External Pentest Checklist

Pre-Enagement

• Verify if Rules of Engagement is Signed

• Scoping

  • Review Scope

  • Verify Scope: https://bgp.he.net/

• Send Kickoff Email

Start Engagement

Vulnerability Scanning

• Vulnerability Scanning

  • Nessus

Reconnaissance / OSINT

• Identify Client’s websites

• Company website

  • Directory enumeration/Brute forcing

• Login portals

  • Verify possible ports

• Sign up portals

• VPN portals

• Subdomain Enumeration

  • crt.sh: https://crt.sh/

  • Amass

  • Sublist3r

  • httprobe: https://www.kali.org/tools/httprobe/

• Identify Employees

  • Names

  • Email and Email Address format

    • LinkedIn

    • Hunter.io: https://hunter.io/email-finder

    • Phonebook.cz: https://phonebook.cz/

    • Voila Norbert: https://www.voilanorbert.com/

    • Clearbit (Removed): https://chromewebstore.google.com/detail/clearbit-connect-free-ver/pmnhcgfcafcnkbengdcanjablaabjplo

    • Email Hippo: https://tools.emailhippo.com/

    • Email-Checker: https://email-checker.net/

  • Job position / Line of work

  • Pesonal Interests

• Information Gathering: Organization

  • Job postings

  • System Information / Tech stack

  • Password policies

  • Can be found in Sign-up portals

  • Company location (Address)

  • Social media pages

• Information Gathering: Breached Credentials

  • DeHashed: https://www.dehashed.com/

  • Note all breached emails and passwords

  • Search the passwords found as well and try to correlate those passwords with other accounts

Account Enumeration

• Email / Username format

  • [email protected]

  • [email protected]

  • [email protected]

  • [email protected]

  • [email protected]

  • Resource: https://www.interseller.io/blog/2019/02/04/top-email-address-patterns-by-company-size/

• Validate Accounts

  • You should have identified already the login portals

  • You should have identified already the password policy

  • Test username to login portals

  • Take note of the Error message

  • Username / Password does not exist

  • Username does not exist

Attacking Login Portals

• Pre-requisites

  • Login Portals

  • Validated Emails / Usernames

  • Gathered Passwords

  • Password policy

• When performing password spraying, look for error messages

• Password Strategies

  • Use passwords logically in order of the highest probability of being used.

  • Don’t be afraid to use simple/common passwords

    • Password1!

    • Welcome2024!

    • Welcome1!

  • Season

    • Spring

      • Spring2024!

      • Spring24!

  • Summer

    • Summer2024!

      • Summer24!

  • Autumn / Fall

    • Autumn2024!

    • Fall2024!

  • Winter

    • Winter2024!

    • Winter24!

  • Month

    • January2024!

      • April2024!

      • Jun024!

      • September2024!

  • Company name

    • Company!

    • Tesla123!

  • Location / Company Address / City

    • Steelers1!

    • Employee Colleges

    • Employee Address / City

  • Leet Speak

    • Pa$$w0rd!

    • Te$l@

  • Backdating

    • Winter2022!