Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist
A OWASP Based Checklist With 80+ Test Cases
https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist
checklist penetration-testing penetration-testing-framework pentesting thick-client thin-client
Last synced: about 1 month ago
JSON representation
A OWASP Based Checklist With 80+ Test Cases
- Host: GitHub
- URL: https://github.com/Hari-prasaanth/Thick-Client-Pentest-Checklist
- Owner: Hari-prasaanth
- Created: 2022-06-20T03:00:51.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-10-26T01:14:33.000Z (about 2 years ago)
- Last Synced: 2024-08-02T16:31:23.320Z (4 months ago)
- Topics: checklist, penetration-testing, penetration-testing-framework, pentesting, thick-client, thin-client
- Homepage:
- Size: 1.19 MB
- Stars: 117
- Watchers: 4
- Forks: 36
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-pentest-cheat-sheets - Thick Client Pentest Checklist - Pentest Checklist for Thick-Client Penetration Tests (General cheat sheets)
README
# THICK CLIENT PENTESTING CHECKLIST
**OWASP Based Checklist 🌟🌟**
**80+ Test Cases 🚀🚀**
Notion link: https://hariprasaanth.notion.site/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0
- **INFORMATION GATHERING**
**Information Gathering**
- [ ] Find out the application architecture (two-tier or three-tier)
- [ ] Find out the technologies used (languages and frameworks)
- [ ] Identify network communication
- [ ] Observe the application process
- [ ] Observe each functionality and behavior of the application
- [ ] Identify all the entry points
- [ ] Analyze the security mechanism (authorization and authentication)
**Tools Used**
- [ ] CFF Explorer
- [ ] Sysinternals Suite
- [ ] Wireshark
- [ ] PEid
- [ ] Detect It Easy (DIE)
- [ ] Strings
- **GUI TESTING**
**Test For GUI Object Permission**
- [ ] Display hidden form object
- [ ] Try to activate disabled functionalities
- [ ] Try to uncover the masked password
**Test GUI Content**
- [ ] Look for sensitive information
**Test For GUI Logic**
- [ ] Try for access control and injection-based vulnerabilities
- [ ] Bypass controls by utilizing intended GUI functionality
- [ ] Check improper error handling
- [ ] Check weak input sanitization
- [ ] Try privilege escalation (unlocking admin features to normal users)
- [ ] Try payment manipulation
**Tools Used**
- [ ] UISpy
- [ ] Winspy++
- [ ] Window Detective
- [ ] Snoop WPF
- **FILE TESTING**
**Test For Files Permission**
- [ ] Check permission for each and every file and folder
**Test For File Continuity**
- [ ] Check strong naming
- [ ] Authenticate code signing
**Test For File Content Debugging**
- [ ] Look for sensitive information on the file system (symbols, sensitive data, passwords, configurations)
- [ ] Look for sensitive information on the config file
- [ ] Look for Hardcoded encryption data
- [ ] Look for Clear text storage of sensitive data
- [ ] Look for side-channel data leakage
- [ ] Look for unreliable log
**Test For File And Content Manipulation**
- [ ] Try framework backdooring
- [ ] Try DLL preloading
- [ ] Perform Race condition check
- [ ] Test for Files and content replacement
- [ ] Test for Client-side protection bypass using reverse engineering
**Test For Function Exported**
- [ ] Try to find the exported functions
- [ ] Try to use the exported functions without authentication
**Test For Public Methods**
- [ ] Make a wrapper to gain access to public methods without authentication
**Test For Decompile And Application Rebuild**
- [ ] Try to recover the original source code, passwords, keys
- [ ] Try to decompile the application
- [ ] Try to rebuild the application
- [ ] Try to patch the application
**Test For Decryption And DE obfuscation**
- [ ] Try to recover original source code
- [ ] Try to retrieve passwords and keys
- [ ] Test for lack of obfuscation
**Test For Disassemble and Reassemble**
- [ ] Try to build a patched assembly
**Tools Used**
- [ ] Strings
- [ ] dnSpy
- [ ] Procmon
- [ ] Process Explorer
- [ ] Process Hacker
- **REGISTRY TESTING**
**Test For Registry Permissions**
- [ ] Check read access to the registry keys
- [ ] Check to write access to the registry keys
**Test For Registry Contents**
- [ ] Inspect the registry contents
- [ ] Check for sensitive info stored on the registry
- [ ] Compare the registry before and after executing the application
**Test For Registry Manipulation**
- [ ] Try for registry manipulation
- [ ] Try to bypass authentication by registry manipulation
- [ ] Try to bypass authorization by registry manipulation
**Tools Used**
- [ ] Regshot
- [ ] Procmon
- [ ] Accessenum
- **NETWORK TESTING**
**Test For Network**
- [ ] Check for sensitive data in transit
- [ ] Try to bypass firewall rules
- [ ] Try to manipulate network traffic
**Tools Used**
- [ ] Wireshark
- [ ] TCPview
- **ASSEMBLY TESTING**
**Test For Assembly**
- [ ] Verify Address Space Layout Randomization (ASLR)
- [ ] Verify SafeSEH
- [ ] Verify Data Execution Prevention (DEP)
- [ ] Verify strong naming
- [ ] Verify ControlFlowGuard
- [ ] Verify HighentropyVA
**Tools Used**
- [ ] PESecurity
- **MEMORY TESTING**
**Test For Memory Content**
- [ ] Check for sensitive data stored in memory
**Test For Memory Manipulation**
- [ ] Try for memory manipulation
- [ ] Try to bypass authentication by memory manipulation
- [ ] Try to bypass authorization by memory manipulation
**Test For Run Time Manipulation**
- [ ] Try to analyze the dump file
- [ ] Check for process replacement
- [ ] Check for modifying assembly in the memory
- [ ] Try to debug the application
- [ ] Try to identify dangerous functions
- [ ] Use breakpoints to test each and every functionality
**Tools Used**
- [ ] Process Hacker
- [ ] HxD
- [ ] Strings
- **TRAFFIC TESTING**
**Test For Traffic**
- [ ] Analyze the flow of network traffic
- [ ] Try to find sensitive data in transit
**Tools Used**
- [ ] Echo Mirage
- [ ] MITM Relay
- [ ] Burp Suite
- **COMMON VULNERABILITIES TESTING**
**Test For Common Vulnerabilities**
- [ ] Try to decompile the application
- [ ] Try for reverse engineering
- [ ] Try to test with OWASP WEB Top 10
- [ ] Try to test with OWASP API Top 10
- [ ] Test for DLL Hijacking
- [ ] Test for signature checks (Use Sigcheck)
- [ ] Test for binary analysis (Use Binscope)
- [ ] Test for business logic errors
- [ ] Test for TCP/UDP attacks
- [ ] Test with automated scanning tools (Use Visual Code Grepper - VCG)### Shaped by: Hariprasaanth R
**Reach Me: [LinkedIn](https://www.linkedin.com/in/hariprasaanth) [Portfolio](https://hariprasaanth.blogspot.com/) [Github](https://github.com/Hari-prasaanth)**