Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist

A OWASP Based Checklist With 80+ Test Cases
https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist

checklist penetration-testing penetration-testing-framework pentesting thick-client thin-client

Last synced: 2 days ago
JSON representation

A OWASP Based Checklist With 80+ Test Cases

Host: GitHub
URL: https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist
Owner: Hari-prasaanth
Created: 2022-06-20T03:00:51.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-10-26T01:14:33.000Z (about 2 years ago)
Last Synced: 2024-08-02T16:31:23.320Z (3 months ago)
Topics: checklist, penetration-testing, penetration-testing-framework, pentesting, thick-client, thin-client
Homepage:
Size: 1.19 MB
Stars: 117
Watchers: 4
Forks: 36
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-pentest-cheat-sheets - Thick Client Pentest Checklist - Pentest Checklist for Thick-Client Penetration Tests (General cheat sheets)

README

        # THICK CLIENT PENTESTING CHECKLIST

**OWASP Based Checklist  🌟🌟**

**80+ Test Cases 🚀🚀**

Notion link: https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0

- **INFORMATION GATHERING**

    

    **Information Gathering**

    

    - [ ]  Find out the application architecture (two-tier or three-tier)

    - [ ]  Find out the technologies used (languages and frameworks)

    - [ ]  Identify network communication

    - [ ]  Observe the application process

    - [ ]  Observe each functionality and behavior of the application

    - [ ]  Identify all the entry points

    - [ ]  Analyze the security mechanism (authorization and authentication)

    

    **Tools Used**

    

    - [ ]  CFF Explorer

    - [ ]  Sysinternals Suite

    - [ ]  Wireshark

    - [ ]  PEid

    - [ ]  Detect It Easy (DIE)

    - [ ]  Strings

    

- **GUI TESTING**

    

    **Test For GUI Object Permission**

    

    - [ ]  Display hidden form object

    - [ ]  Try to activate disabled functionalities

    - [ ]  Try to uncover the masked password

    

    **Test GUI Content**

    

    - [ ]  Look for sensitive information

    

    **Test For GUI Logic**

    

    - [ ]  Try for access control and injection-based vulnerabilities

    - [ ]  Bypass controls by utilizing intended GUI functionality

    - [ ]  Check improper error handling

    - [ ]  Check weak input sanitization

    - [ ]  Try privilege escalation (unlocking admin features to normal users)

    - [ ]  Try payment manipulation

    

    **Tools Used**

    

    - [ ]  UISpy

    - [ ]  Winspy++

    - [ ]  Window Detective

    - [ ]  Snoop WPF

    

- **FILE TESTING**

    

    **Test For Files Permission**

    

    - [ ]  Check permission for each and every file and folder

    

    **Test For File Continuity**

    

    - [ ]  Check strong naming

    - [ ]  Authenticate code signing

    

    **Test For File Content Debugging**

    

    - [ ]  Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)

    - [ ]  Look for sensitive information on the config file

    - [ ]  Look for Hardcoded encryption data

    - [ ]  Look for Clear text storage of sensitive data

    - [ ]  Look for side-channel data leakage

    - [ ]  Look for unreliable log

    

    **Test For File And Content Manipulation**

    

    - [ ]  Try framework backdooring

    - [ ]  Try DLL preloading

    - [ ]  Perform Race condition check

    - [ ]  Test for Files and content replacement

    - [ ]  Test for Client-side protection bypass using reverse engineering

    

    **Test For Function Exported**

    

    - [ ]  Try to find the exported functions

    - [ ]  Try to use the exported functions without authentication

    

    **Test For Public Methods**

    

    - [ ]  Make a wrapper to gain access to public methods without authentication

    

    **Test For Decompile And Application Rebuild**

    

    - [ ]  Try to recover the original source code, passwords, keys

    - [ ]  Try to decompile the application

    - [ ]  Try to rebuild the application

    - [ ]  Try to patch the application

    

    **Test For Decryption And DE obfuscation**

    

    - [ ]  Try to recover original source code

    - [ ]  Try to retrieve passwords and keys

    - [ ]  Test for lack of obfuscation

    

    **Test For Disassemble and Reassemble**

    

    - [ ]  Try to build a patched assembly

    

    **Tools Used**

    

    - [ ]  Strings

    - [ ]  dnSpy

    - [ ]  Procmon

    - [ ]  Process Explorer

    - [ ]  Process Hacker

    

- **REGISTRY TESTING**

    

    **Test For Registry Permissions**

    

    - [ ]  Check read access to the registry keys

    - [ ]  Check to write access to the registry keys

    

    **Test For Registry Contents**

    

    - [ ]  Inspect the registry contents

    - [ ]  Check for sensitive info stored on the registry

    - [ ]  Compare the registry before and after executing the application

    

    **Test For Registry Manipulation**

    

    - [ ]  Try for registry manipulation

    - [ ]  Try to bypass authentication by registry manipulation

    - [ ]  Try to bypass authorization by registry manipulation

    

    **Tools Used**

    

    - [ ]  Regshot

    - [ ]  Procmon

    - [ ]  Accessenum

    

- **NETWORK TESTING**

    

    **Test For Network**

    

    - [ ]  Check for sensitive data in transit

    - [ ]  Try to bypass firewall rules

    - [ ]  Try to manipulate network traffic

    

    **Tools Used**

    

    - [ ]  Wireshark

    - [ ]  TCPview

    

- **ASSEMBLY TESTING**

    

    **Test For Assembly**

    

    - [ ]  Verify Address Space Layout Randomization (ASLR)

    - [ ]  Verify SafeSEH

    - [ ]  Verify Data Execution Prevention (DEP)

    - [ ]  Verify strong naming

    - [ ]  Verify ControlFlowGuard

    - [ ]  Verify HighentropyVA

    

    **Tools Used**

    

    - [ ]  PESecurity

    

- **MEMORY TESTING**

    

    **Test For Memory Content**

    

    - [ ]  Check for sensitive data stored in memory

    

    **Test For Memory Manipulation**

    

    - [ ]  Try for memory manipulation

    - [ ]  Try to bypass authentication by memory manipulation

    - [ ]  Try to bypass authorization by memory manipulation

    

    **Test For Run Time Manipulation**

    

    - [ ]  Try to analyze the dump file

    - [ ]  Check for process replacement

    - [ ]  Check for modifying assembly in the memory

    - [ ]  Try to debug the application

    - [ ]  Try to identify dangerous functions

    - [ ]  Use breakpoints to test each and every functionality

    

    **Tools Used**

    

    - [ ]  Process Hacker

    - [ ]  HxD

    - [ ]  Strings

    

- **TRAFFIC TESTING**

    

    **Test For Traffic**

    

    - [ ]  Analyze the flow of network traffic

    - [ ]  Try to find sensitive data in transit

    

    **Tools Used**

    

    - [ ]  Echo Mirage

    - [ ]  MITM Relay

    - [ ]  Burp Suite

    

- **COMMON VULNERABILITIES TESTING**

    

    **Test For Common Vulnerabilities**

    

    - [ ]  Try to decompile the application

    - [ ]  Try for reverse engineering

    - [ ]  Try to test with OWASP WEB Top 10

    - [ ]  Try to test with OWASP API Top 10

    - [ ]  Test for DLL Hijacking

    - [ ]  Test for signature checks (Use Sigcheck)

    - [ ]  Test for binary analysis (Use Binscope)

    - [ ]  Test for business logic errors

    - [ ]  Test for TCP/UDP attacks

    - [ ]  Test with automated scanning tools (Use Visual Code Grepper - VCG)

### Shaped by: Hariprasaanth R

**Reach Me: [LinkedIn](https://www.linkedin.com/in/hariprasaanth) [Portfolio](https://hariprasaanth.blogspot.com/) [Github](https://github.com/Hari-prasaanth)**