Vulnsy

Pentest Checklists

Interactive checklists for penetration testing engagements. Track your progress and never miss a test case.

Web Application28 items

Web Application Pentest Checklist

A structured penetration testing checklist for web applications covering all critical attack surfaces. This checklist guides testers through...

OWASP Top 10OWASP WSTGPTES
API27 items

API Security Testing Checklist

A detailed checklist for testing the security of REST and GraphQL APIs. Covers authentication, authorization, input validation, rate limitin...

OWASP API Security Top 10NIST SP 800-115PTES
Infrastructure27 items

Infrastructure Pentest Checklist

A comprehensive checklist for internal and external infrastructure penetration testing. Covers network enumeration, service exploitation, pr...

NIST SP 800-115PTESOSSTMM
Cloud27 items

Cloud Security Assessment Checklist

A thorough security assessment checklist for cloud environments including AWS, Azure, and GCP. Covers identity and access management, storag...

CIS BenchmarksCSA CCMNIST SP 800-144
Mobile27 items

Mobile App Security Checklist

A comprehensive security testing checklist for iOS and Android mobile applications. Covers local data storage, network communication, authen...

OWASP MASVSOWASP MASTGNIST SP 800-163
Web Application28 items

OWASP Top 10 Testing Checklist

A structured testing checklist aligned with the OWASP Top 10 2021 categories. Each phase covers specific vulnerability classes with concrete...

OWASP Top 10 2021OWASP WSTGASVS 4.0
Web Application26 items

PCI DSS Penetration Testing Checklist

A penetration testing checklist specifically designed to meet PCI DSS requirements 11.3 and 11.4. Covers cardholder data environment (CDE) s...

PCI DSS 4.0PA-DSSOWASP Top 10
IoT26 items

IoT Security Testing Checklist

A security testing checklist for Internet of Things devices and ecosystems. Covers firmware security, communication protocols, hardware inte...

OWASP IoT Top 10NIST IR 8259ETSI EN 303 645
Infrastructure28 items

Active Directory Security Checklist

A targeted penetration testing checklist for Microsoft Active Directory environments. Covers domain enumeration, Kerberos attacks, ACL abuse...

MITRE ATT&CKNIST SP 800-115CIS Benchmarks
Infrastructure27 items

Wireless Network Pentest Checklist

A wireless network security testing checklist covering Wi-Fi infrastructure, authentication mechanisms, encryption protocols, rogue device d...

NIST SP 800-153NIST SP 800-115PCI DSS 11.1
Web Application50 items

AI / LLM Application Pentest Checklist

A field-tested checklist for assessing LLM-backed applications and AI agents end-to-end - from system prompt and tool-use scoping through di...

OWASP LLM Top 10 (2025)NIST AI 600-1OWASP API Top 10
API50 items

GraphQL API Pentest Checklist

A targeted checklist for GraphQL endpoints that goes beyond REST-style API testing. Covers introspection, schema-aware authorization tests, ...

OWASP API Top 10 (2023)OWASP WSTGGraphQL Foundation Spec
Infrastructure50 items

CI/CD Pipeline Security Checklist

An end-to-end checklist for assessing software-delivery pipelines as the high-impact attack surface they are. Walks through source, build, a...

OWASP Top 10 CI/CD Security RisksSLSA FrameworkNIST SP 800-204D
Infrastructure50 items

Kubernetes & Container Security Checklist

A pentest-oriented checklist for Kubernetes clusters and the containers running on them. Covers cluster-control-plane exposure, pod-spec har...

CIS Kubernetes BenchmarkNSA/CISA Kubernetes Hardening GuidanceOWASP K8s Top 10

14 of 14 checklists