# 4 - Report

## Introduction

At the conclusion of the test, a report is developed to describe identified vulnerabilities, present a risk rating, and give guidance on how to mitigate the discovered weaknesses in its efforts to improve its security posture. Furthermore, the report should be structured in a way to clearly communicate what was tested, how it was tested, and the results of the testing.

This section is intended to define the base structure for a penetration test report, although it is highly encouraged to use your own format based on your needs.

## Structure

A penetration test report comprises mainly two parts: the executive summary and the technical information.

* Confidentiality statement: A brief explanation of the document's importance and the consequences of its disclosure.
* Disclaimer: Statement explaining that you are not responsible for new vulnerabilities that might appear in the future and were not found during the assessment.
* Executive summary
  * **Synopsis**: It should be a paragraph or small set of paragraphs for a no tech-savvy person explaining the major weaknesses you have found during the test in general terms.
  * **Observed security strengths**: Highlight security measures the client should maintain.
  * **Risk Rating**:
* Technical report
  * **Scope**: Should contain the assets the client wanted to test for each hired service, adding any extra information provided for the client such as credentials.
    * Hosts
    * Ports
    * Provided credentials
  * **< SERVICE >**: Depending on the service contracted by the client, it will have a different structure.
  * < Footprinting >: Show all the information obtained about the company categorised.
    * Company domains and subdomains
    * Public contact information
    * Public files metadata
    * Employees (Names, roles, emails, leaked credentials...)
  * < Pentesting | vulnerability assessment >: The reporting of this type of test has different approaches: explaining all the steps narratively from the enumeration phase to the post-exploitation stage or focusing directly on the vulnerabilities found their exploitation without emphasising the enumeration and situational awareness phases.
    * **Hostname - IP**
      * Ports (TCP):
      * Ports (UDP):
      * Operating system:
    * **Description**: Description of what has been exploited.
    * **CVSS Base Score**: [CVSS Calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
    * **Criticality**: To help you better decide which vulnerabilities should be fixed first: (Low, Medium, High)
    * **Proof of Concept** (PoC): Detailed steps to exploit the vulnerability.
    * **Mitigations**: Recommendations about how to solve the vulnerability.
  * House cleaning
* WiFi report: All the steps involving a WIFI penetration test exercise.
* Appendix
  * **Changes during the test**: List evidence that appeals to the change in the testing objectives.
  * **Meaning severity scale**: Explain what is based on the criticality of each vulnerability.

## Report Example

The source code and the script to generate the PDF can be found in this [GitHub Repository](https://github.com/Marmeus/pentesting-report-generator).

![Document collage](https://3683125600-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAiuSjJMFQ72nHxKtvtIh%2Fuploads%2Fgit-blob-1ef9cd56b4b3f820f0725f9cfcabdd8a6889d3e6%2Freport_collage.png?alt=media)

{% file src="<https://3683125600-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAiuSjJMFQ72nHxKtvtIh%2Fuploads%2Fgit-blob-ab47fa36382938515e6bdc5c59be77e77729ef50%2FPentesting-report.pdf?alt=media>" %}
Pentesting report example
{% endfile %}

### Reporting Tools

As an alternative you can use tools such as [PwnDoc](https://github.com/pwndoc/pwndoc) or [GhostWriter](https://github.com/GhostManager/Ghostwriter), where you can manage your clients and project information, register their infrastructure such as servers, domains, etc.,manage vulnerability templates and use report templates, and everything on a multi-user friendly environment.

## References

* [Public pentest reports](https://pentestreports.com/templates/)
* [Sample penetration testing report \[Offensive-Security\]](https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf)
* [Pentest report \[itpro\]](https://go.itpro.tv/pentest-report)
* [Security Sample Pentest Report - \[TCM\]](https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report/)
* [Reporting \[PTES\]](http://www.pentest-standard.org/index.php/Reporting)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://the-pentesting-guide.marmeus.com/4-report.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.