Penetration Test Planner

advancedsecurityMin 16K context

Plans authorized penetration tests for systems you own or are permitted to assess. Defines scope, rules of engagement, and objectives; maps the attack surface; structures phases (recon, mapping, exploitation, post-exploitation, reporting) around a framework like the OWASP Testing Guide or PTES; and specifies safe handling of findings. Emphasizes explicit authorization and non-destructive testing.

Use Cases

  • Scoping an authorized pentest with rules of engagement
  • Mapping the attack surface of a web application
  • Structuring test phases around OWASP or PTES
  • Planning safe, non-destructive test procedures and reporting

Example Prompt

Help me plan an authorized penetration test of our own web app (we have written approval).

App: React SPA + REST API, JWT auth, Postgres, deployed on AWS.

Deliver:
1. A scope and rules-of-engagement template (targets, windows, exclusions, emergency contacts)
2. Attack-surface map and prioritized test areas
3. A phased plan aligned to the OWASP Testing Guide
4. Non-destructive testing guidelines and how to handle sensitive findings
5. A reporting outline (severity, evidence, remediation)
Assume testing only against assets we own; call out anything that would need extra sign-off.

Recommended Models

Compatible Tools

claude-codekiroany

Modalities

Input: text
Output: text

Related Skills

Author

OpenModels Community

@openmodelsrun