July 16, 2010

Penetration-Test Plan (Farsi)

First of all, I've made some changes to blog and added few items. Hope these changes make the blog more user-friendly for non-rss visitors :) 

During long weeks that I was passing my conscription, I had a lot of free times beside the usual and daily works I could/had-to do in the research lab I was working in. These free times were good opportunities for studying and also writing. I wrote few papers and articles during those times and have already published some of them in this blog. Here`s another output from those days :)

This is kind of guidline, plan, framework or whatever you name it, to help novice users plan for a pen-test/assessment project. It is by no mean a complete/standard compliance/revised source, but just one of hundreds of available materials and refrences, available about the topic.

Also, this is NOT entirely provided by me. I've just grabbed a good source, and tried to translate/modify it for persian users, so the credit goes for vulnerabilityassessment.co.uk guys and others who've contributed to original work. Maybe the next time my students in pen-test training classes ask for the big easy to use how-to, this piece of information satisfy them for some days. 

File should be opened with Xmind, which is available free for download. Xmind is not my favorite brain-storming software, but using persian fonts forced me to switch to xmind, and now I`m happy with it. download it through below link. Ah, and please do not ask for an image export of the map. current version of Xmind is buggy and do not allow exporting of a map in this size. export simply fails! I've contacted developers few months ago about the case, but honestly forgot to investigate the case with them. So feel free to contact them, ask for a fix, export entire map in JPEG and let me know to upload it here ;)

Download the pen-test/assessment map
[updated: Finally could find a trick to make an image export!]
Click for full-size map

I`m releasing the complete source of plan , in easy to re-distribute form and with no restriction, BUT using this material without mentioning it`s source (vulnerabilityassessment.co.uk & me) is not allowed. A lot of friends has blamed me for sharing too much through what I write and release in persian, but I still believe in freedom and flow of information and hope to help some real looking minds, as I've learned what I know the same way, by reading from others...


  1. thanks for sharing Hamid!
    let's hope not to see "Pentest pazirofte mishavad" on grocery stores' glass :P

  2. Hi, Dear Mr.Kashfi

    Thank you very much affected.
    But I have a question about wireless networks if you have access to an AP،and you want a system that has hacked your network. Although you know firewall is installed on your system,how can I baypass firewalls, if the OS is win7.


  3. @Codex,
    I can`t understand your question. Didn`t even get what you`re looking for. ".. firewall is installed on YOUR system" , and then "..bypass firewall" ?
    what I see is an attempt to bypass your own firewall on win7 ? :)

  4. سلام
    اگر امکانش هست از تجربیاتتون با ان 900 هم بنویسید و همینطور اگر جایی کلاسی ارائه میدید اعلام کنید تو بلاگ

  5. Do you have the same scheme in English?

  6. @Els: It`s originally prepared in English. I've just released kind of translation for it. check "good source" in the post.

  7. Hi Hamid, Can you please Test Plan Templet for Pen Test, if Possible.