# 4 - Report

## Introduction

At the conclusion of the test, a report is developed to describe identified vulnerabilities, present a risk rating, and give guidance on how to mitigate the discovered weaknesses in its efforts to improve its security posture. Furthermore, the report should be structured in a way to clearly communicate what was tested, how it was tested, and the results of the testing.

This section is intended to define the base structure for a penetration test report, although it is highly encouraged to use your own format based on your needs.

## Structure

A penetration test report comprises mainly two parts: the executive summary and the technical information.

* Confidentiality statement: A brief explanation of the document's importance and the consequences of its disclosure.
* Disclaimer: Statement explaining that you are not responsible for new vulnerabilities that might appear in the future and were not found during the assessment.
* Executive summary
  * **Synopsis**: It should be a paragraph or small set of paragraphs for a no tech-savvy person explaining the major weaknesses you have found during the test in general terms.
  * **Observed security strengths**: Highlight security measures the client should maintain.
  * **Risk Rating**:
* Technical report
  * **Scope**: Should contain the assets the client wanted to test for each hired service, adding any extra information provided for the client such as credentials.
    * Hosts
    * Ports
    * Provided credentials
  * **< SERVICE >**: Depending on the service contracted by the client, it will have a different structure.
  * < Footprinting >: Show all the information obtained about the company categorised.
    * Company domains and subdomains
    * Public contact information
    * Public files metadata
    * Employees (Names, roles, emails, leaked credentials...)
  * < Pentesting | vulnerability assessment >: The reporting of this type of test has different approaches: explaining all the steps narratively from the enumeration phase to the post-exploitation stage or focusing directly on the vulnerabilities found their exploitation without emphasising the enumeration and situational awareness phases.
    * **Hostname - IP**
      * Ports (TCP):
      * Ports (UDP):
      * Operating system:
    * **Description**: Description of what has been exploited.
    * **CVSS Base Score**: [CVSS Calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
    * **Criticality**: To help you better decide which vulnerabilities should be fixed first: (Low, Medium, High)
    * **Proof of Concept** (PoC): Detailed steps to exploit the vulnerability.
    * **Mitigations**: Recommendations about how to solve the vulnerability.
  * House cleaning
* WiFi report: All the steps involving a WIFI penetration test exercise.
* Appendix
  * **Changes during the test**: List evidence that appeals to the change in the testing objectives.
  * **Meaning severity scale**: Explain what is based on the criticality of each vulnerability.

## Report Example

The source code and the script to generate the PDF can be found in this [GitHub Repository](https://github.com/Marmeus/pentesting-report-generator).

![Document collage](https://3683125600-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAiuSjJMFQ72nHxKtvtIh%2Fuploads%2Fgit-blob-1ef9cd56b4b3f820f0725f9cfcabdd8a6889d3e6%2Freport_collage.png?alt=media)

{% file src="<https://3683125600-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAiuSjJMFQ72nHxKtvtIh%2Fuploads%2Fgit-blob-ab47fa36382938515e6bdc5c59be77e77729ef50%2FPentesting-report.pdf?alt=media>" %}
Pentesting report example
{% endfile %}

### Reporting Tools

As an alternative you can use tools such as [PwnDoc](https://github.com/pwndoc/pwndoc) or [GhostWriter](https://github.com/GhostManager/Ghostwriter), where you can manage your clients and project information, register their infrastructure such as servers, domains, etc.,manage vulnerability templates and use report templates, and everything on a multi-user friendly environment.

## References

* [Public pentest reports](https://pentestreports.com/templates/)
* [Sample penetration testing report \[Offensive-Security\]](https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf)
* [Pentest report \[itpro\]](https://go.itpro.tv/pentest-report)
* [Security Sample Pentest Report - \[TCM\]](https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report/)
* [Reporting \[PTES\]](http://www.pentest-standard.org/index.php/Reporting)