Can I use this for cloud-based penetration testing?

Yes, the skill includes specific steps for notifying and obtaining authorization from major cloud providers like AWS, Azure, and GCP.

Does it help with post-test remediation?

Absolutely; it includes a dedicated phase for prioritizing findings, implementing fixes, and verifying remediation through cleanup and retesting.

Is this suitable for internal security teams?

Yes, it is designed for both internal teams performing self-assessments and organizations managing external third-party pentest engagements.

What methodologies does this checklist follow?

The skill aligns with industry standards such as PTES, OWASP, and NIST, providing a comprehensive framework for various types of security assessments.

Pentest Planning & Methodology

Name: Pentest Planning & Methodology
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Provides a structured methodology and comprehensive checklists for planning, executing, and remediating security penetration tests.

About

This skill guides users through the end-to-end lifecycle of a penetration test, from initial scoping and budget planning to environment preparation and post-test remediation. It ensures that security assessments are thorough, compliant with industry standards like OWASP and PTES, and effectively integrated into the development lifecycle by providing actionable checklists for every phase of the engagement, including technical monitoring and cleanup procedures.

Key Features

End-to-end pentest lifecycle management from scoping to final cleanup
0 GitHub stars
Structured remediation planning and vulnerability verification workflows
Guidance on environment preparation and cloud provider authorization (AWS, Azure, GCP)
Specialized checklists for external, internal, and web application testing
Security monitoring and logging configuration templates for testing phases

Use Cases

Defining the technical scope and budget for a third-party security audit
Setting up comprehensive monitoring and logging before a red team engagement
Managing the post-test remediation process to prioritize and verify vulnerability patches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter pentest-checklist

For use in Claude.ai and ChatGPT

Download Skill

GitHub