Back
Pen Test
NIST SP 800-115
NIST SP 800-115IdentifyRespond

Penetration Testing

Structured penetration testing workflow with CVSS scoring and OWASP Top 10 coverage

CA-8, RA-5, SI-10OWASP Top 10, CISA KEV

Overview

The Penetration Testing skill provides a complete project management framework for ethical hacking engagements. It supports the full lifecycle from project initialization and scoping through finding documentation, CVSS scoring, and final report generation. Findings are tracked with severity ratings, CVE references, NIST control mappings, and actionable remediation guidance. The structured output integrates directly with the Risk Assessment pipeline.

Prerequisites

Python 3.8+ standard library
Authorized penetration testing agreement (Rules of Engagement)
Access to target systems within defined scope
Knowledge of OWASP Top 10 and common attack vectors

Capabilities

Project initialization with scope definition
Finding tracking with unique IDs and timestamps
CVSS 3.1 severity scoring (Critical/High/Medium/Low)
CVE reference linking for known vulnerabilities
NIST 800-53 control mapping per finding
OWASP Top 10 classification support
Markdown report generation with executive summary
JSON export for risk assessment pipeline import

Usage Guide

1

Initialize the Project

Create a new pen-test project with scope definition and metadata. This establishes the project directory and tracking files.

bash
python3 pentest_manager.py init \
  --name 'Q1-2026 Web App Assessment' \
  --scope '192.168.1.0/24, webapp.example.com' \
  --tester 'Gaby - Regional IT Director'
2

Document Findings

As you discover vulnerabilities during testing, add each finding with severity, CVSS score, CVE reference, and remediation guidance.

bash
python3 pentest_manager.py add-finding \
  --project Q1-2026-Web-App \
  --title 'SQL Injection in Login Form' \
  --severity CRITICAL \
  --host 192.168.1.10 --port 443 \
  --cvss 9.8 --cve N/A \
  --control SI-10 \
  --description 'Login form vulnerable to SQL injection via username parameter' \
  --remediation 'Implement parameterized queries and input validation'
3

Generate the Report

Compile all findings into a structured penetration test report with executive summary, methodology, and detailed findings.

bash
python3 pentest_manager.py report \
  --project Q1-2026-Web-App \
  --output /reports/pentest_report.md
4

Import into Risk Assessment

Feed findings into the consolidated risk register for enterprise-wide risk scoring.

bash
python3 risk_report.py import-findings \
  --project my-audit \
  --file /reports/pentest_findings.json

CLI Commands

Create a new penetration testing project with defined scope.

bash
python3 pentest_manager.py init --name 'Web App Pentest' --scope '192.168.1.0/24'
Expected Output
Project 'Web App Pentest' initialized
Project directory: ./pentest_projects/web-app-pentest/
Scope: 192.168.1.0/24
Status: ACTIVE

Sample Outputs

Penetration Test Report

markdown
# Penetration Test Report
**Project:** Q1-2026 Web App Assessment
**Tester:** Gaby — Regional IT Director
**Date:** 2026-03-01 | **Framework:** NIST SP 800-115

## Executive Summary
5 vulnerabilities identified across the target scope.
- **Critical:** 2 | **High:** 2 | **Medium:** 1

## Finding #1: SQL Injection in Login Form
- **Severity:** CRITICAL | **CVSS:** 9.8
- **Host:** 192.168.1.10:443
- **NIST Control:** SI-10 (Information Input Validation)
- **Description:** The login form at /api/auth/login is vulnerable
  to SQL injection via the username parameter.
- **Remediation:** Implement parameterized queries and input validation
- **Evidence:** `' OR 1=1 --` bypasses authentication

Findings JSON Export

json
{
  "project": "Q1-2026 Web App Assessment",
  "findings": [
    {
      "id": 1,
      "title": "SQL Injection in Login Form",
      "severity": "CRITICAL",
      "cvss": "9.8",
      "host": "192.168.1.10",
      "port": "443",
      "cve": "N/A",
      "nist_control": "SI-10",
      "status": "open"
    }
  ]
}

NIST Control Mappings

CA-8
Penetration Testing
Assessment, Authorization, and Monitoring

Conduct penetration testing on organizational systems at defined frequency.

RA-5
Vulnerability Monitoring and Scanning
Risk Assessment

Monitor and scan for vulnerabilities in organizational systems.

SI-10
Information Input Validation
System and Information Integrity

Check the validity of information inputs to the system.

SC-8
Transmission Confidentiality and Integrity
System and Communications Protection

Protect the confidentiality and integrity of transmitted information.

IA-5
Authenticator Management
Identification and Authentication

Manage system authenticators by verifying identity before issuing credentials.

Best Practices

Always work within the defined scope and Rules of Engagement
Document findings immediately — do not rely on memory
Include proof-of-concept evidence for every finding
Score findings using CVSS 3.1 for consistent severity ratings
Provide actionable remediation guidance, not just vulnerability descriptions
Debrief with the client before finalizing the report

Limitations

This skill manages the documentation workflow, not the actual exploitation tools
CVSS scores should be validated against the official NIST NVD calculator
Does not include automated exploitation capabilities
Social engineering findings require separate documentation templates
Back to DashboardNIST SP 800-115 / 800-53 / CSF 2.0 / 800-61 / 800-37