There are various considerations when planning and scoping a PenTest.
-
Planning
- Target Audience [Higher Management, IT Team, Web Team, etc]
- Resources
- Budget
- Technical Constraints
- Legal Restrictions
- Rules of Engagement
- Timeline
- Location of Testing
- Test Boundaries
- Contract
- Master Service Agreement (MSA)
- Non-Disclosure Agreement (NDA)
- Statement of Work (SOW)
- Authorizations
- Disclaimers
-
Scoping
- Goals
- Deliverables
- Assessment Method
- Strategy
- Threat Model
- Targets
- Impact Analysis
- Risk Management
- Scheduling tasks
- Checklists
-
Preparation
- Team Preparation
- Activity Assignment
- Communication Path
- Contigency Plans
- Going Live
- Data Collection
- Documentation
- Information Gathering using Open Source Intelligence (OSINT)
- Methods
- Whois Search
- Organization Website
- Social Media Profiles (Facebook, Instagram, YouTube, etc)
- Job Portals
- DNS Quering
- SSL/TLS Certificates
- IP Address and Subdomains
- Google Hacking
- Tools
- Recon-ng
- Shodan
- theHarvester
- Maltego
- FOCA
- Social Engineering Methods
- Phishing (Vishing, SMSishing, Spear Phishing, Whaling)
- Spam and Spim
- URL Hijacking
- Hoax
- Baiting
- Shoulder Surfing
- Tailgating and Piggybacking
- Physical Non-Technical Methods
- Dumpster Diving
- Badge Cloning
- Fence Jumping
- Lock Picking and Bypassing
- Motion Detecton Bypassing
- Methods
- Network Scanning using Nmap and Metasploit
- Packet Crafting
- Port Scanning
- Host Discovery
- Service Discovery
- Device Enumeration
- Banner Grabbing
- Network Share Enumeration
- Service and Application Enumeration
- Windows and Linux Enumeration
- Website Enumeration
- Vulnerability Scanning
- Host Vulnerability
- Service Vulnerability (Network and Server)
- Network Device Vulnerability
- Firewall Vulnerability
- Application Vulnerability
- Container Vulnerability
- Wireless Vulnerability (WiFi)
- Asset Categorization
- Adjudication
- Common Vulnerability Scoring System (CVSS)
- Vulnerability Prioritization
- Vulnerability Mapping
- Exploits
- Exploit Modification
- Exploit Chaining
- Payloads
- PoC
- Sniffing
- Eavesdropping
- ARP Poisioning
- Person-in-the-Middle Attack
- Replay Attack
- Protocol Level Exploits
- SNMP
- SMTP
- TCP
- ARP
- FTP
- DNS
- DoS Attack
- VLAN Hopping
- NAC Bypass
- Deauthentication Attack
- Jamming
- Evil Twin Attack
- Bluejacking
- Bluesnarfing
- Operating System Vulnerabilities
- Password Cracking
- File Systems
- Kernel
- Privilege Escalation
- Memory Vulnerabilities
- User Accounts
- Service Protocols
- Security MisConfigurations
- Authorization & Authentication
- Injection Attacks
- Code Injection
- SQL Injection
- HTML Injection
- XSS
- CSRF
- File Inclusion Attacks
- Web Shells
- Insecure Coding Practices
- Static Code Analysis (SAST)
- Dynamic Code Analysis (DAST)
- Reverse Engineering