CHECKLIST
A working/living curated checklist that can be modified as needed for various penetration testing engagements. Please feel free to build, modify and edit this list as you like.
Note taking: OneNote, GoogleDocs, GitBook, notepad++, Joplin, Obsidian Screen shots: Snipping tool, Greenshot, ShareX (GIF/video creation) Network Screenshots: Eyewitness, Gowitness, Aquatone
PROJECT LINKS: DATE RANGE: January 1st 2024 - January 8th, 2024 EXTRA NOTES:
Passive Enumeration
Passive Enumeration | Task Completion |
---|---|
Websites: | |
☐ | |
☐ | |
☐ | |
☐ | |
DNS: | |
☐ | |
☐ | |
☐ | |
☐ |
OSINT
OSINT | Task Completion |
---|---|
Social Media Checks: | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Cross-Platform Checks: | |
☐ | |
☐ | |
Email: | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Google Dorks: | |
info: | ☐ |
define: | ☐ |
insite: | ☐ |
inurl | ☐ |
filetype: | ☐ |
GHDB check | ☐ |
☐ | |
Breaches & Business: | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Images: | |
☐ | |
☐ | |
☐ |
External Enumeration
External Enumeration | Task Completion |
---|---|
Major scanners: | ☐ |
☐ | |
☐ | |
☐ | |
Directory Searches: | |
☐ | |
☐ | |
☐ | |
☐ | |
Web: | ☐ |
☐ | |
☐ | |
☐ | |
☐ | |
WAF: | ☐ |
☐ | |
☐ | |
Scans: | ☐ |
Do initial scans require further testing? | ☐ |
Scans exported | ☐ |
VAPT created/modified | ☐ |
Draft report created | ☐ |
Report reviewed | ☐ |
Screenshots and Notes Included? | ☐ |
Internal Enumeration
Internal Enumeration | Task Completion |
---|---|
Basic Setup: | ☐ |
ROE Signed? | ☐ |
Scope checked? | ☐ |
Jumpbox ready? | ☐ |
Connection checks | ☐ |
Folders created | ☐ |
Tools installed/updated | ☐ |
Wireshark/tcpdump setup? | ☐ |
Metasploit: | |
Updated? | ☐ |
Metasploit DB started? | ☐ |
Capturing output of modules? | ☐ |
Set global variables | ☐ |
DNS: | ☐ |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Kerberos Abuse/NTLM: | ☐ |
☐ | |
☐ | |
☐ | |
☐ | |
MS-RPRN RPC: | ☐ |
☐ | |
☐ | |
SMB/SNMP/RPC: | ☐ |
☐ | |
smbclient | ☐ |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Brute-Forcing: | ☐ |
Accounts Sprayed? | ☐ |
Hashes cracked? Mimikatz, John, Hashcat | ☐ |
Usernames/passwords exported to file | ☐ |
Credentials stuffed? | ☐ |
Default credentials checked? | ☐ |
Specific Scans: | ☐ |
Telnet | ☐ |
SSH | ☐ |
FTP | ☐ |
SNMP | ☐ |
Specialized Scans: | ☐ |
☐ | |
☐ | |
Includes Apache Commons | ☐ |
☐ | |
☐ | |
Fuzzers: | ☐ |
☐ | |
☐ | |
Create Lists for: | ☐ |
DC's, Exchange, SQL, FTP, Printers, VOIP, Mail, etc.. | ☐ |
Information Disclosures | ☐ |
Post Exploitation/Privesc
Post Exploitation | Task Completion |
---|---|
Tools: | ☐ |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
☐ | |
Permissions/Information: | ☐ |
System | ☐ |
Services | ☐ |
History | ☐ |
Users | ☐ |
Passwords | ☐ |
Network | ☐ |
Writeable Checks: | ☐ |
/dev/shm | ☐ |
/tmp/ | ☐ |
/var/tmp/ | ☐ |
/var/spool/vbox | ☐ |
/var/spool/samba | ☐ |
Last updated