Pentest Vulnerability Checklist

TL;DR

This guide helps you create a focused list of vulnerabilities to check during a penetration test (pentest). It covers common areas and how to prioritise what’s most important for your system.

Creating Your Vulnerability Checklist

1. Understand Your System: Before listing vulnerabilities, know what you’re testing. This includes:
   • Scope: What parts of the system are in scope? (e.g., web application, network infrastructure, mobile app)
   • Technology Stack: Which technologies are used? (e.g., Linux, Windows Server, Apache, PHP, React)
   • Architecture: How is the system built and connected? A diagram helps.
2. Start with Common Vulnerabilities: Begin with a base list of well-known issues. Here are some key areas:
   • Web Application (OWASP Top 10): This is crucial for web apps.
     • Injection (SQL, Command, Cross-Site Scripting)
     • Broken Authentication
     • Sensitive Data Exposure
     • XML External Entities (XXE)
     • Broken Access Control
   • Network Infrastructure:
     • Weak Passwords
     • Unpatched Systems
     • Open Ports and Services
     • Misconfigured Firewalls
   • Operating System (Linux/Windows):
     • Missing Security Updates
     • Weak File Permissions
     • Default Credentials
     • Unnecessary Services Running
3. Use Vulnerability Databases: Refer to these resources for specific vulnerabilities:
   • NVD (National Vulnerability Database): https://nvd.nist.gov/
   • CVE Details: https://www.cvedetails.com/
   • Exploit-DB: https://www.exploit-db.com/ (for known exploits)
4. Scan for Vulnerabilities (Automated Tools): Use tools to identify potential issues. Examples:
   • Nmap: For network scanning.

     nmap -sV --script vuln 

   • Nikto: For web server vulnerability scanning.

     nikto -h 

   • Nessus/OpenVAS: Comprehensive vulnerability scanners.
5. Prioritise Vulnerabilities: Not all vulnerabilities are equal. Focus on those with the highest risk.
   • CVSS Score: Use the Common Vulnerability Scoring System (CVSS) to assess severity.
   • Exploitability: Is there a known exploit available?
   • Impact: What damage could this vulnerability cause?
   • Business Criticality: How important is the affected system to your business?
6. Document Your Checklist: Create a clear, organised list.
   • Vulnerability Name/ID (e.g., CVE-2023-1234)
   • Description
   • Affected System(s)
   • Severity (High, Medium, Low)
   • Priority (Critical, High, Medium, Low)
   • Testing Steps: How to verify the vulnerability.
7. Regularly Update Your Checklist: New vulnerabilities are discovered constantly. Keep your list current.
   • Subscribe to security mailing lists.
   • Follow security blogs and news sources.
   • Re-scan systems periodically.