pentest checklist

Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pentest checklist" with this command: npx skills add davila7/claude-code-templates/davila7-claude-code-templates-pentest-checklist

Pentest Checklist

Purpose

Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.

Inputs/Prerequisites

  • Clear business objectives for testing

  • Target environment information

  • Budget and timeline constraints

  • Stakeholder contacts and authorization

  • Legal agreements and scope documents

Outputs/Deliverables

  • Defined pentest scope and objectives

  • Prepared testing environment

  • Security monitoring data

  • Vulnerability findings report

  • Remediation plan and verification

Core Workflow

Phase 1: Scope Definition

Define Objectives

  • Clarify testing purpose - Determine goals (find vulnerabilities, compliance, customer assurance)

  • Validate pentest necessity - Ensure penetration test is the right solution

  • Align outcomes with objectives - Define success criteria

Reference Questions:

  • Why are you doing this pentest?

  • What specific outcomes do you expect?

  • What will you do with the findings?

Know Your Test Types

Type Purpose Scope

External Pentest Assess external attack surface Public-facing systems

Internal Pentest Assess insider threat risk Internal network

Web Application Find application vulnerabilities Specific applications

Social Engineering Test human security Employees, processes

Red Team Full adversary simulation Entire organization

Enumerate Likely Threats

  • Identify high-risk areas - Where could damage occur?

  • Assess data sensitivity - What data could be compromised?

  • Review legacy systems - Old systems often have vulnerabilities

  • Map critical assets - Prioritize testing targets

Define Scope

  • List in-scope systems - IPs, domains, applications

  • Define out-of-scope items - Systems to avoid

  • Set testing boundaries - What techniques are allowed?

  • Document exclusions - Third-party systems, production data

Budget Planning

Factor Consideration

Asset Value Higher value = higher investment

Complexity More systems = more time

Depth Required Thorough testing costs more

Reputation Value Brand-name firms cost more

Budget Reality Check:

  • Cheap pentests often produce poor results

  • Align budget with asset criticality

  • Consider ongoing vs. one-time testing

Phase 2: Environment Preparation

Prepare Test Environment

  • Production vs. staging decision - Determine where to test

  • Set testing limits - No DoS on production

  • Schedule testing window - Minimize business impact

  • Create test accounts - Provide appropriate access levels

Environment Options:

Production - Realistic but risky Staging - Safer but may differ from production Clone - Ideal but resource-intensive

Run Preliminary Scans

  • Execute vulnerability scanners - Find known issues first

  • Fix obvious vulnerabilities - Don't waste pentest time

  • Document existing issues - Share with testers

Common Pre-Scan Tools:

Network vulnerability scan

nmap -sV --script vuln TARGET

Web vulnerability scan

nikto -h http://TARGET

Review Security Policy

  • Verify compliance requirements - GDPR, PCI-DSS, HIPAA

  • Document data handling rules - Sensitive data procedures

  • Confirm legal authorization - Get written permission

Notify Hosting Provider

  • Check provider policies - What testing is allowed?

  • Submit authorization requests - AWS, Azure, GCP requirements

  • Document approvals - Keep records

Cloud Provider Policies:

Freeze Developments

  • Stop deployments during testing - Maintain consistent environment

  • Document current versions - Record system states

  • Avoid critical patches - Unless security emergency

Phase 3: Expertise Selection

Find Qualified Pentesters

  • Seek recommendations - Ask trusted sources

  • Verify credentials - OSCP, GPEN, CEH, CREST

  • Check references - Talk to previous clients

  • Match expertise to scope - Web, network, mobile specialists

Evaluation Criteria:

Factor Questions to Ask

Experience Years in field, similar projects

Methodology OWASP, PTES, custom approach

Reporting Sample reports, detail level

Communication Availability, update frequency

Define Methodology

  • Select testing standard - PTES, OWASP, NIST

  • Determine access level - Black box, gray box, white box

  • Agree on techniques - Manual vs. automated testing

  • Set communication schedule - Updates and escalation

Testing Approaches:

Type Access Level Simulates

Black Box No information External attacker

Gray Box Partial access Insider with limited access

White Box Full access Insider/detailed audit

Define Report Format

  • Review sample reports - Ensure quality meets needs

  • Specify required sections - Executive summary, technical details

  • Request machine-readable output - CSV, XML for tracking

  • Agree on risk ratings - CVSS, custom scale

Report Should Include:

  • Executive summary for management

  • Technical findings with evidence

  • Risk ratings and prioritization

  • Remediation recommendations

  • Retesting guidance

Phase 4: Monitoring

Implement Security Monitoring

  • Deploy IDS/IPS - Intrusion detection systems

  • Enable logging - Comprehensive audit trails

  • Configure SIEM - Centralized log analysis

  • Set up alerting - Real-time notifications

Monitoring Tools:

Check security logs

tail -f /var/log/auth.log tail -f /var/log/apache2/access.log

Monitor network

tcpdump -i eth0 -w capture.pcap

Configure Logging

  • Centralize logs - Aggregate from all systems

  • Set retention periods - Keep logs for analysis

  • Enable detailed logging - Application and system level

  • Test log collection - Verify all sources working

Key Logs to Monitor:

  • Authentication events

  • Application errors

  • Network connections

  • File access

  • System changes

Monitor Exception Tools

  • Track error rates - Unusual spikes indicate testing

  • Brief operations team - Distinguish testing from attacks

  • Document baseline - Normal vs. pentest activity

Watch Security Tools

  • Review IDS alerts - Separate pentest from real attacks

  • Monitor WAF logs - Track blocked attempts

  • Check endpoint protection - Antivirus detections

Phase 5: Remediation

Ensure Backups

  • Verify backup integrity - Test restoration

  • Document recovery procedures - Know how to restore

  • Separate backup access - Protect from testing

Reserve Remediation Time

  • Allocate team availability - Post-pentest analysis

  • Schedule fix implementation - Address findings

  • Plan verification testing - Confirm fixes work

Patch During Testing Policy

  • Generally avoid patching - Maintain consistent environment

  • Exception for critical issues - Security emergencies only

  • Communicate changes - Inform pentesters of any changes

Cleanup Procedure

  • Remove test artifacts - Backdoors, scripts, files

  • Delete test accounts - Remove pentester access

  • Restore configurations - Return to original state

  • Verify cleanup complete - Audit all changes

Schedule Next Pentest

  • Determine frequency - Annual, quarterly, after changes

  • Consider continuous testing - Bug bounty, ongoing assessments

  • Budget for future tests - Plan ahead

Testing Frequency Factors:

  • Release frequency

  • Regulatory requirements

  • Risk tolerance

  • Past findings severity

Quick Reference

Pre-Pentest Checklist

□ Scope defined and documented □ Authorization obtained □ Environment prepared □ Hosting provider notified □ Team briefed □ Monitoring enabled □ Backups verified

Post-Pentest Checklist

□ Report received and reviewed □ Findings prioritized □ Remediation assigned □ Fixes implemented □ Verification testing scheduled □ Environment cleaned up □ Next test scheduled

Constraints

  • Production testing carries inherent risks

  • Budget limitations affect thoroughness

  • Time constraints may limit coverage

  • Tester expertise varies significantly

  • Findings become stale quickly

Examples

Example 1: Quick Scope Definition

Target: Corporate web application (app.company.com) Type: Gray box web application pentest Duration: 5 business days Excluded: DoS testing, production database access Access: Standard user account provided

Example 2: Monitoring Setup

Enable comprehensive logging

sudo systemctl restart rsyslog sudo systemctl restart auditd

Start packet capture

tcpdump -i eth0 -w /tmp/pentest_capture.pcap &

Troubleshooting

Issue Solution

Scope creep Document and require change approval

Testing impacts production Schedule off-hours, use staging

Findings disputed Provide detailed evidence, retest

Remediation delayed Prioritize by risk, set deadlines

Budget exceeded Define clear scope, fixed-price contracts

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

senior-data-scientist

No summary provided by upstream source.

Repository SourceNeeds Review
-2K
davila7
Coding

senior-backend

No summary provided by upstream source.

Repository SourceNeeds Review
-1.2K
davila7
Coding

senior-frontend

No summary provided by upstream source.

Repository SourceNeeds Review
-946
davila7