Pentest Checklist

The pentest-checklist skill provides a structured framework for AI agents to generate comprehensive penetration testing checklists. It ensures security assessments cover critical phases from reconnaissance to reporting, reducing the risk of overlooked vulnerabilities.

When to use it

• Pre-assessment planning: Generate a tailored scope and methodology before launching an automated scan or manual audit.
• Compliance verification: Ensure your testing process aligns with industry standards like PTES, NIST, or OWASP.
• Team coordination: Distribute a standardized checklist to junior pentesters to maintain consistency across engagements.
• Gap analysis: Compare current security posture against the checklist items to identify missing controls.

Key capabilities

• Generates phase-specific tasks for reconnaissance, scanning, exploitation, and post-exploitation.
• Structures output into clear, actionable steps for human analysts or automation scripts.
• Adapts checklists based on target environment types (web, network, mobile, cloud).

Example prompts

• "Create a penetration testing checklist for a public-facing web application following the OWASP Top 10."
• "Generate a pre-engagement scope document and asset discovery plan for a corporate intranet."
• "List the key verification steps required after successfully exploiting a SQL injection vulnerability."

Tips & gotchas

Ensure you have explicit authorization before using generated checklists on any live system to avoid legal repercussions. Always customize the output to fit the specific technology stack and risk profile of the target environment.