The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Introduction
  • Structure
  • Report Example
  • Reporting Tools
  • References

4 - Report

Last updated 2 years ago

Introduction

At the conclusion of the test, a report is developed to describe identified vulnerabilities, present a risk rating, and give guidance on how to mitigate the discovered weaknesses in its efforts to improve its security posture. Furthermore, the report should be structured in a way to clearly communicate what was tested, how it was tested, and the results of the testing.

This section is intended to define the base structure for a penetration test report, although it is highly encouraged to use your own format based on your needs.

Structure

A penetration test report comprises mainly two parts: the executive summary and the technical information.

  • Confidentiality statement: A brief explanation of the document's importance and the consequences of its disclosure.

  • Disclaimer: Statement explaining that you are not responsible for new vulnerabilities that might appear in the future and were not found during the assessment.

  • Executive summary

    • Synopsis: It should be a paragraph or small set of paragraphs for a no tech-savvy person explaining the major weaknesses you have found during the test in general terms.

    • Observed security strengths: Highlight security measures the client should maintain.

    • Risk Rating:

  • Technical report

    • Scope: Should contain the assets the client wanted to test for each hired service, adding any extra information provided for the client such as credentials.

      • Hosts

      • Ports

      • Provided credentials

    • < SERVICE >: Depending on the service contracted by the client, it will have a different structure.

    • < Footprinting >: Show all the information obtained about the company categorised.

      • Company domains and subdomains

      • Public contact information

      • Public files metadata

      • Employees (Names, roles, emails, leaked credentials...)

    • < Pentesting | vulnerability assessment >: The reporting of this type of test has different approaches: explaining all the steps narratively from the enumeration phase to the post-exploitation stage or focusing directly on the vulnerabilities found their exploitation without emphasising the enumeration and situational awareness phases.

      • Hostname - IP

        • Ports (TCP):

        • Ports (UDP):

        • Operating system:

      • Description: Description of what has been exploited.

      • CVSS Base Score:

      • Criticality: To help you better decide which vulnerabilities should be fixed first: (Low, Medium, High)

      • Proof of Concept (PoC): Detailed steps to exploit the vulnerability.

      • Mitigations: Recommendations about how to solve the vulnerability.

    • House cleaning

  • WiFi report: All the steps involving a WIFI penetration test exercise.

  • Appendix

    • Changes during the test: List evidence that appeals to the change in the testing objectives.

    • Meaning severity scale: Explain what is based on the criticality of each vulnerability.

Report Example

Reporting Tools

References

The source code and the script to generate the PDF can be found in this .

As an alternative you can use tools such as or , where you can manage your clients and project information, register their infrastructure such as servers, domains, etc.,manage vulnerability templates and use report templates, and everything on a multi-user friendly environment.

📓
CVSS Calculator
GitHub Repository
PwnDoc
GhostWriter
Public pentest reports
Sample penetration testing report [Offensive-Security]
Pentest report [itpro]
Security Sample Pentest Report - [TCM]
Reporting [PTES]
1MB
Pentesting-report.pdf
pdf
Pentesting report example
Document collage