
Review Security Policy
- Verify compliance requirements - GDPR, PCI-DSS, HIPAA
- Document data handling rules - Sensitive data procedures
- Confirm legal authorization - Get written permission
Notify Hosting Provider
- Check provider policies - What testing is allowed?
- Submit authorization requests - AWS, Azure, GCP requirements
- Document approvals - Keep records
Cloud Provider Policies:
- AWS: https://aws.amazon.com/security/penetration-testing/
- Azure: https://docs.microsoft.com/security/pentest
- GCP: https://cloud.google.com/security/overview
Freeze Developments
- Stop deployments during testing - Maintain consistent environment
- Document current versions - Record system states
- Avoid critical patches - Unless security emergency
Phase 3: Expertise Selection
Find Qualified Pentesters
- Seek recommendations - Ask trusted sources
- Verify credentials - OSCP, GPEN, CEH, CREST
- Check references - Talk to previous clients
- Match expertise to scope - Web, network, mobile specialists
Evaluation Criteria:
| Factor | Questions to Ask |
|---|---|
| Experience | Years in field, similar projects |
| Methodology | OWASP, PTES, custom approach |
| Reporting | Sample reports, detail level |
| Communication | Availability, update frequency |
Define Methodology
- Select testing standard - PTES, OWASP, NIST
- Determine access level - Black box, gray box, white box
- Agree on techniques - Manual vs. automated t
Quick Info
- Source
- antigravity
- Category
- Security & Systems
- Repository
- View Repo
- Scraped At
- Jan 26, 2026
Tags
Related Skills
Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
anti-reversing-techniques
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.
API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.