The pentesting report is arguably one of the most important documents that come from a pentest. Do not be afraid to spend a significant amount of time to make this document shine and make sure that you use templates. Make your own template based on those you can find online as an example and remove what you do not need and add what you certainly have to.
Most topics of a report are general but there can be some differences depending on the client’s requirements and the type of test. For example, we won’t include a network scan result if we are only supposed to test a web application.
I will mark the items that are required according to me but of course, you can interpret this as you wish, you are the pentest expert.
Describe metadata about the document.
Logo:
Version: x.y DRAFT/REVIEW/FINAL
Client: RatInc
This report is strictly confidential and should under no circumstances be shared with people that do not need access to the information contained within. All rights pertaining to distribution belong to RatInc.
In here, you will include a small table indicating the status of the document, who will review it and the dates.
| Version | Status | Author | Reviewer | Reviewed |
|---|---|---|---|---|
| 0.1 | DRAFT | Wesley Thijs | Uncle Rat | NOK - See remarks |
| 0.2 | DRAFT | Wesley Thijs | Uncle Rat | OK - Send to client |
| 0.3 | CLIENT REVIEW | Wesley Thijs | Rat Inc - Auntie Rat | OK - Please add remarks |
| 1.0 | FINAL | Wesley Thijs | Rat Inc - Auntie Rat | OK - Signed |
Note down for both parties who the people are which should be contacted.
Wesley Thijs – Founder and pen-tester – [email protected]
Testy MacTest – Pen-tester – t[email protected]