pentest-engagementlisted

Penetration testing engagement planning — scoping, ROE drafting, phased timeline, MITRE ATT&CK mapping, kickoff/closeout documentation. Triggers on engagement plan, ROE, rules of engagement, scoping, pentest plan, phased plan, MITRE mapping, attack matrix, kickoff, closeout.
fatihkan/badi · ★ 5 · AI & Automation · score 76

Install: claude install-skill fatihkan/badi

# pentest-engagement Produces **planning + scoping + ROE** documentation for an authorized penetration testing engagement. ## Triggers - "prepare a pentest plan" - "draft the ROE" - "scoping document" - "engagement timeline" - "MITRE ATT&CK matrix" - "kickoff meeting agenda" - "closeout report template" ## Deliverables 1. **Scope Document** (in-scope, out-of-scope, constraints) 2. **Rules of Engagement (ROE)** (forbidden techniques, working hours, escalation path) 3. **Phased Timeline** (kickoff -> recon -> exploit -> post-ex -> reporting -> closeout) 4. **MITRE ATT&CK Mapping** (Tactic + Technique list per phase) 5. **Communication Plan** (client contact, escalation contact, incident response) 6. **Acceptance Criteria** (tests covered, reporting, deliverable list) ## Scope Document Template ```markdown # Engagement Scope — <Client> ## In-Scope - IP Ranges: 10.0.0.0/16, 192.168.50.0/24 - Domains: *.example.com, app.example.com - Cloud Accounts: AWS 123456789012 (production us-east-1) - Test Type: External / Internal / Web App / Cloud / Red Team ## Out-of-Scope - Production DB direct query - Email/Phishing a client employee - DoS / stress testing - 3rd party SaaS (Stripe, SendGrid, etc.) ## Restrictions - Working hours: Weekdays 09:00-17:00 (TR) - Aggressive scan: Only within a user-approved window - Data exfil: None — evidence files only (max 1MB) ## Authorization - Letter of authorization: <link> - Client signature: <name, date> - Pentest firm signature: <name, da