External Penetration Test Process/Checklist

External Penetration Test Process/Checklist
Some of these items are only used for Web Application Penetration Testing
  • [ ] Inventory Company's External Infrastructure
  • [ ] Create Topological Map of Network
  • [ ] Identify IP Addresses of the Target
  • [ ] Locate the traffic routes that go the servers
  • [ ] Trace the TCP traffic Path to the destination
  • [ ] Trace the UDP traffic Path to the destination
  • [ ] Identify the physical location of the target servers
  • [ ] Examine the use of IPv6 at the remote location
  • [ ] Look up the domain registry for IP information
  • [ ] Find IP lock information about the target
  • [ ] List Open Ports
  • [ ] List Close Ports
  • [ ] List Suspicious Ports that may be stealth ports
  • [ ] Port scan every port on the targets network
  • [ ] Use SYN scan on the target and analyze the response.
  • [ ] Use connect scan on the target and analyze the response.
  • [ ] Use Xmas scan on the target and analyze the response.
  • [ ] Use FIN scan on the target and analyze the response.
  • [ ] Use null scan on the target and analyze the response.
  • [ ] Examine TCP sequence number prediction
  • [ ] Examine the use of standard and nonstandard protocol.
  • [ ] Examine IP ID sequence number prediction
  • [ ] Examine the system uptime of the target
  • [ ] Examine the operating system used by different targets
  • [ ] Examine the patches applied to the operating system
  • [ ] Locate the DNS record of the domain and attempt DNS Hijacking
  • [ ] List programming languages and application software used to create various programs on the target server
  • [ ] Look for errors and custom web pages
  • [ ] Guess different subdomain names and analyze different responses
  • [ ] Hijack sessions
  • [ ] Examine cookies generated by the server
  • [ ] Examine the Access Control used by the Web Server
  • [ ] Brute-force URL injection and session tokens
  • [ ] Check for directory consistency and page-naming syntax of the Web pages.
  • [ ] Look for sensitive information in the Web page source code.
  • [ ] Try buffer overflow attempts in input fields.
  • [ ] Look for invalid ranges in input fields.
  • [ ] Attempt escape-character injection
  • [ ] Try Cross-Site Scripting techniques.
  • [ ] Record and replay the traffic to the target Web Server and note the response
  • [ ] Try various SQL-injection techniques
  • [ ] Examine hidden fields
  • [ ] Examine Server-Side Includes (SSI)
  • [ ] Examine e-commerce and payment gateways handled by the Web Server
  • [ ] Examine welcome, error, and debug messages.
  • [ ] Probe the server through SMTP mail bouncing.
  • [ ] Grab the banners of HTTP Server
  • [ ] Grab the banners of SMTP Server
  • [ ] Grab the banners of POP3 Servers.
  • [ ] Grab the banners of FTP Servers.
  • [ ] Identify the Web Extensions used on the server
  • [ ] Try to use an HTTPS tunnel to encapsulate traffic.
  • [ ] OS Fingerprint Target Servers
  • [ ] Check for ICMP Responses (Type 3 Port Unreachable)
  • [ ] Check for ICMP Responses (Type 8 Echo Request)
  • [ ] Check for ICMP Responses (Type 13 Time-Stamp Request)
  • [ ] Check for ICMP Responses (Type 15 Information Request)
  • [ ] Check for ICMP Responses (Type 17 Subnet Address Mask Request)
  • [ ] Check for ICMP Responses from broadcast address.
  • [ ] Port Scan DNS Server (TCP/UDP 53)
  • [ ] Port Scan TFTP Servers (Port 69)
  • [ ] Test for NTP Ports (Port 123)
  • [ ] Test for SNMP Ports  (Ports 161,162)
  • [ ] Test for Telnet  Ports (Port  23)
  • [ ] Test for LDAP Ports (Port 389)
  • [ ] Test for NetBIOS Ports (Port 135-139 and 445)
  • [ ] Test for SQL Server Ports (Port 1433 and 1434)
  • [ ] Test for Citrix Ports (Port 1495)
  • [ ] Test for Oracle Ports (Port  1521)
  • [ ] Test for NFS Ports (Port  2049)
  • [ ] Test for RDP Ports (Port 3389)
  • [ ] Test for Sybase Ports (Port 5000)
  • [ ] Test for SIP Ports (Port 5060)
  • [ ] Test for VNC Ports (Port 5800 and 900)
  • [ ] Test for X11 Ports (Port 6000)
  • [ ] Test for FTP Ports (Port 20)
  • [ ] Test for Web Server Ports (Port 80)
  • [ ] Test for SSL Server Ports (Port 443)
  • [ ] Test for Kerberos and AD Ports (Port TCP/UDP 88)
  • [ ] Test for SSH Servers Ports (Port 22)

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.