Structured checklists and methodology guides for penetration testing and security code review.
These templates are reference guides built from real engagement methodology. They give testers (especially junior testers) something to follow when working through an assessment. Each template walks through the process step by step with commands, checklists, and context about what you're looking for and why.
They are not comprehensive vulnerability databases or exhaustive references for every possible attack. They cover the things we routinely check during engagements and provide a consistent structure so nothing obvious gets missed.
These templates are meant to be a starting point and a safety net, not the ceiling of your testing.
- They do not replace understanding the underlying concepts
- They are not "run every command and you're done" automation scripts
- They do not attempt to cover every edge case or every framework
- They are not a substitute for thinking about the specific application in front of you
| Template | Covers |
|---|---|
Pentest-Pre-Engagement-Template.md |
Scoping, access, rules of engagement, kickoff, reporting, closeout |
| Template | Covers |
|---|---|
Pentest-WebApp-API-Template.md |
Web applications and APIs (REST, GraphQL, gRPC, WebSocket) |
Pentest-Cloud-AWS-Template.md |
AWS account and service security |
Pentest-Cloud-GCP-Template.md |
GCP project and service security |
Pentest-Cloud-Azure-Template.md |
Azure subscription and service security |
Pentest-iOS-Template.md |
iOS mobile application security |
Pentest-Android-Template.md |
Android mobile application security |
Pentest-ThickClient-Template.md |
Desktop applications (Windows, macOS, Linux, Electron) |
Pentest-Hardware-IoT-Template.md |
Embedded devices, IoT, firmware, hardware |
Located in code-review/. Each is self-contained with the same structure adapted to the specific language, its frameworks, and the vulnerability classes that apply to it.
| Template | Covers |
|---|---|
Code-Review-Python.md |
Flask, Django, FastAPI, serverless, ML pipelines, MicroPython |
Code-Review-JavaScript-TypeScript.md |
Express, Next.js, Electron, React Native, serverless |
Code-Review-Java-Kotlin.md |
Spring, Android, Jakarta EE, serverless |
Code-Review-CSharp.md |
ASP.NET Core, Blazor, WPF, MAUI/Xamarin, Azure Functions, Unity |
Code-Review-Go.md |
net/http, gin, echo, fiber, gRPC, Kubernetes tooling |
Code-Review-C-CPP.md |
Embedded firmware, RTOS, desktop, kernel modules, network protocols |
Code-Review-PHP.md |
Laravel, Symfony, WordPress, Drupal |
Code-Review-Ruby.md |
Rails, Sinatra, Hanami |
Code-Review-Rust.md |
Actix-web, Axum, embedded, WASM |
Code-Review-Swift.md |
iOS (UIKit/SwiftUI), macOS, Vapor |
Code-Review-Scala.md |
Play, Akka HTTP, Apache Spark, ZIO |
- Start with
Pentest-Pre-Engagement-Template.mdfor every engagement - Pick the assessment template(s) that match your scope
- For code review, pick the language template(s) that match the codebase
- Work through each section in order (the templates are ordered by methodology flow)
- Mark checkboxes as you go, record findings inline, and capture evidence
Every template follows the same general pattern:
| Section | Purpose |
|---|---|
| What to do | Commands, grep patterns, manual checks |
| What to look for | Context about the vulnerability or misconfiguration |
| How to confirm | Verify it is actually a finding, not just the presence of a function |
| Checklist | Items to mark off as you complete each area |
The code review templates include grep patterns for every major sink category specific to that language, with "when to suspect" context and "safe alternative" guidance for each.
