Tools to help you collaborate and generate your reports.
- GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
- pwndoc/pwndoc - Pentest Report Generator
List of penetration test reports and templates.
- reconmap/pentest-reports - Collection of penetration test reports and pentest report templates
- juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
Vulnerability Report Structure
- Executive Summary
- Security Findings and Recommendations
- Vulnerabilities (sorted by severity)
- Appendix (optional)
Vulnerability Details Structure
- Summary: a concise introduction to the vulnerability, providing a snapshot of the issue and its potential reach..
- Impact: detailed insights into the potential business ramifications that could arise from exploiting this vulnerability.
- Reproductions Steps: a comprehensive, step-by-step walkthrough on how to replicate the issue,, complete with screenshots, HTTP requests or Proof of Concept code snippets.
- Recommendations: suggestions and best practices for addressing and resolving the highlighted issue.
- References: links to external content, documentation, and security guidelines, including resources like OWASP.
- Severity: Include a severity score like CVSS.
- Use a Passive Voice Form.
- Obfuscate the secrets: passwords, token, ...
- Add caption to all figures and pictures.
- Best Practices for Writing Quality Vulnerability Reports - Krzysztof Pranczk
- Overview of technical writing courses - Google Technical Writing
Last update: November 1, 2023