Critical
High
Medium
Low
Info

Web Application Pentest Checklist

0% Completed
██╗  ██╗ █████╗  ██████╗██╗  ██╗███████╗██████╗ 
██║  ██║██╔══██╗██╔════╝██║ ██╔╝██╔════╝██╔══██╗
███████║███████║██║     █████╔╝ █████╗  ██████╔╝
██╔══██║██╔══██║██║     ██╔═██╗ ██╔══╝  ██╔══██╗
██║  ██║██║  ██║╚██████╗██║  ██╗███████╗██║  ██║
╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝

Red Team Tactical Matrix

Enterprise Web Application Security Dashboard

Created by Harsh Gupta

Cybersecurity | Red Team | VAPT | Offensive Security

Recon 0%
Run amass
Run subfinder
Run assetfinder
Run dnsgen
Run massdns
Use httprobe
Run aquatone
Shodan enumeration
Censys enumeration
Google dorking
GitHub secret hunting
Search API keys
Search AWS keys
Search OAuth secrets
Search CI/CD secrets
Search exposed .env files
Search private repo leaks
Surface Mapping 0%
Nmap scan
Burp crawler
ffuf fuzzing
JS endpoint discovery
Hidden API endpoints
Hardcoded tokens in JS
GraphQL endpoint exposure
Hidden content discovery
robots.txt / sitemap.xml
Tech fingerprinting
Client-side review
DOM sinks
Unsafe eval()
Prototype pollution vectors
Authentication 0%
Authentication bypass
Logic flaw bypass
Header manipulation
JWT tampering
Parameter pollution bypass
Account takeover (ATO)
Password reset abuse
Token reuse
Race condition
OAuth misbinding
User enumeration
Timing attack
Error message difference
Bruteforce bypass
Rate-limit bypass
IP rotation
Captcha bypass
Weak password policy
MFA bypass
OTP reuse
Backup code abuse
Password reset flaws
Token prediction
Token reuse
Host header poisoning
Default credentials
Session Management 0%
Session fixation
Session timeout bypass
Token not regenerated
Missing HttpOnly/Secure flags
CSRF
No CSRF token
Token reuse
JSON CSRF
Clickjacking (sensitive)
Clickjacking (non-sensitive)
Authorization 0%
Privilege escalation to admin
Horizontal access (IDOR)
Sequential IDOR
UUID brute force
GraphQL IDOR
Missing authorization check
Cross-tenant data exposure
Broken Object Level Authorization (BOLA)
Injection 0%
Remote Code Execution (RCE)
Command injection
Deserialization
Template injection
File upload RCE
SQL Injection
Error-based
Union-based
Boolean-based
Time-based
OOB
Second-order
NoSQL Injection
$ne operator
Regex injection
Command Injection
Blind
OOB DNS exfiltration
XXE
Blind XXE
File read
SSRF via XXE
SSTI
Jinja2
Twig
Freemarker
Velocity
LDAP Injection
Reflected XSS
HTML context
Attribute context
JS context
Stored XSS
Admin panel
Public profile
Rich text editor
DOM XSS
location.hash
postMessage abuse
LFI
Path traversal
Log poisoning
RFI
API Security 0%
Broken Function Level Authorization
Mass assignment
Excessive data exposure
Improper rate limiting
OAuth / JWT 0%
OAuth redirect URI bypass
OAuth state parameter bypass
JWT alg=none attack
JWT weak secret brute force
JWT kid injection
Token replay attack
SSRF 0%
Basic SSRF
SSRF to metadata service
Blind SSRF
Cache & Host Header 0%
Cache poisoning
Cache deception
Host header injection
Password reset poisoning
File Handling 0%
Unrestricted file upload
Web shell upload
Double extension bypass
File type bypass
SVG XSS
Polyglot file upload
EXIF data leakage
Business Logic 0%
Workflow bypass
Payment abuse
Negative value manipulation
Currency tampering
Coupon abuse
Race condition
Cryptography 0%
Weak encryption
Hardcoded secrets
Weak hashing algorithm
Improper randomness
Misconfiguration 0%
Missing security headers
Verbose error messages
Directory listing enabled
Outdated software version
Mixed content