Home
/Checklists
/Infrastructure Pentest Checklist

Infrastructure27 items

Infrastructure Pentest Checklist

A comprehensive checklist for internal and external infrastructure penetration testing. Covers network enumeration, service exploitation, privilege escalation, and lateral movement techniques for enterprise environments.

NIST SP 800-115PTESOSSTMMCIS Controls

Progress: 0 of 27 items

Define IP ranges, subnets, and network segments in scopeinfo

Document all CIDR blocks, VLANs, and specific hosts included in the assessment.

Confirm rules of engagement for destructive testing

Clarify whether denial-of-service, exploit execution, and credential dumping are permitted.

Obtain network diagrams and asset inventories

Review provided documentation about network topology and critical systems.

Set up VPN or physical access for internal testing

Verify connectivity to all in-scope network segments from the testing position.

Coordinate testing windows to avoid business impact

Schedule intensive scans and exploitation attempts during agreed maintenance windows.

Perform comprehensive port scanning on all in-scope hostsinfo

Run Nmap TCP/UDP scans with service version detection and OS fingerprinting.

Enumerate running services and banner informationlow

Identify service versions, default pages, and protocol-specific information.

Identify network infrastructure devices (routers, switches, firewalls)medium

Map network devices and check for management interfaces accessible from the testing position.

Enumerate DNS records and zone transfersmedium

Attempt AXFR zone transfers and enumerate internal hostnames through DNS.

Identify SNMP-accessible devices and extract community stringshigh

Test for default and weak SNMP community strings on discovered devices.

Scan for network shares (SMB, NFS) and accessible resourceshigh

Enumerate SMB shares, NFS exports, and FTP directories for sensitive data exposure.

Run vulnerability scanners against discovered hostshigh

Use Nessus, OpenVAS, or Qualys to identify known vulnerabilities and misconfigurations.

Check for missing patches on operating systems and servicescritical

Identify unpatched systems vulnerable to known exploits like EternalBlue or PrintNightmare.

Test for default and weak credentials on all servicescritical

Check SSH, RDP, database, and management console logins for default or easily guessable passwords.

Assess SSL/TLS configurations across all encrypted servicesmedium

Test for weak ciphers, expired certificates, and protocol downgrade vulnerabilities.

Check for unencrypted protocols transmitting sensitive datahigh

Identify FTP, Telnet, HTTP, and LDAP (non-TLS) services handling credentials or sensitive information.

Exploit identified vulnerabilities to gain initial accesscritical

Use Metasploit, manual exploits, or credential attacks to compromise target systems.

Perform local privilege escalation on compromised hostscritical

Escalate from standard user to root/SYSTEM using kernel exploits, misconfigurations, or credential reuse.

Attempt lateral movement to adjacent network segmentscritical

Use harvested credentials, pass-the-hash, or network pivoting to access additional systems.

Extract and crack password hashes from compromised systemshigh

Dump SAM/NTDS.dit, /etc/shadow, or application database hashes for offline cracking.

Test network segmentation and firewall rule effectivenesshigh

Verify that segmentation prevents unauthorized traffic between network zones.

Assess data exfiltration paths from critical systemshigh

Test whether sensitive data can be extracted via DNS, HTTP, or other covert channels.

Create network attack path diagrams

Visualize the chain of compromises from initial access to domain or critical asset compromise.

Document all compromised hosts and harvested credentials

Provide a complete list of systems accessed and credentials obtained during testing.

Provide prioritized remediation plan based on attack paths

Rank fixes by their effectiveness at breaking the most critical attack chains.

Include network segmentation improvement recommendations

Recommend firewall rules, VLAN changes, and micro-segmentation strategies.

Remove all implants, shells, and testing artifacts

Thoroughly clean up all persistence mechanisms and tools deployed during the assessment.

Related Vulnerabilities

Security Misconfiguration

medium

Identification and Authentication Failures

high

Cryptographic Failures

high

Industries Using This Checklist

Financial Services & Banking

Government & Public Sector

Manufacturing & OT

Report Vulnerabilities Faster with Vulnsy

Stop rewriting the same findings. Use Vulnsy's reusable templates, collaborative workflows, and professional report generation to deliver pentest reports 10x faster.

Start Free Trial

Vulnsy

Modern penetration testing reporting platform. Built by pentesters, for pentesters.

Platform

Features
Pricing
FAQ

Resources

Vulnerability Knowledge Base
Pentest Checklists
Cybersecurity Glossary
Industries
Blog
Free Tools

Contact

luke@vulnsy.com

Infrastructure Pentest Checklist

Pre-Engagement

Reconnaissance

Vulnerability Assessment

Exploitation & Post-Exploitation

Reporting

Related Vulnerabilities

Industries Using This Checklist

Report Vulnerabilities Faster with Vulnsy