Wireless Penetration Testing Checklist — Professional Guide

Professional Wireless Pentest Checklist

This is the actual checklist used by professional penetration testers during wireless security assessments.

Phase 1: Pre-Engagement

• ☐ Signed scope document and rules of engagement
• ☐ Authorized wireless testing window
• ☐ Emergency contacts for the client
• ☐ Equipment check: adapter, Kali, scripts

Phase 2: Reconnaissance

☐ airodump-ng wlan0mon                    # Map all wireless networks
☐ Document: SSID, BSSID, channel, encryption, clients
☐ Identify hidden networks
☐ Check for rogue access points
☐ Note signal strengths and coverage areas

Phase 3: Vulnerability Assessment

☐ Check for WPS enabled
☐ Check encryption strength (WEP/WPA/WPA2/WPA3)
☐ Test for client isolation bypass
☐ Check for management frame protection
☐ Test captive portal security

Phase 4: Active Attacks

☐ WPA2 handshake capture + cracking
☐ WPS PIN brute force (if WPS enabled)
☐ Evil Twin attack test
☐ Deauthentication resilience test
☐ PMKID attack attempt
☐ Client-side attacks (KARMA)

Phase 5: Post-Exploitation

☐ Internal network access from WiFi?
☐ VLAN hopping possible?
☐ Can reach critical assets from guest network?
☐ ARP spoofing/MITM possible?

Phase 6: Reporting

• ☐ Executive summary
• ☐ Each finding with CVSS score
• ☐ Evidence screenshots
• ☐ Remediation recommendations
• ☐ Clean up all artifacts

🔥 Learn professional pentesting at ONLY4YOU →