To Do's Status Comments

Ensure ROE is signed by client Outstanding

Add IPs in scope to Scope tab Outstanding
Verify customer scope Outstanding
Send kickoff email Outstanding
Conduct vulnerability scanning with Nessus Outstanding
Identify e-mails/users/pass in breach Outstanding
databases (Dehashed, breach-parse, etc.)
Identify employees & email address format (LinkedIn, Outstanding
phonebook.cz, clearbit, hunter.io, etc.)

Identify client's website(s) and search for any data useful

to help attack (job posting, system information, Outstanding
password policy, etc.)
Attempt to enumerate any accounts on portals, Outstanding
password reset functions, etc.
Run web app scans, if necessary Outstanding

Outstanding
Conduct manual testing and exploitation on targets
Validate scanning tool vulnerabilities Outstanding
Conduct password spraying guessing and brute force on Outstanding
login portals
Escalate access from external to internal Outstanding

Outstanding
Validate previous year findings have been resolved
Cleanup Outstanding
IP Range Comments
Host IP
URL Open Port
 Status Comments / Findings
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Outstanding
Site Account list using Passwords Tried
Users
Password from Breach
Login Pages Comments
 Finding / Issue System/IP Name

Strengths Identified System/IP Name

Screenshot? Comment

Screenshot? Comment