ChecklistsOverview
Checklists provide structured methodology guides for:
- External penetration testing
- Internal network assessments
- Web application testing
- Active Directory attacks
- Cloud infrastructure assessment
Accessing Checklists
Navigate to Mission → Checklists to view and track methodology steps.
Checklist Types
External Pentest Checklist
Steps for external network testing:
- Reconnaissance and OSINT
- Service enumeration
- Vulnerability scanning
- Exploitation attempts
- Post-exploitation activities
Internal Assessment Checklist
Steps for internal network testing:
- Network discovery
- Service enumeration
- Credential attacks
- Privilege escalation
- Lateral movement
- Domain compromise
Web Application Checklist
Steps for web application testing:
- Information gathering
- Authentication testing
- Authorization testing
- Input validation
- Business logic testing
- API security
Active Directory Checklist
Steps for AD-specific attacks:
- Domain enumeration
- User/group enumeration
- Kerberos attacks
- NTLM relay attacks
- GPO abuse
- Trust exploitation
Using Checklists
Tracking Progress
- Select appropriate checklist for engagement type
- Check off items as completed
- Add notes for each step
- Document findings discovered
- Mark N/A for irrelevant items
Custom Checklists
Create custom checklists for:
- Client-specific requirements
- Specialized testing scenarios
- Compliance-driven assessments
- Repeated engagement types
Checklist Integration
Checklist items link to:
- Activities performed
- Findings discovered
- Evidence collected
- Timeline events
Best Practices
- Review before starting: Understand all steps before beginning
- Check as you go: Mark items complete during testing, not after
- Add notes: Document what was tested and results
- Don't skip: Complete all applicable items
- Use for QA: Review before final report to ensure nothing missed
Checklist in Reports
Include checklist completion in reports:
- Show methodology followed
- Demonstrate thoroughness
- Document scope coverage
- Identify areas not tested (if any)