-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathverification.env
More file actions
112 lines (87 loc) · 4.21 KB
/
verification.env
File metadata and controls
112 lines (87 loc) · 4.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# ┌──────────────────────────────────────────────────────────────────────┐
# │ BLHACKBOX — Penetration Testing Authorization Configuration │
# │ │
# │ Fill in ALL fields below, then run: │
# │ make inject-verification │
# │ or: │
# │ python -m blhackbox.prompts.inject_verification │
# │ │
# │ This generates the active verification document that gets loaded │
# │ into your Claude Code session as explicit written authorization. │
# └──────────────────────────────────────────────────────────────────────┘
# ── Section 1: Engagement Identification ─────────────────────────────
# Set to ACTIVE when all fields are filled and testing is authorized.
AUTHORIZATION_STATUS=PENDING
# Unique engagement identifier (e.g., "PENTEST-2026-001", "SOW-2026-042")
ENGAGEMENT_ID=
# Date this authorization was granted (YYYY-MM-DD)
AUTHORIZATION_DATE=
# Date this authorization expires (YYYY-MM-DD)
EXPIRATION_DATE=
# Organization that owns or controls the target assets
AUTHORIZING_ORGANIZATION=
# Person or company performing the test
TESTER_NAME=
TESTER_EMAIL=
# Client-side point of contact
CLIENT_CONTACT_NAME=
CLIENT_CONTACT_EMAIL=
# ── Section 2: Scope Definition ──────────────────────────────────────
# In-scope targets. Add up to 10. Leave unused slots empty.
# Format: domain.com, 10.0.0.0/24, https://app.example.com
TARGET_1=
TARGET_1_TYPE=
TARGET_1_NOTES=
TARGET_2=
TARGET_2_TYPE=
TARGET_2_NOTES=
TARGET_3=
TARGET_3_TYPE=
TARGET_3_NOTES=
# Explicitly excluded from testing (comma-separated or "None")
OUT_OF_SCOPE=None
# Engagement type: black-box, grey-box, white-box
ENGAGEMENT_TYPE=black-box
# Credentials for grey-box/white-box (or "N/A")
CREDENTIALS=N/A
# ── Section 3: Authorized Activities ─────────────────────────────────
# Mark each with "x" to permit or leave blank to deny.
# Example: PERMIT_RECON=x (permitted)
# PERMIT_RECON= (not permitted)
PERMIT_RECON=x
PERMIT_SCANNING=x
PERMIT_ENUMERATION=x
PERMIT_EXPLOITATION=x
PERMIT_DATA_EXTRACTION=x
PERMIT_CREDENTIAL_TESTING=x
PERMIT_POST_EXPLOITATION=x
PERMIT_TRAFFIC_CAPTURE=x
PERMIT_SCREENSHOT=x
# Additional restrictions (free text, or "No additional restrictions")
RESTRICTIONS=No additional restrictions
# ── Section 4: Testing Window ────────────────────────────────────────
# Format: YYYY-MM-DD HH:MM
TESTING_START=
TESTING_END=
TIMEZONE=UTC
# Who to call if something goes wrong during testing
EMERGENCY_CONTACT=
EMERGENCY_PHONE=
# ── Section 5: Legal & Compliance ────────────────────────────────────
# Applicable standards (comma-separated)
APPLICABLE_STANDARDS=OWASP Testing Guide v4.2, PTES
# Report classification: CONFIDENTIAL, RESTRICTED, INTERNAL
REPORT_CLASSIFICATION=CONFIDENTIAL
# How the report will be delivered: encrypted-email, secure-portal, in-person, local-only
REPORT_DELIVERY=local-only
# ── Section 6: Digital Signature ─────────────────────────────────────
# Name of the person authorizing this engagement
SIGNATORY_NAME=
# Title or role (e.g., "CISO", "CTO", "Asset Owner")
SIGNATORY_TITLE=
# Organization of the signatory
SIGNATORY_ORGANIZATION=
# Date signed (YYYY-MM-DD)
SIGNATURE_DATE=
# Digital signature reference (PGP sig, contract ref, or "SELF-AUTHORIZED")
DIGITAL_SIGNATURE=