Pentest Scoping Wizard

🏢CLIENT INFORMATION

ℹ This information appears on your Memorandum of Understanding (MOU). Both parties sign this document before any testing begins — it's your legal protection. Take your time here.

Organisation / Practice Name *

Industry / Sector * ?

Authorised Contact Person * ?

Position / Role *

Email Address *

Phone Number *

Physical Address

Primary Website / Domain (used in Target Discovery) Don't include https:// — just the domain name

Organisation Size

Company / CC Registration Number

VAT Number (if applicable)

🔍TARGET DISCOVERY TOOLS

💡 Use the tools below to identify and verify your assets before adding them to scope. All lookups run from your browser — nothing is logged or stored on our servers. Results can be added to your scope table with one click.

GET MY PUBLIC IP ADDRESS

Finds the external IP address your office uses to connect to the internet. This is what hackers see from the outside world. Most offices don't know this off the top of their head.

Waiting — click button above

DETECT MY INTERNAL / LAN IP ADDRESS

💡 Your internal IP is the address your router assigns to this computer on the local network (e.g. 192.168.1.15). Browsers can't read this directly, but you can get it in 3 easy steps using the buttons below — no technical knowledge needed.

WHAT SYSTEM ARE YOU ON?

Windows

Mac

Linux

Android

iPhone / iPad

1

Copy the command

Click the button below — it copies a safe, read-only command to your clipboard. It only reads your network info, changes nothing.

2

Open Run (press Win + R) and paste it in, then press Enter

A small window will flash open and close — that's normal. Your network info is now on your clipboard.

3

Paste the result here

Tap or click inside the box below, then press paste (or long-press on mobile) and choose Paste. We'll read it automatically.

// DON'T WANT TO RUN A COMMAND? FIND IT MANUALLY ↓

Windows: Open Settings > Network & Internet > Wi-Fi (or Ethernet) > Click your connection > Scroll to IPv4 address. That's your internal IP.

Mac: Click the Apple menu > System Settings > Network > Click your active connection (Wi-Fi or Ethernet) > Your IP is shown under IP address.

Linux: Open a terminal and type ip addr — look for the inet line under your active interface (usually eth0 or wlan0).

Android: Settings > Wi-Fi > Tap the gear icon on your connected network > Scroll to IP address. Samsung: Settings > Connections > Wi-Fi > tap network > View more.

iPhone / iPad: Settings > Wi-Fi > Tap the blue (i) icon next to your network > Your IP Address is under the IPv4 section.

TYPE YOUR IP MANUALLY:

DOMAIN → IP RESOLVER

Enter domain above and click Resolve

Uses Cloudflare's DNS-over-HTTPS — fast and private

IP INFORMATION LOOKUP

Enter an IP above to see provider, ASN, location

PASSIVE SUBDOMAIN DISCOVERY

Searches certificate transparency logs (crt.sh) to find subdomains — no active scanning, completely passive. Reveals forgotten portals, admin panels, staging sites.

Results will appear here — click any subdomain to add to scope

or click individual subdomains above to add one at a time

SUBNET / CIDR CALCULATOR

If you know your internal IP range, enter it in CIDR notation to see the full scope of addresses. Useful for defining internal network segments accurately.

Enter CIDR notation above — format: 192.168.0.0/24

EMAIL / MX RECORD LOOKUP

Finds your domain's mail servers — important for knowing if email is self-hosted or with a provider like Microsoft 365 or Google Workspace (which would be out of scope).

MX records will appear here

📋ASSET INVENTORY — IN SCOPE

⚠ Only list systems, IPs, and domains you own or are explicitly authorised to test. Every asset here will appear in the signed MOU and is legally approved for testing. When in doubt — add it. Exclusions can always be specified in Step 3.

🧙 GUIDED ASSET BUILDER

🧭 Not sure what to add? Walk through the categories below. Click any card to add that asset type — or use Auto-Detect to pull in what you've already discovered with the tools above.

🌐

EXTERNAL

Public IPs, domains, websites

What hackers see from the outside

🏠

INTERNAL

LAN IPs, subnets, servers

Devices inside your office network

💻

WEB APPS

Portals, admin panels, booking

Anything with a login page or URL

📶

WIRELESS

Wi-Fi networks & SSIDs

Office, guest, and hidden networks

📧

EMAIL

Mail servers & email systems

Self-hosted or on-prem mail

☁️

CLOUD

AWS, Azure, GCP assets

Cloud-hosted infrastructure you own

ASSETS IN SCOPE: 0

Type	Asset (IP / Domain / URL / Range)	Description / System Name	Environment

🚫OUT OF SCOPE — EXCLUSIONS

⚠ Defining exclusions is just as critical as defining scope. This protects third parties, prevents legal liability, and avoids accidentally taking down systems you don't own. Be specific — vague exclusions cause disputes.

Explicitly Excluded Systems, IPs, or Ranges ?

Third-Party / Hosted Services NOT to Test

COMMON EXCLUSION PRESETS (click to add)

Systems That Must NEVER Go Offline ?

Known Fragile or Legacy Systems ?

Pre-existing Known Issues (exclude from findings) ?

⚡ASSESSMENT TYPES

💡 Select every type of testing that applies to this engagement. Only check what has been explicitly discussed and agreed with the client — each item selected becomes a legally agreed activity in the MOU.

🎯ENGAGEMENT APPROACH

Test Knowledge Level ?

Black Box

Grey Box

White Box

Staff Awareness ?

Unannounced

Announced

IT Only

Is Active Exploitation Permitted? ?

Yes — Full

Limited

No — Report Only

Is Destructive Testing Permitted? ?

Yes

No

With Prior Approval

Additional Methodology Notes / Restrictions

📅TESTING SCHEDULE

Proposed Start Date *

Proposed End Date *

Estimated Report Delivery Date Typically 5–10 business days after testing ends

Permitted Testing Window ?

After Hours

Business Hours

24 / 7

Custom

Custom Hours (if applicable)

🚨EMERGENCY CONTACTS & ABORT CONDITIONS

🔴 This is non-negotiable. A 24/7-reachable emergency contact must be available during all testing windows. This person can immediately halt the engagement if something unexpected occurs. Do not skip this section.

Primary Emergency Contact — Full Name *

Primary Contact — Mobile (must be reachable 24/7) *

Secondary Emergency Contact — Name

Secondary Contact — Mobile

Stop / Abort Conditions ?

🔒DATA HANDLING, POPIA & CONFIDENTIALITY

⚖ In South Africa, POPIA (Act 4 of 2013) applies to any personal information encountered during testing. This includes patient records, staff data, and client details. Define the data handling rules before testing begins — retroactive agreements don't protect either party.

May real patient / client data be accessed? ?

Yes — Necessary

Minimise Only

No — Test Env Only

NDA / Confidentiality Agreement Status ?

Already Signed

Include in This MOU

Not Required

Data Handling Protocol

POPIA Incident Notification Trigger ?

Agreed Deliverables

Agreed Package / Fee

Payment Terms

✍AUTHORISATION DETAILS

⚖ In South Africa, the Cybercrimes Act (Act 19 of 2020) and ECTA require explicit written authorisation before any penetration test. The signatory must have actual, documented legal authority to grant access to the systems listed. A junior staff member's verbal permission does not count.

Authorised Signatory — Full Legal Name *

Signatory — Position / Title *

Signatory — Email

Signatory — Phone

Scope of Signatory's Authority ?

✅LEGAL DECLARATIONS

⚖ All declarations below must be confirmed before the MOU is valid. Click each item to confirm — they become the signed authorisation clauses in the printed document.

CONFIRMED: 0 / 7

📝ADDITIONAL NOTES

Any Other Agreed Terms or Special Conditions

📄ENGAGEMENT SUMMARY — REVIEW BEFORE GENERATING

Your GreyHat4Hire branded PDF downloads instantly. No data leaves your browser.