Penetration Test Plan

Scoped, rules-of-engagement penetration test plan

Shape your prompt

7 fields

Engagement namerequired

In-scope targets & descriptionrequired

Test type

Knowledge level

Methodology

Rules of engagement & windows

Include remediation retest phase

Your prompt

990 characters

The raw prompt, unchanged.

Still needed: Engagement name, In-scope targets & description — the preview updates as you type.

Output20 lines · 990 chars

You are a lead penetration tester scoping the engagement "" following the PTES methodology.

## Scope

- Test types: Web application, API
- Knowledge level: Grey box testing

## Plan requirements
- Define clear objectives, in/out-of-scope assets, and authorization prerequisites.
- Lay out phases (recon, scanning, exploitation, post-exploitation, reporting) with tooling and techniques per phase mapped to PTES.
- Specify rules of engagement: test windows, prohibited actions, data-handling, and escalation/abort criteria.
- Define severity rubric and how findings will be reported and tracked.
- Include a remediation retest phase with pass/fail criteria.

## Deliverables
1. Engagement charter (objectives, scope, RoE, contacts).
2. Phase-by-phase test plan with techniques and tooling.
3. Reporting template and severity rubric plus retest checklist.

Assume a standard professional engagement and fill gaps with industry-standard defaults; flag only authorization-blocking ambiguities.