Last active
March 12, 2020 02:43
-
-
Save babywyrm/971e754b96fb5be760d211ab261070f8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **** PENTEST PRE_CHECK **** | |
| yum update ;; apt update|upgrade ;; | |
| Is everything patched up? All definitions, all signatures, hashes, tools? | |
| You're totally in-sync with personnel on the other side? | |
| "Good-To-Go" | |
| Verify these aren't broken please, | |
| VMware|Fusion | |
| Nessus | |
| AutoRecon | |
| nmapautomator | |
| owaspzap | |
| burp | |
| python3 | |
| metasploit | |
| exploitdb|searchsploit | |
| (make sure everything is functionally sound) | |
| !! seclists !! | |
| +++++++++++++++++++++++++++++++++++++++++++++++ ++ ++ | |
| curl | |
| enum4linux | |
| gobuster | |
| nbtscan | |
| nikto | |
| nmap | |
| onesixtyone | |
| oscanner | |
| smbclient | |
| smbmap | |
| smtp-user-enum | |
| snmpwalk | |
| sslscan | |
| svwar | |
| tnscmd10g | |
| whatweb | |
| wkhtmltoimage | |
| +++++++++++++++++++++++++++++++++++++++++++++++ ++ ++ | |
| Determination of the type of pentest (Blackbox, Whitebox) | |
| Key objectives behind this penetration test | |
| Location address and contact (if it is an onsite job) | |
| Validation that the Authorization Letter has been signed | |
| URL of the web application that is in scope and validation that is accessible | |
| 2 sets of credentials (normal and admin or a privilege user) and validation that are working | |
| Determination of the environment (Production or UAT) | |
| Number of static and dynamic pages | |
| Testing Boundaries (DoS, Brute force attacks etc.) | |
| Technologies (PHP, ASP, .NET, IIS, Apache, Operating system etc.) | |
| Any VPN or port numbers are needed and verify those ahead of time | |
| Any web services that the site may use. | |
| Any pages that the client does not want to be tested. | |
| Any pages that submit emails | |
| IP address of the tester | |
| Escalation contact | |
| 3rd parties that needs to be contacted in advance of the pentest | |
| Web application firewalls and other IDS in place | |
| Timeframe of the assessment (dates and hours) | |
| Diagrams and any kind of documentation | |
| Validation that a backup has been performed recently on the application | |
| Other client requirements | |
| +++++++++++++++++++++++++++++++++++++++++++++++ ++ ++ | |
| Nmap Examples | |
| Basic Nmap scanning examples, often used at the first stage of enumeration. | |
| COMMAND DESCRIPTION | |
| nmap -sP 10.0.0.0/24 | |
| Ping scans the network, listing machines that respond to ping. | |
| nmap -p 1-65535 -sV -sS -T4 target | |
| Full TCP port scan using with service version detection - usually my first scan, I find T4 more accurate than T5 and still "pretty quick". | |
| nmap -v -sS -A -T4 target | |
| Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services. | |
| nmap -v -sS -A -T5 target | |
| Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services. | |
| nmap -v -sV -O -sS -T5 target | |
| Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection. | |
| nmap -v -p 1-65535 -sV -O -sS -T4 target | |
| Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan. | |
| nmap -v -p 1-65535 -sV -O -sS -T5 target | |
| Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan. | |
| +++++++++++++++++++++++++++++++++++++++++++++++ ++ ++ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment