HailBytes/pentest-calculator

GitHub: HailBytes/pentest-calculator

Stars: 1 | Forks: 0

# HailBytes Penetration Testing Scope Calculator A **zero-dependency web component** for scoping and estimating penetration testing engagements. Three-step wizard covering target scope, testing depth, compliance requirements, and deliverables — produces a day/cost estimate in the browser with no server required. Works as a single ` ## Integration Examples ### Plain HTML / Hugo Pentest Scope Calculator

Hugo shortcode (`layouts/shortcodes/pentest-calculator.html`): ### CDN via jsDelivr ### React import { useEffect, useRef } from 'react'; // Load once at the app level import('https://cdn.jsdelivr.net/gh/HailBytes/pentest-calculator@main/pentest-calculator.js'); export default function PentestCalc({ onCalculated, onQuoteRequested }) { const ref = useRef(null); useEffect(() => { const el = ref.current; if (!el) return; const handleCalc = (e) => onCalculated?.(e.detail); const handleQuote = (e) => onQuoteRequested?.(e.detail); el.addEventListener('pentest-calculated', handleCalc); el.addEventListener('pentest-quote-requested', handleQuote); return () => { el.removeEventListener('pentest-calculated', handleCalc); el.removeEventListener('pentest-quote-requested', handleQuote); }; }, []); return ; } ### Vue 3 ## API Reference ### Attributes | Attribute | Values | Default | Description | |-----------|-------------|---------|------------------------------| | `theme` | `dark` `light` | `dark` | Color scheme | ### Events | Event Name | Fired When | `event.detail` | |-----------------------------|---------------------------------------------|-----------------------| | `pentest-calculated` | User reaches Step 3 (auto-calculated) | Full result object | | `pentest-quote-requested` | User clicks "Get an Accurate Quote" button | Last result object | ### Result Object Shape { "inputs": { "targetType": "web_app", "numTargets": 3, "environment": "production", "authTesting": true, "socialEng": false, "testDepth": "comprehensive", "compliance": ["pci_dss", "soc2"], "reportType": "full_both", "remSupport": true }, "days": 9.5, "costLow": 14250, "costHigh": 33250, "teamSize": 2, "teamLabel": "engineers", "teamPills": ["1× Lead Penetration Tester", "1× Security Engineer"], "deliverables": ["Detailed vulnerability findings report", "..."], "timestamp": "2025-01-01T00:00:00.000Z" } ## Calculation Methodology | Parameter | Formula / Values | |----------------------|------------------| | **Base days** | `web_app=3`, `network=4`, `mobile=4`, `cloud=3`, `combined=6` | | **Target factor** | `1 target=1.0×`, `2–5=1.3×`, `6–15=1.6×`, `16+=2.0×` | | **Depth multiplier** | `basic=0.7×`, `standard=1.0×`, `comprehensive=1.5×`, `red_team=2.5×` | | **Compliance** | `+0.5 days` per standard selected | | **Full report** | `+1 day` | | **Authenticated** | `+0.5 days` | | **Social engineering** | `+2 days` | | **Day rate** | Low: `$1,500/day`, High: `$3,500/day` | **Example:** Web app (`3 days`) × 3 targets (`1.3×`) × comprehensive (`1.5×`) + PCI DSS (`0.5`) + authenticated (`0.5`) = **7.87 → 7.9 days** ## ⚠️ Disclaimer All estimates are preliminary and intended for **budgeting guidance only**. Actual engagement scope, duration, and pricing depend on detailed scoping conversations, target complexity, regulatory requirements, and findings discovered during testing. Contact HailBytes for an accurate quote. ## See also Part of the HailBytes calculator suite — drop-in web components for security and risk: - [`@hailbytes/pentest-calculator`](https://www.npmjs.com/package/@hailbytes/pentest-calculator) — penetration testing scope and cost estimator _(this package)_ - [`@hailbytes/password-analyzer`](https://www.npmjs.com/package/@hailbytes/password-analyzer) — password strength + entropy analyzer ([repo](https://github.com/HailBytes/hailbytes-password-analyzer)) - [`@hailbytes/vulnerability-calculator`](https://www.npmjs.com/package/@hailbytes/vulnerability-calculator) — vulnerability scanner infrastructure sizing ([repo](https://github.com/HailBytes/hailbytes-vulnerability-calculator)) - [`@hailbytes/security-roi-calculator`](https://www.npmjs.com/package/@hailbytes/security-roi-calculator) — security awareness training ROI ([repo](https://github.com/HailBytes/hailbytes-security-roi-calculator)) ## License [Mozilla Public License 2.0](LICENSE) *Built by [HailBytes](https://hailbytes.com/asm) — Managed Attack Surface Management.*

标签：自定义脚本