External Penetration Test Process/Checklist

External Penetration Test Process/Checklist
Some of these items are only used for Web Application Penetration Testing
  • [ ] Inventory Company's External Infrastructure
  • [ ] Create Topological Map of Network
  • [ ] Identify IP Addresses of the Target
  • [ ] Locate the traffic routes that go the servers
  • [ ] Trace the TCP traffic Path to the destination
  • [ ] Trace the UDP traffic Path to the destination
  • [ ] Identify the physical location of the target servers
  • [ ] Examine the use of IPv6 at the remote location
  • [ ] Look up the domain registry for IP information
  • [ ] Find IP lock information about the target
  • [ ] List Open Ports
  • [ ] List Close Ports
  • [ ] List Suspicious Ports that may be stealth ports
  • [ ] Port scan every port on the targets network
  • [ ] Use SYN scan on the target and analyze the response.
  • [ ] Use connect scan on the target and analyze the response.
  • [ ] Use Xmas scan on the target and analyze the response.
  • [ ] Use FIN scan on the target and analyze the response.
  • [ ] Use null scan on the target and analyze the response.
  • [ ] Examine TCP sequence number prediction
  • [ ] Examine the use of standard and nonstandard protocol.
  • [ ] Examine IP ID sequence number prediction
  • [ ] Examine the system uptime of the target
  • [ ] Examine the operating system used by different targets
  • [ ] Examine the patches applied to the operating system
  • [ ] Locate the DNS record of the domain and attempt DNS Hijacking
  • [ ] List programming languages and application software used to create various programs on the target server
  • [ ] Look for errors and custom web pages
  • [ ] Guess different subdomain names and analyze different responses
  • [ ] Hijack sessions
  • [ ] Examine cookies generated by the server
  • [ ] Examine the Access Control used by the Web Server
  • [ ] Brute-force URL injection and session tokens
  • [ ] Check for directory consistency and page-naming syntax of the Web pages.
  • [ ] Look for sensitive information in the Web page source code.
  • [ ] Try buffer overflow attempts in input fields.
  • [ ] Look for invalid ranges in input fields.
  • [ ] Attempt escape-character injection
  • [ ] Try Cross-Site Scripting techniques.
  • [ ] Record and replay the traffic to the target Web Server and note the response
  • [ ] Try various SQL-injection techniques
  • [ ] Examine hidden fields
  • [ ] Examine Server-Side Includes (SSI)
  • [ ] Examine e-commerce and payment gateways handled by the Web Server
  • [ ] Examine welcome, error, and debug messages.
  • [ ] Probe the server through SMTP mail bouncing.
  • [ ] Grab the banners of HTTP Server
  • [ ] Grab the banners of SMTP Server
  • [ ] Grab the banners of POP3 Servers.
  • [ ] Grab the banners of FTP Servers.
  • [ ] Identify the Web Extensions used on the server
  • [ ] Try to use an HTTPS tunnel to encapsulate traffic.
  • [ ] OS Fingerprint Target Servers
  • [ ] Check for ICMP Responses (Type 3 Port Unreachable)
  • [ ] Check for ICMP Responses (Type 8 Echo Request)
  • [ ] Check for ICMP Responses (Type 13 Time-Stamp Request)
  • [ ] Check for ICMP Responses (Type 15 Information Request)
  • [ ] Check for ICMP Responses (Type 17 Subnet Address Mask Request)
  • [ ] Check for ICMP Responses from broadcast address.
  • [ ] Port Scan DNS Server (TCP/UDP 53)
  • [ ] Port Scan TFTP Servers (Port 69)
  • [ ] Test for NTP Ports (Port 123)
  • [ ] Test for SNMP Ports  (Ports 161,162)
  • [ ] Test for Telnet  Ports (Port  23)
  • [ ] Test for LDAP Ports (Port 389)
  • [ ] Test for NetBIOS Ports (Port 135-139 and 445)
  • [ ] Test for SQL Server Ports (Port 1433 and 1434)
  • [ ] Test for Citrix Ports (Port 1495)
  • [ ] Test for Oracle Ports (Port  1521)
  • [ ] Test for NFS Ports (Port  2049)
  • [ ] Test for RDP Ports (Port 3389)
  • [ ] Test for Sybase Ports (Port 5000)
  • [ ] Test for SIP Ports (Port 5060)
  • [ ] Test for VNC Ports (Port 5800 and 900)
  • [ ] Test for X11 Ports (Port 6000)
  • [ ] Test for FTP Ports (Port 20)
  • [ ] Test for Web Server Ports (Port 80)
  • [ ] Test for SSL Server Ports (Port 443)
  • [ ] Test for Kerberos and AD Ports (Port TCP/UDP 88)
  • [ ] Test for SSH Servers Ports (Port 22)

Share Tweet Send
0 Comments
Loading...