Skip to content
/ vapt-engagement-guide Public

A handy checklist for Vulnerability Assessment and Penetration Test engagements. It gives common tools and commands you can run to make sure you don't forget an important step during your VAPT assignment.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blessing-mufaro/vapt-engagement-guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
External Assessment
External Assessment
 
 
Internal Assessment
Internal Assessment
 
 
README.md
README.md
 
 

Repository files navigation

👋 Bonjour. Comment vas-tu?

Excuse the french greeting but it was the first thing that came to mind when I was looking for an intro, my mind was literally blank [at the time of initial writing - 3/23/2023 at exactly 1552hrs] ...... but this is still very useless information.

📝The important bit

This repository will essentially serve as a VAPT (Vulnerability Assessment and Penetration Test) guide or handbook - simple as that. You can use it as a checklist during practical engagements or even in CTF challenges. The checklists are divided into two: internal and external - and based on the type of penetration test you're carrying out, feel free to fork this repository and hack away!!!

One other thing. You may be wondering why this particular checklist may differ from the majority out there, well that's because in this repository I'll also include commands for the tools I state at each stage, for your convenience. And of course you may need to tweak the switches a bit to suit your environment but at least you get a starting point. Some may not be direct instructions on how to use a tool but a pointer to where you should look 👀.

I will constantly make updates to this checklist, but please feel free to make a pull requests if you have suggestions or additional tools to add to the lists.

1️⃣ One last last thing

  • This list will include the tools I've used before in real life engagements and found helpful (and others I've also used during capture the flag contests).
  • Each section (internal/external) will be categorized based on the standard phases of a penetration test
  1. Information Gathering (Reconnaisance)
  2. Scanning
  3. Exploitation
  4. Privilege Escalation (Maintaining Access)
  5. Reporting
  • The structure within each section may differ slightly as content is added but that's the basic gist - and again, suggestions are welcome 🙃
  • For exploitation and privilege escalation there will be separate folders with Proof of Concept (POC) notes for various exploits. Illustrations for these POCs can be in the form of videos, screenshots and textual writeups.
  • Reference can be made to publicly accessible vulnerable machines on platforms like Try Hack Me, Vulnhub or Hack The Box to illustrate a POC with a practical example.

About

A handy checklist for Vulnerability Assessment and Penetration Test engagements. It gives common tools and commands you can run to make sure you don't forget an important step during your VAPT assignment.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published