How does this skill help with penetration testing?

It provides a structured methodology for every phase of a pentest, ensuring you cover scoping, legal authorization, environment preparation, and remediation tracking.

Does it provide actual scanning commands?

The skill includes reference commands for common tools like Nmap and Nikto to assist with preliminary scanning and baseline environment checks.

Can I use this for cloud-based applications?

Yes, it includes specific guidance and direct links for penetration testing authorization policies on AWS, Azure, and Google Cloud Platform.

Is this suitable for compliance requirements?

Yes, it helps align your testing process with standards like GDPR, PCI-DSS, and HIPAA by ensuring thorough documentation, methodology selection, and reporting.

What testing types are supported?

The checklist covers various engagement types including External/Internal Network tests, Web Application tests, Social Engineering, and Red Team adversary simulations.

Pentest Planning & Security Checklist

Name: Pentest Planning & Security Checklist
Author: zebbern

byzebbern

•

2,883

•

Seguridad y Pruebas

Provides a structured methodology and comprehensive checklist for planning, executing, and remediating penetration tests.

This skill serves as a professional-grade roadmap for security assessments, guiding users through the entire lifecycle of a penetration test. From defining scope and selecting the right testing methodology (Black, Gray, or White box) to setting up security monitoring and executing post-test remediation, it ensures no critical security step is overlooked. It is particularly useful for developers and security teams who need to align their testing with industry standards like OWASP and PTES while maintaining production stability and legal compliance.

Características Principales

01Cloud-specific authorization checklists for AWS, Azure, and GCP

02Post-test cleanup and remediation verification procedures

03Security monitoring and logging configuration templates for real-time tracking

042,883 GitHub stars

05Multi-phase workflow covering scoping, preparation, monitoring, and remediation

06Detailed guidance for Internal, External, Web App, and Red Team testing

Casos de Uso

01Preparing a staging environment for security assessments without impacting production

02Defining the technical scope and legal boundaries for a third-party penetration test

03Creating a remediation plan to prioritize and verify fixes for discovered vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zebbern/claude-code-guide pentest-checklist

For use in Claude.ai and ChatGPT

Download Skill