How do I install Pentest Checklist?

Install Pentest Checklist with a single command: npx mdskills install sickn33/pentest-checklist. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Pentest Checklist?

Pentest Checklist works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Pentest Checklist

Name: Pentest Checklist: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

SecurityIntermediate

This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.

by @sickn331 installs0Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/pentest-checklist

Fork & Edit

Skill Advisor8.0

Comprehensive pentest planning framework with clear phases, checklists, and practical tables

+Provides structured 5-phase methodology with actionable checkboxes
+Includes practical examples, command snippets, and reference tables
+Covers full lifecycle from scoping through remediation and cleanup
-Requests shell/network/filesystem permissions but skill is purely checklist guidance

SKILL.md

Edit in Browser

1---
2name: Pentest Checklist
3description: This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
4metadata:
5  author: zebbern
6  version: "1.1"
7---
8 
9# Pentest Checklist
10 
11## Purpose
12 
13Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.
14 
15## Inputs/Prerequisites
16 
17- Clear business objectives for testing
18- Target environment information
19- Budget and timeline constraints
20- Stakeholder contacts and authorization
21- Legal agreements and scope documents
22 
23## Outputs/Deliverables
24 
25- Defined pentest scope and objectives
26- Prepared testing environment
27- Security monitoring data
28- Vulnerability findings report
29- Remediation plan and verification
30 
31## Core Workflow
32 
33### Phase 1: Scope Definition
34 
35#### Define Objectives
36 
37- [ ] **Clarify testing purpose** - Determine goals (find vulnerabilities, compliance, customer assurance)
38- [ ] **Validate pentest necessity** - Ensure penetration test is the right solution
39- [ ] **Align outcomes with objectives** - Define success criteria
40 
41**Reference Questions:**
42- Why are you doing this pentest?
43- What specific outcomes do you expect?
44- What will you do with the findings?
45 
46#### Know Your Test Types
47 
48| Type | Purpose | Scope |
49|------|---------|-------|
50| External Pentest | Assess external attack surface | Public-facing systems |
51| Internal Pentest | Assess insider threat risk | Internal network |
52| Web Application | Find application vulnerabilities | Specific applications |
53| Social Engineering | Test human security | Employees, processes |
54| Red Team | Full adversary simulation | Entire organization |
55 
56#### Enumerate Likely Threats
57 
58- [ ] **Identify high-risk areas** - Where could damage occur?
59- [ ] **Assess data sensitivity** - What data could be compromised?
60- [ ] **Review legacy systems** - Old systems often have vulnerabilities
61- [ ] **Map critical assets** - Prioritize testing targets
62 
63#### Define Scope
64 
65- [ ] **List in-scope systems** - IPs, domains, applications
66- [ ] **Define out-of-scope items** - Systems to avoid
67- [ ] **Set testing boundaries** - What techniques are allowed?
68- [ ] **Document exclusions** - Third-party systems, production data
69 
70#### Budget Planning
71 
72| Factor | Consideration |
73|--------|---------------|
74| Asset Value | Higher value = higher investment |
75| Complexity | More systems = more time |
76| Depth Required | Thorough testing costs more |
77| Reputation Value | Brand-name firms cost more |
78 
79**Budget Reality Check:**
80- Cheap pentests often produce poor results
81- Align budget with asset criticality
82- Consider ongoing vs. one-time testing
83 
84### Phase 2: Environment Preparation
85 
86#### Prepare Test Environment
87 
88- [ ] **Production vs. staging decision** - Determine where to test
89- [ ] **Set testing limits** - No DoS on production
90- [ ] **Schedule testing window** - Minimize business impact
91- [ ] **Create test accounts** - Provide appropriate access levels
92 
93**Environment Options:**
94```
95Production  - Realistic but risky
96Staging     - Safer but may differ from production
97Clone       - Ideal but resource-intensive
98```
99 
100#### Run Preliminary Scans
101 
102- [ ] **Execute vulnerability scanners** - Find known issues first
103- [ ] **Fix obvious vulnerabilities** - Don't waste pentest time
104- [ ] **Document existing issues** - Share with testers
105 
106**Common Pre-Scan Tools:**
107```bash
108# Network vulnerability scan
109nmap -sV --script vuln TARGET
110 
111# Web vulnerability scan
112nikto -h http://TARGET
113```
114 
115#### Review Security Policy
116 
117- [ ] **Verify compliance requirements** - GDPR, PCI-DSS, HIPAA
118- [ ] **Document data handling rules** - Sensitive data procedures
119- [ ] **Confirm legal authorization** - Get written permission
120 
121#### Notify Hosting Provider
122 
123- [ ] **Check provider policies** - What testing is allowed?
124- [ ] **Submit authorization requests** - AWS, Azure, GCP requirements
125- [ ] **Document approvals** - Keep records
126 
127**Cloud Provider Policies:**
128- AWS: https://aws.amazon.com/security/penetration-testing/
129- Azure: https://docs.microsoft.com/security/pentest
130- GCP: https://cloud.google.com/security/overview
131 
132#### Freeze Developments
133 
134- [ ] **Stop deployments during testing** - Maintain consistent environment
135- [ ] **Document current versions** - Record system states
136- [ ] **Avoid critical patches** - Unless security emergency
137 
138### Phase 3: Expertise Selection
139 
140#### Find Qualified Pentesters
141 
142- [ ] **Seek recommendations** - Ask trusted sources
143- [ ] **Verify credentials** - OSCP, GPEN, CEH, CREST
144- [ ] **Check references** - Talk to previous clients
145- [ ] **Match expertise to scope** - Web, network, mobile specialists
146 
147**Evaluation Criteria:**
148 
149| Factor | Questions to Ask |
150|--------|------------------|
151| Experience | Years in field, similar projects |
152| Methodology | OWASP, PTES, custom approach |
153| Reporting | Sample reports, detail level |
154| Communication | Availability, update frequency |
155 
156#### Define Methodology
157 
158- [ ] **Select testing standard** - PTES, OWASP, NIST
159- [ ] **Determine access level** - Black box, gray box, white box
160- [ ] **Agree on techniques** - Manual vs. automated testing
161- [ ] **Set communication schedule** - Updates and escalation
162 
163**Testing Approaches:**
164 
165| Type | Access Level | Simulates |
166|------|-------------|-----------|
167| Black Box | No information | External attacker |
168| Gray Box | Partial access | Insider with limited access |
169| White Box | Full access | Insider/detailed audit |
170 
171#### Define Report Format
172 
173- [ ] **Review sample reports** - Ensure quality meets needs
174- [ ] **Specify required sections** - Executive summary, technical details
175- [ ] **Request machine-readable output** - CSV, XML for tracking
176- [ ] **Agree on risk ratings** - CVSS, custom scale
177 
178**Report Should Include:**
179- Executive summary for management
180- Technical findings with evidence
181- Risk ratings and prioritization
182- Remediation recommendations
183- Retesting guidance
184 
185### Phase 4: Monitoring
186 
187#### Implement Security Monitoring
188 
189- [ ] **Deploy IDS/IPS** - Intrusion detection systems
190- [ ] **Enable logging** - Comprehensive audit trails
191- [ ] **Configure SIEM** - Centralized log analysis
192- [ ] **Set up alerting** - Real-time notifications
193 
194**Monitoring Tools:**
195```bash
196# Check security logs
197tail -f /var/log/auth.log
198tail -f /var/log/apache2/access.log
199 
200# Monitor network
201tcpdump -i eth0 -w capture.pcap
202```
203 
204#### Configure Logging
205 
206- [ ] **Centralize logs** - Aggregate from all systems
207- [ ] **Set retention periods** - Keep logs for analysis
208- [ ] **Enable detailed logging** - Application and system level
209- [ ] **Test log collection** - Verify all sources working
210 
211**Key Logs to Monitor:**
212- Authentication events
213- Application errors
214- Network connections
215- File access
216- System changes
217 
218#### Monitor Exception Tools
219 
220- [ ] **Track error rates** - Unusual spikes indicate testing
221- [ ] **Brief operations team** - Distinguish testing from attacks
222- [ ] **Document baseline** - Normal vs. pentest activity
223 
224#### Watch Security Tools
225 
226- [ ] **Review IDS alerts** - Separate pentest from real attacks
227- [ ] **Monitor WAF logs** - Track blocked attempts
228- [ ] **Check endpoint protection** - Antivirus detections
229 
230### Phase 5: Remediation
231 
232#### Ensure Backups
233 
234- [ ] **Verify backup integrity** - Test restoration
235- [ ] **Document recovery procedures** - Know how to restore
236- [ ] **Separate backup access** - Protect from testing
237 
238#### Reserve Remediation Time
239 
240- [ ] **Allocate team availability** - Post-pentest analysis
241- [ ] **Schedule fix implementation** - Address findings
242- [ ] **Plan verification testing** - Confirm fixes work
243 
244#### Patch During Testing Policy
245 
246- [ ] **Generally avoid patching** - Maintain consistent environment
247- [ ] **Exception for critical issues** - Security emergencies only
248- [ ] **Communicate changes** - Inform pentesters of any changes
249 
250#### Cleanup Procedure
251 
252- [ ] **Remove test artifacts** - Backdoors, scripts, files
253- [ ] **Delete test accounts** - Remove pentester access
254- [ ] **Restore configurations** - Return to original state
255- [ ] **Verify cleanup complete** - Audit all changes
256 
257#### Schedule Next Pentest
258 
259- [ ] **Determine frequency** - Annual, quarterly, after changes
260- [ ] **Consider continuous testing** - Bug bounty, ongoing assessments
261- [ ] **Budget for future tests** - Plan ahead
262 
263**Testing Frequency Factors:**
264- Release frequency
265- Regulatory requirements
266- Risk tolerance
267- Past findings severity
268 
269## Quick Reference
270 
271### Pre-Pentest Checklist
272 
273```
274□ Scope defined and documented
275□ Authorization obtained
276□ Environment prepared
277□ Hosting provider notified
278□ Team briefed
279□ Monitoring enabled
280□ Backups verified
281```
282 
283### Post-Pentest Checklist
284 
285```
286□ Report received and reviewed
287□ Findings prioritized
288□ Remediation assigned
289□ Fixes implemented
290□ Verification testing scheduled
291□ Environment cleaned up
292□ Next test scheduled
293```
294 
295## Constraints
296 
297- Production testing carries inherent risks
298- Budget limitations affect thoroughness
299- Time constraints may limit coverage
300- Tester expertise varies significantly
301- Findings become stale quickly
302 
303## Examples
304 
305### Example 1: Quick Scope Definition
306 
307```markdown
308**Target:** Corporate web application (app.company.com)
309**Type:** Gray box web application pentest
310**Duration:** 5 business days
311**Excluded:** DoS testing, production database access
312**Access:** Standard user account provided
313```
314 
315### Example 2: Monitoring Setup
316 
317```bash
318# Enable comprehensive logging
319sudo systemctl restart rsyslog
320sudo systemctl restart auditd
321 
322# Start packet capture
323tcpdump -i eth0 -w /tmp/pentest_capture.pcap &
324```
325 
326## Troubleshooting
327 
328| Issue | Solution |
329|-------|----------|
330| Scope creep | Document and require change approval |
331| Testing impacts production | Schedule off-hours, use staging |
332| Findings disputed | Provide detailed evidence, retest |
333| Remediation delayed | Prioritize by risk, set deadlines |
334| Budget exceeded | Define clear scope, fixed-price contracts |
335

Full transparency — inspect the skill content before installing.