Network Pentest Checklist
Reset Checklist
Export to JSON
Export to Excel
Reconnaissance
Perform WHOIS lookup for domain and IP ownership
Notes
Query DNS records (A, MX, TXT, CNAME, etc.)
Notes
Conduct OSINT for organizational details (e.g., employee names, emails)
Notes
Identify subdomains using tools like Sublist3r or Amass
Notes
Check for exposed network devices via Shodan or Censys
Notes
Map network ranges and ASNs using BGP data
Notes
Identify public-facing IP addresses and services
Notes
Network Scanning
Identify live hosts using ICMP ping sweeps (nmap -sn
)
Notes
Perform TCP SYN scan on all ports (nmap -sS -p-
)
Notes
Perform TCP connect scan on all ports (nmap -sT -p-
)
Notes
Conduct UDP scan on common ports (nmap -sU --top-ports 1000
)
Notes
Full TCP Port Vulnerability Scan Using Nmap NSE Scripts (nmap -p- --script vuln
)
Notes
Scan for IPv6-enabled hosts and services (nmap -6
)
Notes
Use Nmap scripts for service detection (nmap -sV -p-
)
Notes
Attempt firewall bypass with fragmented packets (nmap -f
)
Notes
Use idle scan to bypass firewall (nmap -sI
)
Notes
Test source port scanning for filtered ports (nmap --source-port 53
)
Notes
Service Enumeration
Port 21 (FTP)
Port 22 (SSH)
Port 23 (Telnet)
Port 25 (SMTP)
Port 53 (DNS)
Port 80 (HTTP)
Port 443 (HTTPS)
Port 445 (SMB)
Port 3389 (RDP)
Port 1026 (Rusersd)
Port 2049 (NFS)
Port 389 (LDAP)
Port 636 (LDAPS)
Port 3268 (LDAP GC)
Port 135 (MSSRPC)
Port 593 (MSSRPC)
Port 554 (RTSP)
Port 8554 (RTSP)
Port 1433 (MSSQL)
Port 1434 (MSSQL)
Port 3306 (MySQL)
Port 5432 (PostgreSQL)
Port 5900 (VNC)
Port 6379 (Redis)
Port 11211 (Memcache)
Port 1521 (Oracle)
Port 27017 (MongoDB)
Port 9200 (Elasticsearch)
Port 2375 (Docker)
Port 2376 (Docker)
Vulnerability Assessment
Post-Exploitation
Dump credentials from memory (e.g., Mimikatz)
Notes
Pivot to internal network segments
Notes
Extract network configuration details (e.g., routing tables)
Notes
Test for lateral movement (e.g., PsExec, WMI)
Notes
Verify persistence mechanisms (e.g., scheduled tasks)
Notes
Collect evidence of compromise for reporting
Notes
Close
Save
