Skill

pentest-checklist

This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "foll...

npx claudepluginhub absjaded/antigravity-awesome-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.

SKILL.md

Similar Skills

finishing-a-development-branch

174.6k

Verifies tests pass on completed feature branch, presents options to merge locally, create GitHub PR, keep as-is or discard; executes choice and cleans up worktree.

superpowers

systematic-debugging

174.6k

Guides root cause investigation for bugs, test failures, unexpected behavior, performance issues, and build failures before proposing fixes.

10 files

superpowers

writing-plans

174.6k

Writes implementation plans from specs for multi-step tasks, mapping files and breaking into TDD bite-sized steps before coding.

1 file

superpowers

Stats

Stars0

Forks0

Last CommitMar 8, 2026

Used By3 plugins

Actions

View Source View Plugin View on GitHub View README

Pentest Checklist

Purpose

Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.

Inputs/Prerequisites

Clear business objectives for testing
Target environment information
Budget and timeline constraints
Stakeholder contacts and authorization
Legal agreements and scope documents

Outputs/Deliverables

Defined pentest scope and objectives
Prepared testing environment
Security monitoring data
Vulnerability findings report
Remediation plan and verification

Core Workflow

Phase 1: Scope Definition

Define Objectives

Clarify testing purpose - Determine goals (find vulnerabilities, compliance, customer assurance)
Validate pentest necessity - Ensure penetration test is the right solution
Align outcomes with objectives - Define success criteria

Reference Questions:

Why are you doing this pentest?
What specific outcomes do you expect?
What will you do with the findings?

Know Your Test Types

Type	Purpose	Scope
External Pentest	Assess external attack surface	Public-facing systems
Internal Pentest	Assess insider threat risk	Internal network
Web Application	Find application vulnerabilities	Specific applications
Social Engineering	Test human security	Employees, processes
Red Team	Full adversary simulation	Entire organization

Enumerate Likely Threats

Identify high-risk areas - Where could damage occur?
Assess data sensitivity - What data could be compromised?
Review legacy systems - Old systems often have vulnerabilities
Map critical assets - Prioritize testing targets

Define Scope

List in-scope systems - IPs, domains, applications
Define out-of-scope items - Systems to avoid
Set testing boundaries - What techniques are allowed?
Document exclusions - Third-party systems, production data

Budget Planning

Factor	Consideration
Asset Value	Higher value = higher investment
Complexity	More systems = more time
Depth Required	Thorough testing costs more
Reputation Value	Brand-name firms cost more

Budget Reality Check:

Cheap pentests often produce poor results
Align budget with asset criticality
Consider ongoing vs. one-time testing

Phase 2: Environment Preparation

Prepare Test Environment

Production vs. staging decision - Determine where to test
Set testing limits - No DoS on production
Schedule testing window - Minimize business impact
Create test accounts - Provide appropriate access levels

Environment Options:

Production  - Realistic but risky
Staging     - Safer but may differ from production
Clone       - Ideal but resource-intensive

Run Preliminary Scans

Execute vulnerability scanners - Find known issues first
Fix obvious vulnerabilities - Don't waste pentest time
Document existing issues - Share with testers

Common Pre-Scan Tools:

# Network vulnerability scan
nmap -sV --script vuln TARGET

# Web vulnerability scan
nikto -h http://TARGET

Review Security Policy

Verify compliance requirements - GDPR, PCI-DSS, HIPAA
Document data handling rules - Sensitive data procedures
Confirm legal authorization - Get written permission

Notify Hosting Provider

Check provider policies - What testing is allowed?
Submit authorization requests - AWS, Azure, GCP requirements
Document approvals - Keep records

Cloud Provider Policies:

Freeze Developments

Stop deployments during testing - Maintain consistent environment
Document current versions - Record system states
Avoid critical patches - Unless security emergency

Phase 3: Expertise Selection

Find Qualified Pentesters

Seek recommendations - Ask trusted sources
Verify credentials - OSCP, GPEN, CEH, CREST
Check references - Talk to previous clients
Match expertise to scope - Web, network, mobile specialists

Evaluation Criteria:

Factor	Questions to Ask
Experience	Years in field, similar projects
Methodology	OWASP, PTES, custom approach
Reporting	Sample reports, detail level
Communication	Availability, update frequency

Define Methodology

Select testing standard - PTES, OWASP, NIST
Determine access level - Black box, gray box, white box
Agree on techniques - Manual vs. automated testing
Set communication schedule - Updates and escalation

Testing Approaches:

Type	Access Level	Simulates
Black Box	No information	External attacker
Gray Box	Partial access	Insider with limited access
White Box	Full access	Insider/detailed audit

Define Report Format

Review sample reports - Ensure quality meets needs
Specify required sections - Executive summary, technical details
Request machine-readable output - CSV, XML for tracking
Agree on risk ratings - CVSS, custom scale

Report Should Include:

Executive summary for management
Technical findings with evidence
Risk ratings and prioritization
Remediation recommendations
Retesting guidance

Phase 4: Monitoring

Implement Security Monitoring

Deploy IDS/IPS - Intrusion detection systems
Enable logging - Comprehensive audit trails
Configure SIEM - Centralized log analysis
Set up alerting - Real-time notifications

Monitoring Tools:

# Check security logs
tail -f /var/log/auth.log
tail -f /var/log/apache2/access.log

# Monitor network
tcpdump -i eth0 -w capture.pcap

Configure Logging

Centralize logs - Aggregate from all systems
Set retention periods - Keep logs for analysis
Enable detailed logging - Application and system level
Test log collection - Verify all sources working

Key Logs to Monitor:

Authentication events
Application errors
Network connections
File access
System changes

Monitor Exception Tools

Track error rates - Unusual spikes indicate testing
Brief operations team - Distinguish testing from attacks
Document baseline - Normal vs. pentest activity

Watch Security Tools

Review IDS alerts - Separate pentest from real attacks
Monitor WAF logs - Track blocked attempts
Check endpoint protection - Antivirus detections

Phase 5: Remediation

Ensure Backups

Verify backup integrity - Test restoration
Document recovery procedures - Know how to restore
Separate backup access - Protect from testing

Reserve Remediation Time

Allocate team availability - Post-pentest analysis
Schedule fix implementation - Address findings
Plan verification testing - Confirm fixes work

Patch During Testing Policy

Generally avoid patching - Maintain consistent environment
Exception for critical issues - Security emergencies only
Communicate changes - Inform pentesters of any changes

Cleanup Procedure

Remove test artifacts - Backdoors, scripts, files
Delete test accounts - Remove pentester access
Restore configurations - Return to original state
Verify cleanup complete - Audit all changes

Schedule Next Pentest

Determine frequency - Annual, quarterly, after changes
Consider continuous testing - Bug bounty, ongoing assessments
Budget for future tests - Plan ahead

Testing Frequency Factors:

Release frequency
Regulatory requirements
Risk tolerance
Past findings severity

Quick Reference

Pre-Pentest Checklist

□ Scope defined and documented
□ Authorization obtained
□ Environment prepared
□ Hosting provider notified
□ Team briefed
□ Monitoring enabled
□ Backups verified

Post-Pentest Checklist

□ Report received and reviewed
□ Findings prioritized
□ Remediation assigned
□ Fixes implemented
□ Verification testing scheduled
□ Environment cleaned up
□ Next test scheduled

Constraints

Production testing carries inherent risks
Budget limitations affect thoroughness
Time constraints may limit coverage
Tester expertise varies significantly
Findings become stale quickly

Examples

Example 1: Quick Scope Definition

**Target:** Corporate web application (app.company.com)
**Type:** Gray box web application pentest
**Duration:** 5 business days
**Excluded:** DoS testing, production database access
**Access:** Standard user account provided

Example 2: Monitoring Setup

# Enable comprehensive logging
sudo systemctl restart rsyslog
sudo systemctl restart auditd

# Start packet capture
tcpdump -i eth0 -w /tmp/pentest_capture.pcap &

Troubleshooting

Issue	Solution
Scope creep	Document and require change approval
Testing impacts production	Schedule off-hours, use staging
Findings disputed	Provide detailed evidence, retest
Remediation delayed	Prioritize by risk, set deadlines
Budget exceeded	Define clear scope, fixed-price contracts

When to Use

This skill is applicable to execute the workflow or actions described in the overview.