liminfoPentest Checklist
Free web tool: Pentest Checklist
Overall Progress
0/45 (0%)
Pre-Engagement
0/6Reconnaissance
0/8Scanning & Enumeration
0/8Exploitation
0/8Post-Exploitation
0/7Reporting
0/8About Pentest Checklist
The Pentest Checklist is an interactive task tracker that guides security professionals through all six phases of a professional penetration test: Pre-Engagement, Reconnaissance, Scanning & Enumeration, Exploitation, Post-Exploitation, and Reporting. It covers 47 items with plain-language descriptions of each task — from defining scope and getting written authorization, to OSINT gathering, port scanning with Nmap, running SQLi/XSS attacks, achieving domain escalation, and producing CVSS-rated reports.
Penetration testers, red team operators, bug bounty hunters, and security consultants use structured checklists to ensure repeatable, thorough methodology. Rushing straight to exploitation without completing reconnaissance and proper scope definition is one of the most common reasons pentest engagements produce incomplete results or legal issues. This checklist enforces the discipline of methodical work from the very first engagement task to final cleanup verification.
Each phase has its own item counter and the overall progress bar tracks aggregate completion. Items can be checked in any order — the tool does not enforce a sequence — so testers can adapt to the reality that pentest phases often overlap. The checklist is purely browser-based, has no persistence between sessions, and stores no data on any server, making it safe to use on client-site assessments where data handling concerns apply.
Key Features
- Full 6-phase penetration testing methodology: Pre-Engagement, Reconnaissance, Scanning & Enumeration, Exploitation, Post-Exploitation, Reporting
- 47 detailed task items with plain-English descriptions covering tools and techniques (Nmap, Nessus, Burp Suite, OSINT, CVSS, etc.)
- Per-phase item counters showing progress within each testing phase
- Overall progress bar tracking aggregate completion across all 47 items
- Strikethrough styling on completed items for clear visual status at a glance
- Non-sequential — check items in any order to match the reality of overlapping pentest phases
- 100% browser-based with no data persistence — safe for use on client sites with strict data handling requirements
- Dark mode support and clean card layout for comfortable reading during active engagements
Frequently Asked Questions
What phases does this pentest checklist cover?
The checklist covers all six standard phases: Pre-Engagement (scope, ROE, authorization, timeline), Reconnaissance (OSINT, DNS enumeration, email harvesting, Google dorking), Scanning & Enumeration (port scanning, vulnerability scanning, SSL/TLS analysis), Exploitation (web attacks, network attacks, privilege escalation, wireless), Post-Exploitation (persistence, lateral movement, data exfiltration, credential harvesting), and Reporting (executive summary, CVSS ratings, remediation recommendations).
What is the most important item in the Pre-Engagement phase?
Authorization documentation — written permission from the asset owner — is the single most critical item. Without written authorization, penetration testing activities are illegal in most jurisdictions regardless of intent. The scope definition and Rules of Engagement (ROE) document are equally essential to define exactly which systems may be tested and what actions are permitted.
What does "Google dorking" mean in the Reconnaissance phase?
Google dorking refers to using advanced Google search operators to find information about a target that the target organization did not intend to expose publicly. Common operators include site: (restrict to a domain), filetype: (find specific file types), and inurl: (find specific URL patterns). Examples include finding exposed configuration files, login pages, or sensitive documents indexed by search engines.
What is the difference between Exploitation and Post-Exploitation?
Exploitation covers the active attack phase where testers attempt to breach systems: password attacks, web application attacks (SQLi, XSS, SSRF), network attacks (MITM, ARP spoofing), and social engineering. Post-Exploitation covers what happens after initial access is gained: establishing persistence, moving laterally to other systems, harvesting credentials, escalating to domain admin, and demonstrating the ability to exfiltrate data.
Why is "Cleanup verification" included in the Reporting phase?
During testing, penetration testers install backdoors, create test accounts, upload tools, and modify configurations. All of these artifacts must be removed before the engagement ends. Cleanup verification confirms that all testing artifacts have been removed and the target environment is restored to its pre-test state. Leaving backdoors or test accounts behind creates real security risks for the client.
What is CVSS and why is it in the Reporting phase?
CVSS (Common Vulnerability Scoring System) is the industry-standard framework for rating vulnerability severity on a 0–10 scale. Including CVSS scores in pentest reports helps clients prioritize remediation by providing an objective, vendor-neutral severity rating for each finding. Scores consider factors like attack vector, attack complexity, privileges required, user interaction, and impact on confidentiality, integrity, and availability.
Can this checklist be used for bug bounty programs?
Yes, with adaptation. Bug bounty programs have defined scopes (typically a set of domains or APIs) and strict rules that differ from traditional pentests — for example, most programs prohibit post-exploitation activities like persistence and lateral movement. Use the Reconnaissance, Scanning & Enumeration, and Exploitation phases as guidance, but always check the specific program's rules before performing any activity.
Does the checklist save my progress between sessions?
No. The tool is purely browser-based and maintains state only during the current session. Reloading the page resets all checkboxes. For persistent tracking across an engagement, consider printing the page to PDF or taking a screenshot at the end of each testing day to record your progress.