├── PenTest Consulting Creator ├── Assessment PenTest.docx ├── Cronograma PenTest - Template.xlsx ├── NDA PenTest 1.pdf ├── NDA PenTest 2.pdf ├── PCI Self Asssessment.docx ├── PWKv1-Report.docx ├── PenTest CherryTree Template 1.ctb ├── PenTest CherryTree Template 2.ctb ├── PenTest Cost.xlsx ├── Penetration-Testing-Scoping-Questionnaire.pdf ├── Penetration_Testing_Timeline_Checklist.pdf ├── Report PenTest Example 1.pdf ├── Rules of Engagement Template-a.docx ├── Rules-of-Engagement 2.pdf ├── Scoping PenTest Questionare.pdf ├── Scoping Questionnaire Template.docx ├── TCM-Security-Sample-Pentest-Report.zip ├── TDIF Penetration Test Report - Template (Release 4.6).docx ├── sample-penetration-testing-report.pdf └── writing-penetration-testing-report GIAC.pdf └── README.md /PenTest Consulting Creator/Assessment PenTest.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Assessment PenTest.docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/Cronograma PenTest - Template.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Cronograma PenTest - Template.xlsx -------------------------------------------------------------------------------- /PenTest Consulting Creator/NDA PenTest 1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/NDA PenTest 1.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/NDA PenTest 2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/NDA PenTest 2.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/PCI Self Asssessment.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/PCI Self Asssessment.docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/PWKv1-Report.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/PWKv1-Report.docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/PenTest CherryTree Template 1.ctb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/PenTest CherryTree Template 1.ctb -------------------------------------------------------------------------------- /PenTest Consulting Creator/PenTest CherryTree Template 2.ctb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/PenTest CherryTree Template 2.ctb -------------------------------------------------------------------------------- /PenTest Consulting Creator/PenTest Cost.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/PenTest Cost.xlsx -------------------------------------------------------------------------------- /PenTest Consulting Creator/Penetration-Testing-Scoping-Questionnaire.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Penetration-Testing-Scoping-Questionnaire.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/Penetration_Testing_Timeline_Checklist.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Penetration_Testing_Timeline_Checklist.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/Report PenTest Example 1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Report PenTest Example 1.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/Rules of Engagement Template-a.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Rules of Engagement Template-a.docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/Rules-of-Engagement 2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Rules-of-Engagement 2.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/Scoping PenTest Questionare.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Scoping PenTest Questionare.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/Scoping Questionnaire Template.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/Scoping Questionnaire Template.docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/TCM-Security-Sample-Pentest-Report.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/TCM-Security-Sample-Pentest-Report.zip -------------------------------------------------------------------------------- /PenTest Consulting Creator/TDIF Penetration Test Report - Template (Release 4.6).docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/TDIF Penetration Test Report - Template (Release 4.6).docx -------------------------------------------------------------------------------- /PenTest Consulting Creator/sample-penetration-testing-report.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/sample-penetration-testing-report.pdf -------------------------------------------------------------------------------- /PenTest Consulting Creator/writing-penetration-testing-report GIAC.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyberSecurityUP/PenTest-Consulting-Creator/ac37e9311170c83beae4f3ec1610ce6a49825dc3/PenTest Consulting Creator/writing-penetration-testing-report GIAC.pdf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PenTest-Consulting-Creator 2 | Repository with some necessary information for you to create your PenTest consultancy 3 | 4 | PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. 5 | - https://github.com/pwndoc/pwndoc 6 | 7 | Curated list of public penetration test reports released by several consulting firms and academic security groups. 8 | - https://github.com/juliocesarfort/public-pentesting-reports 9 | 10 | PenTest Calculator Cost 11 | - https://go.cobalt.io/roi/ 12 | - https://www.mangoldsecurity.com/cost-estimator/ 13 | 14 | PenTest Checklist 15 | - https://pentestbook.six2dez.com/others/web-checklist 16 | - https://github.com/harshinsecurity/web-pentesting-checklist 17 | - https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist 18 | - https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting-checklist 19 | - https://book.hacktricks.xyz/mobile-pentesting/android-checklist 20 | 21 | PenTest Methodology 22 | 23 | PTES 24 | - http://www.pentest-standard.org/index.php/Main_Page 25 | 26 | OSSTMM 27 | - https://www.isecom.org/OSSTMM.3.pdf 28 | 29 | NIST 800-115 30 | - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf 31 | 32 | ISSAF 33 | - http://cuchillac.net/archivos/pre_seguridad_pymes/2_hakeo_etico/lects/metodologia_oissg.pdf 34 | 35 | OWASP Test Guide 36 | - https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf 37 | 38 | ## Timeline PenTest 39 | 40 | Planning – Includes the contract execution, initial deposit, scheduling of resources, and review/agreement of the project Rules of Engagement (ROE). 41 | 42 | Execution – This phase is when active testing of all in-scope targets is set to occur – the length of this phase varies by project and is directly related to the size/scope of the assessment. 43 | 44 | Analysis, Documentation, and Quality Assurance – 1 Week: Document preparation including the Executive Summary Report and Technical Findings Report. This phase may also include some minimal testing and manual interactions with the in-scope targets to validate findings identified during the original execution of the test or gather more detail. 45 | 46 | Presentation of Findings – 1 Day: Scheduled after all documentation and QA is complete, this is the final step to review findings, address questions, and wrap up the project. 47 | 48 | ## Burocracy 49 | 50 | - Understand the bureaucratic part of the country you work in, whether in opening a company, even in providing services and the proper credentials to act. 51 | 52 | - Structure your portfolio of services well in PenTest, the types of tests you do and how you perform them, what methodology is used in each one? 53 | 54 | ## Certifications 55 | 56 | - CEH 57 | - OSCP 58 | - eCPPT 59 | - eCPTX 60 | - eWPT 61 | - GPEN 62 | - GWAPT 63 | - CREST CPSA 64 | - CRTO 65 | - CRTL 66 | - OSWE 67 | - OSEP 68 | - CRTP 69 | - CARTP 70 | 71 | ## Toolkits 72 | 73 | - What tools do you use? 74 | 75 | - Do you have trading tools? 76 | 77 | - Are there partnerships for the services you have? Whether to assist in the remediation, protection and mitigation of risk 78 | 79 | - How is the licensing of your tools? If you have a Burp, Cobalt Strike, Exploit Pack and others? 80 | 81 | ## CVEs, CVSS, NVD 82 | 83 | - CVE 84 | Is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. CVE does not provide severity scoring or prioritization ratings for software vulnerabilities. 85 | 86 | - CVSS 87 | Operated by the Forum of Incident Response and Security Teams (FIRST) used to score the severity of software vulnerabilities identified by CVE Entries. 88 | 89 | - NVD NIST 90 | Provides a free CVSS calculator for CVE Entries. 91 | 92 | - Report your CVE 93 | When you find a 0day you can report this vulnerability to the company that owns the solution or a third party depending on the case, so waiting for a positive result and get your cve depending on the vulnerability 94 | 95 | Tutorial Report 96 | https://drive.google.com/file/d/1pfZbOm_dExehIqGHLPtjWm2GJ4UUMMJK/view?usp=sharing 97 | 98 | ## PenTest Report Writing 99 | 100 | - https://www.youtube.com/watch?v=J34DnrX7dTo 101 | - https://www.youtube.com/watch?v=NEz4SfjjwvU 102 | - https://www.youtube.com/watch?v=6QIrXgPGJhM 103 | - https://www.cobalt.io/blog/how-to-write-an-effective-pentest-report-vulnerability-reports 104 | --------------------------------------------------------------------------------