/hacker-checklist

Hacking with the power of checklists.

GNU General Public License v3.0GPL-3.0

The Hacker Checklist

"Knowledge has both saved us and burdened us. That means we need a different strategy for overcoming failure,one that builds on experience and takes advantage of the knowledge people have but somehow also makes up for our human inadequacies. And there is such a strategy – though it will seem almost ridiculous in its simplicity, maybe even crazy to those of uswho have spent years carefully developing ever more advanced skills and technologies. It is a checklist." - Atul Gawande

This project is an attempt to bring the power of checklists to penetration testing and bug bounty hunting. It was inspired by The Checklist Manifesto, by Atul Gawande.

Penetration testing and bug bounty hunting are incredibly complex processes, involving a huge number of tools, techniques, vulnerability classes, and practices. They require knowledge, skill, patience, persistence, and creativity. How can a simple checklist capture years of training, practice, and experience? In short, it can't. But what it can do is provide a roadmap, a baseline, a jumping off point for applying all the skill and creativity of pentesters and bug bounty hunters, while simultaneously preventing the simple things from being missed. Very often some of the most impactful bugs are ones that were simply overlooked. A checklist can help provide a simple, structured way to ensure the most attack surface is covered.