S
SkillsMD 发现、学习和掌握最新的 AI 技术 Skills。基于真实社区数据,为开发者提供最权威的 AI 工具导航。
关于 聚焦 AI 技术 Skills 每周数据更新 中英双语文档 © 2026 SkillsMD. All rights reserved.
渗透测试清单:完整流程、工具与最佳实践指南 | 网络安全测试 | SkillsMD
首页 / Skills / pentest-checklist 渗透测试清单:完整流程、工具与最佳实践指南 | 网络安全测试 Pentest Checklist by automindtechnologie-jpg/ultimate-skill.md
npx skills add https://github.com/automindtechnologie-jpg/ultimate-skill.md --skill 'Pentest Checklist'🇨🇳 中文介绍 渗透测试清单
目的
提供一个全面的清单,用于规划、执行和跟进渗透测试。确保充分的准备、适当的范围界定以及对发现漏洞的有效修复。
输入/先决条件
明确的测试业务目标
目标环境信息
预算和时间限制
利益相关者联系人和授权
法律协议和范围文档
输出/交付物
已定义的渗透测试范围和目标
准备好的测试环境
安全监控数据
漏洞发现报告
修复计划和验证
核心工作流程
阶段 1:范围定义
定义目标
明确测试目的 - 确定目标(发现漏洞、合规性、客户保证)验证渗透测试的必要性 - 确保渗透测试是合适的解决方案使结果与目标保持一致 - 定义成功标准
参考问题:
为什么要进行这次渗透测试?
期望得到什么具体结果?
将如何处理发现的问题?
了解测试类型
类型 目的 范围 外部渗透测试 评估外部攻击面 面向公众的系统 内部渗透测试 评估内部威胁风险 内部网络 Web 应用程序测试 发现应用程序漏洞 特定应用程序 社会工程学测试 测试人员安全意识 员工、流程 红队测试 完整的对手模拟 整个组织
枚举可能的威胁
识别高风险区域 - 哪里可能发生损害?评估数据敏感性 - 哪些数据可能被泄露?审查遗留系统 - 旧系统通常存在漏洞映射关键资产 - 优先测试目标
定义范围
列出范围内系统 - IP、域名、应用程序定义范围外项目 - 要避免的系统设置测试边界 - 允许使用哪些技术?记录排除项 - 第三方系统、生产数据
预算规划
因素 考虑事项 资产价值 价值越高 = 投资越高 复杂性 系统越多 = 时间越多 所需深度 彻底的测试成本更高 声誉价值 知名公司成本更高
预算现实检查:
廉价的渗透测试通常效果不佳
预算应与资产关键性相匹配
考虑持续测试与一次性测试
阶段 2:环境准备
准备测试环境
生产与预生产环境决策 - 确定在哪里测试设置测试限制 - 不对生产环境进行 DoS 攻击安排测试窗口 - 最小化业务影响创建测试账户 - 提供适当的访问级别
环境选项:
Production - 真实但风险高
Staging - 更安全但可能与生产环境不同
Clone - 理想但资源密集
运行初步扫描
执行漏洞扫描器 - 首先发现已知问题修复明显的漏洞 - 不要浪费渗透测试时间记录现有问题 - 与测试人员共享
常用预扫描工具:
# 网络漏洞扫描
nmap -sV --script vuln TARGET
# Web 漏洞扫描
nikto -h http://TARGET
审查安全策略
验证合规性要求 - GDPR、PCI-DSS、HIPAA记录数据处理规则 - 敏感数据处理程序确认法律授权 - 获得书面许可
通知托管提供商
检查提供商策略 - 允许进行哪些测试?提交授权请求 - AWS、Azure、GCP 要求记录批准 - 保留记录
云提供商策略:
冻结开发
测试期间停止部署 - 保持环境一致记录当前版本 - 记录系统状态避免关键补丁 - 除非是安全紧急情况
阶段 3:专家选择
寻找合格的渗透测试人员
寻求推荐 - 咨询可信来源验证资质 - OSCP、GPEN、CEH、CREST检查参考资料 - 与之前的客户沟通使专业知识与范围匹配 - Web、网络、移动专家
评估标准:
因素 要问的问题 经验 从业年限、类似项目 方法论 OWASP、PTES、自定义方法 报告 样本报告、详细程度 沟通 可用性、更新频率
定义方法论
选择测试标准 - PTES、OWASP、NIST确定访问级别 - 黑盒、灰盒、白盒商定技术 - 手动测试与自动化测试设置沟通计划 - 更新和升级流程
测试方法:
类型 访问级别 模拟 黑盒 无信息 外部攻击者 灰盒 部分访问 访问受限的内部人员 白盒 完全访问 内部人员/详细审计
定义报告格式
审查样本报告 - 确保质量满足需求指定必需部分 - 执行摘要、技术细节请求机器可读输出 - CSV、XML 用于跟踪商定风险评级 - CVSS、自定义等级
报告应包含:
面向管理层的执行摘要
附带证据的技术发现
风险评级和优先级排序
修复建议
重新测试指南
阶段 4:监控
实施安全监控
部署 IDS/IPS - 入侵检测系统启用日志记录 - 全面的审计跟踪配置 SIEM - 集中式日志分析设置警报 - 实时通知
监控工具:
# 检查安全日志
tail -f /var/log/auth.log
tail -f /var/log/apache2/access.log
# 监控网络
tcpdump -i eth0 -w capture.pcap
配置日志记录
集中日志 - 聚合所有系统的日志设置保留期限 - 保留日志以供分析启用详细日志记录 - 应用程序和系统级别测试日志收集 - 验证所有源正常工作
要监控的关键日志:
身份验证事件
应用程序错误
网络连接
文件访问
系统更改
监控异常工具
跟踪错误率 - 异常峰值表明正在进行测试向运维团队通报 - 区分测试与攻击记录基线 - 正常活动与渗透测试活动
关注安全工具
审查 IDS 警报 - 区分渗透测试与真实攻击监控 WAF 日志 - 跟踪被阻止的尝试检查端点保护 - 防病毒检测
阶段 5:修复
确保备份
验证备份完整性 - 测试恢复记录恢复程序 - 知道如何恢复分离备份访问 - 保护备份免受测试影响
预留修复时间
分配团队可用性 - 渗透测试后分析安排修复实施 - 处理发现的问题计划验证测试 - 确认修复有效
测试期间打补丁策略
通常避免打补丁 - 保持环境一致关键问题例外 - 仅限安全紧急情况沟通变更 - 通知渗透测试人员任何变更
清理程序
移除测试工件 - 后门、脚本、文件删除测试账户 - 移除渗透测试人员访问权限恢复配置 - 恢复到原始状态验证清理完成 - 审计所有更改
安排下一次渗透测试
确定频率 - 年度、季度、变更后考虑持续测试 - 漏洞赏金、持续评估为未来测试做预算 - 提前计划
测试频率因素:
发布频率
法规要求
风险承受能力
过去发现问题的严重性
快速参考
渗透测试前清单
□ 范围已定义并记录
□ 已获得授权
□ 环境已准备
□ 已通知托管提供商
□ 团队已通报
□ 监控已启用
□ 备份已验证
渗透测试后清单
□ 报告已接收并审查
□ 发现的问题已确定优先级
□ 修复任务已分配
□ 修复已实施
□ 验证测试已安排
□ 环境已清理
□ 下一次测试已安排
约束
生产环境测试具有固有风险
预算限制影响测试的彻底性
时间限制可能限制覆盖范围
测试人员的专业知识差异很大
发现的问题会很快过时
示例
示例 1:快速范围定义
**目标:** 企业 Web 应用程序 (app.company.com)
**类型:** 灰盒 Web 应用程序渗透测试
**持续时间:** 5 个工作日
**排除项:** DoS 测试、生产数据库访问
**访问权限:** 提供标准用户账户
示例 2:监控设置
# 启用全面日志记录
sudo systemctl restart rsyslog
sudo systemctl restart auditd
# 启动数据包捕获
tcpdump -i eth0 -w /tmp/pentest_capture.pcap &
故障排除
问题 解决方案 范围蔓延 记录并要求变更批准 测试影响生产 安排非工作时间、使用预生产环境 发现的问题存在争议 提供详细证据、重新测试 修复延迟 按风险确定优先级、设定截止日期 预算超支 定义明确的范围、固定价格合同
每周安装数
0
仓库
automindtechnol…skill.md
首次出现
1970年1月1日
安全审计
Gen Agent Trust HubPass SocketPass SnykWarn
🇺🇸 English Pentest Checklist
Purpose
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.
Inputs/Prerequisites
Clear business objectives for testing
Target environment information
Budget and timeline constraints
Stakeholder contacts and authorization
Legal agreements and scope documents
Outputs/Deliverables
Defined pentest scope and objectives
Prepared testing environment
Security monitoring data
Vulnerability findings report
Remediation plan and verification
Core Workflow
Phase 1: Scope Definition
Define Objectives
Clarify testing purpose - Determine goals (find vulnerabilities, compliance, customer assurance)Validate pentest necessity - Ensure penetration test is the right solutionAlign outcomes with objectives - Define success criteria
Reference Questions:
Why are you doing this pentest?
What specific outcomes do you expect?
What will you do with the findings?
Know Your Test Types
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
联系我们 External Pentest Assess external attack surface Public-facing systems Internal Pentest Assess insider threat risk Internal network Web Application Find application vulnerabilities Specific applications Social Engineering Test human security Employees, processes Red Team Full adversary simulation Entire organization
Enumerate Likely Threats
Identify high-risk areas - Where could damage occur?Assess data sensitivity - What data could be compromised?Review legacy systems - Old systems often have vulnerabilitiesMap critical assets - Prioritize testing targets
Define Scope
List in-scope systems - IPs, domains, applicationsDefine out-of-scope items - Systems to avoidSet testing boundaries - What techniques are allowed?Document exclusions - Third-party systems, production data
Budget Planning Factor Consideration Asset Value Higher value = higher investment Complexity More systems = more time Depth Required Thorough testing costs more Reputation Value Brand-name firms cost more
Cheap pentests often produce poor results
Align budget with asset criticality
Consider ongoing vs. one-time testing
Phase 2: Environment Preparation
Prepare Test Environment
Production vs. staging decision - Determine where to testSet testing limits - No DoS on productionSchedule testing window - Minimize business impactCreate test accounts - Provide appropriate access levels Production - Realistic but risky
Staging - Safer but may differ from production
Clone - Ideal but resource-intensive
Run Preliminary Scans
Execute vulnerability scanners - Find known issues firstFix obvious vulnerabilities - Don't waste pentest timeDocument existing issues - Share with testers # Network vulnerability scan
nmap -sV --script vuln TARGET
# Web vulnerability scan
nikto -h http://TARGET
Review Security Policy
Verify compliance requirements - GDPR, PCI-DSS, HIPAADocument data handling rules - Sensitive data proceduresConfirm legal authorization - Get written permission
Notify Hosting Provider
Check provider policies - What testing is allowed?Submit authorization requests - AWS, Azure, GCP requirementsDocument approvals - Keep records
Freeze Developments
Stop deployments during testing - Maintain consistent environmentDocument current versions - Record system statesAvoid critical patches - Unless security emergency
Phase 3: Expertise Selection
Find Qualified Pentesters
Seek recommendations - Ask trusted sourcesVerify credentials - OSCP, GPEN, CEH, CRESTCheck references - Talk to previous clientsMatch expertise to scope - Web, network, mobile specialists Factor Questions to Ask Experience Years in field, similar projects Methodology OWASP, PTES, custom approach Reporting Sample reports, detail level Communication Availability, update frequency
Define Methodology
Select testing standard - PTES, OWASP, NISTDetermine access level - Black box, gray box, white boxAgree on techniques - Manual vs. automated testingSet communication schedule - Updates and escalation Type Access Level Simulates Black Box No information External attacker Gray Box Partial access Insider with limited access White Box Full access Insider/detailed audit
Define Report Format
Review sample reports - Ensure quality meets needsSpecify required sections - Executive summary, technical detailsRequest machine-readable output - CSV, XML for trackingAgree on risk ratings - CVSS, custom scale
Executive summary for management
Technical findings with evidence
Risk ratings and prioritization
Remediation recommendations
Retesting guidance
Phase 4: Monitoring
Implement Security Monitoring
Deploy IDS/IPS - Intrusion detection systemsEnable logging - Comprehensive audit trailsConfigure SIEM - Centralized log analysisSet up alerting - Real-time notifications # Check security logs
tail -f /var/log/auth.log
tail -f /var/log/apache2/access.log
# Monitor network
tcpdump -i eth0 -w capture.pcap
Configure Logging
Centralize logs - Aggregate from all systemsSet retention periods - Keep logs for analysisEnable detailed logging - Application and system levelTest log collection - Verify all sources working
Authentication events
Application errors
Network connections
File access
System changes
Monitor Exception Tools
Track error rates - Unusual spikes indicate testingBrief operations team - Distinguish testing from attacksDocument baseline - Normal vs. pentest activity
Watch Security Tools
Review IDS alerts - Separate pentest from real attacksMonitor WAF logs - Track blocked attemptsCheck endpoint protection - Antivirus detections
Phase 5: Remediation
Ensure Backups
Verify backup integrity - Test restorationDocument recovery procedures - Know how to restoreSeparate backup access - Protect from testing
Reserve Remediation Time
Allocate team availability - Post-pentest analysisSchedule fix implementation - Address findingsPlan verification testing - Confirm fixes work
Patch During Testing Policy
Generally avoid patching - Maintain consistent environmentException for critical issues - Security emergencies onlyCommunicate changes - Inform pentesters of any changes
Cleanup Procedure
Remove test artifacts - Backdoors, scripts, filesDelete test accounts - Remove pentester accessRestore configurations - Return to original stateVerify cleanup complete - Audit all changes
Schedule Next Pentest
Determine frequency - Annual, quarterly, after changesConsider continuous testing - Bug bounty, ongoing assessmentsBudget for future tests - Plan ahead Testing Frequency Factors:
Release frequency
Regulatory requirements
Risk tolerance
Past findings severity
Quick Reference
Pre-Pentest Checklist □ Scope defined and documented
□ Authorization obtained
□ Environment prepared
□ Hosting provider notified
□ Team briefed
□ Monitoring enabled
□ Backups verified
Post-Pentest Checklist □ Report received and reviewed
□ Findings prioritized
□ Remediation assigned
□ Fixes implemented
□ Verification testing scheduled
□ Environment cleaned up
□ Next test scheduled
Constraints
Production testing carries inherent risks
Budget limitations affect thoroughness
Time constraints may limit coverage
Tester expertise varies significantly
Findings become stale quickly
Examples
Example 1: Quick Scope Definition **Target:** Corporate web application (app.company.com)
**Type:** Gray box web application pentest
**Duration:** 5 business days
**Excluded:** DoS testing, production database access
**Access:** Standard user account provided
Example 2: Monitoring Setup # Enable comprehensive logging
sudo systemctl restart rsyslog
sudo systemctl restart auditd
# Start packet capture
tcpdump -i eth0 -w /tmp/pentest_capture.pcap &
Troubleshooting Issue Solution Scope creep Document and require change approval Testing impacts production Schedule off-hours, use staging Findings disputed Provide detailed evidence, retest Remediation delayed Prioritize by risk, set deadlines Budget exceeded Define clear scope, fixed-price contracts
通过 LiteLLM 代理让 Claude Code 对接 GitHub Copilot 运行 | 高级变通方案指南
22,200 周安装
