🛡️ Pentest Checklist

A comprehensive, interactive penetration testing checklist designed to guide security professionals through systematic security assessments using the Cyber Kill Chain methodology.

🎯 Overview

This React-based web application provides a structured approach to penetration testing, featuring an extensive checklist covering everything from reconnaissance to exploitation. The application includes detailed command references, tool descriptions, and progress tracking to ensure thorough and methodical security assessments.

Web Site Link: https://pentestchecklist.netlify.app/

✨ Features

🔍 Reconnaissance Phase

• OSINT (Open Source Intelligence): Maltego, SpiderFoot, Shodan integration
• DNS Enumeration: dig, nslookup, fierce, dnsrecon tools
• WHOIS Analysis: Domain registration and ownership information
• Certificate Transparency: SSL/TLS certificate analysis
• GitHub Reconnaissance: Repository and code analysis
• LinkedIn Intelligence: Employee profiling and social engineering prep
• Metadata Analysis: Document and file metadata extraction
• Google Hacking: Advanced search operators and dorks

🌐 Active Reconnaissance

• Port Scanning: nmap, masscan, rustscan configurations
• Directory Enumeration: gobuster, dirb, dirsearch
• Subdomain Discovery: sublist3r, amass, subfinder, assetfinder

🔧 Port-Specific Testing

Detailed testing procedures for common services:

• FTP (21): Anonymous access, bounce attacks, file permissions
• SSH (22): Version detection, key analysis, brute force
• Telnet (23): Banner grabbing, credential testing
• SMTP (25): Open relay, enumeration
• HTTP/HTTPS (80/443): Web application testing, SSL analysis
• NetBIOS (139): Share enumeration, null sessions
• LDAP (389): Directory enumeration, injection testing
• SMB (445): Share analysis, vulnerability scanning
• Database Services: MySQL (3306), PostgreSQL (5432), MSSQL (1433)
• Remote Access: RDP (3389), VNC (5900)
• And many more...

🤖 AI-Powered Assistant

• Pentest Chatbot: Integrated Google Gemini AI assistant
• Context-Aware Help: Get specific guidance on tools and techniques
• Command Explanations: Detailed explanations of penetration testing commands
• Best Practices: Real-time advice on methodology and approach

📊 Progress Management

• Interactive Checklist: Check off completed tasks
• Progress Tracking: Visual progress indicators
• Export Functionality: Generate progress reports
• Persistent State: Save and resume your testing sessions

🎨 User Experience

• Dark/Light Theme: Toggle between themes
• Responsive Design: Works on desktop and mobile devices
• Copy-to-Clipboard: Easy command copying
• Hierarchical Organization: Structured testing methodology
• Search Functionality: Quickly find specific tools or techniques

🛠️ Technologies Used

• Frontend Framework: React 18 with TypeScript
• Build Tool: Vite for fast development and building
• UI Components: shadcn/ui component library
• Styling: Tailwind CSS with custom cyber-themed design
• AI Integration: Google Generative AI (Gemini)
• State Management: React hooks and localStorage
• Icons: Lucide React icons
• Routing: React Router DOM

🚀 Getting Started

Prerequisites

Ensure you have Node.js (version 16 or higher) and npm installed:

• Install Node.js with nvm

Installation

1. Clone the repository:

   git clone https://github.com/your-username/pentest-checklist.git

2. Navigate to the project directory:

   cd pentest-checklist

3. Install dependencies:

   npm install

4. Set up environment variables:

   cp .env.example .env

   Then edit the .env file and add your Google AI API key:

   VITE_GOOGLE_AI_API_KEY=your_actual_api_key_here
   

5. Start the development server:

   npm run dev

6. Open your browser and navigate to http://localhost:5173

Available Scripts

• npm run dev - Start development server
• npm run build - Build for production
• npm run preview - Preview production build
• npm run lint - Run ESLint

📁 Project Structure

src/
├── components/          # React components
│   ├── ui/             # shadcn/ui components
│   ├── Chatbot.tsx     # AI assistant component
│   ├── ChecklistItem.tsx # Individual checklist items
│   ├── PortsSection.tsx # Port-specific testing
│   └── ...
├── data/               # Static data and configurations
│   └── checklistData.ts # Checklist structure and tools
├── hooks/              # Custom React hooks
├── services/           # External services (AI, etc.)
├── pages/              # Page components
└── utils/              # Utility functions

🎯 Usage Guide

Basic Workflow

1. Start with Reconnaissance: Begin with passive information gathering
2. Progress Systematically: Follow the structured checklist
3. Use the AI Assistant: Ask questions about specific tools or techniques
4. Track Progress: Check off completed items
5. Export Results: Generate progress reports for documentation

Best Practices

• Always obtain proper authorization before testing
• Follow responsible disclosure practices
• Document your findings thoroughly
• Use the checklist as a guide, not a rigid requirement
• Adapt testing based on target environment

⚠️ Legal Disclaimer

IMPORTANT: This tool is designed for authorized penetration testing and educational purposes only. Users must:

• Obtain proper written authorization before conducting any security testing
• Comply with all applicable laws and regulations
• Follow responsible disclosure practices
• Respect privacy and confidentiality
• Use the tool ethically and professionally

The authors are not responsible for any misuse of this tool or any damage caused by its use.

---

⚡ Created by yusuwyildirim