How to write a PT Report

What is a PT Report?

The scope section in a penetration test report acts like a roadmap, outlining the boundaries of what was assessed. It clarifies what systems, networks, or applications the pentester examined, essentially defining the "battleground" for vulnerability hunting. Additionally, the scope details the "weapons" used - were they simulating an external attacker (black-box) or utilizing some internal knowledge (white-box)? It also highlights any "off-limits" areas or limitations, ensuring everyone understands the boundaries of the testing process. This transparency sets clear expectations for both the client and the pentester, allowing for a well-defined assessment and a more accurate interpretation of the identified vulnerabilities and their potential impact.

Guidelines and Templates

Can be useful follow these guidelines and templates:

• reporting_guide

• randorisec

• TCM-Security

• OSCP Template

• HackTheBox Template

• https://github.com/Syslifters/sysreptor

Automatic Tools

GitHub - Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.GitHub

Document

PwnDoc

GitHub - noraj/OSCP-Exam-Report-Template-Markdown: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam reportGitHub

OSCP Template Markdown

https://create.pentestreports.com/new-reportcreate.pentestreports.com

PentestReports