Checklists

Overview

There should always be some kind of checklist for any engagement.

The check list should have the following:

  • To Do list

  • IP ranges scope

  • Targets to attack

    • Host IP

    • URL

    • Open Port

    • Findings

  • Password Spraying attempts

    • Website

    • Account and Password tried

  • Breached Accounts

    • Users and their breached passwords

  • Login Portals found

  • Findings and Strengths

    • Findings/issues - System name/IP - Screenshot - Comment

    • Strengths Identified - System name/IP - Screenshot - Comment

Documentation is important for yourself while attacks and the client afterwards in a report

TCM Security checklist example

PreviousObjectives of an External PentestNextRules of Engagement

Last updated

Was this helpful?