Penetration Testing Report Templates
Professional penetration testing report templates, writing guides, and delivery best practices. Build credible, actionable reports that drive remediation.
🚀 Quick Start
1️⃣
Choose Template
Select report type below
2️⃣
Add Findings
Use Report Builder tool
3️⃣
Review Quality
Check with QA checklist
4️⃣
Deliver Securely
Follow delivery guide
📚 Reporting Guides
✍️
Writing Guide
Professional writing techniques, tone, clarity
📸
Screenshot Guide
Evidence capture, annotation, organization
📤
Delivery Guide
Presentations, feedback, quality checklist
🔧
Remediation Guidance
Fix recommendations by vuln class
📄 Report Templates
📊
Executive Summary
High-level overview for leadership. Business impact focus.
🔧
Technical Report
Detailed findings for IT teams. Includes PoC and remediation.
📝
Finding Template
Individual vulnerability format with all required details.
🔄
Retest Report
Remediation verification and validation documentation.
📥
Downloadable Templates
Ready-to-use Markdown templates for professional reports
📊 🔧 📝 🔄
Executive Summary
.md template
Technical Report
.md template
Finding Template
.md template
Retest Report
.md template
Specialized Report Templates
🛠️ Interactive Report Builder
Build reports with findings management, CVSS scoring, and export to Markdown or JSON.
Executive Summary Template
# PENETRATION TEST EXECUTIVE SUMMARY
## [Client Name]
### [Date Range of Assessment]
---
## 1. ENGAGEMENT OVERVIEW
**Test Type:** [Web Application / Internal Network / External Network / Social Engineering]
**Methodology:** [OWASP / PTES / OSSTMM / Custom]
**Testing Period:** [Start Date] to [End Date]
**Report Date:** [Date]
### Scope
- [List of in-scope systems/applications]
- [IP ranges or URLs]
### Out of Scope
- [Explicitly excluded systems]
---
## 2. KEY FINDINGS SUMMARY
| Severity | Count | Examples |
|----------|-------|----------|
| Critical | X | [Brief description] |
| High | X | [Brief description] |
| Medium | X | [Brief description] |
| Low | X | [Brief description] |
| Info | X | [Brief description] |
**Total Findings:** XX
---
## 3. RISK ASSESSMENT
### Overall Security Posture: [CRITICAL / HIGH / MODERATE / LOW]
[1-2 paragraph summary of overall security state. Focus on business impact,
not technical details. What could an attacker realistically achieve?]
### Business Impact Summary
**Worst Case Scenario:**
[Describe the most severe potential impact based on findings. E.g.,
"An external attacker could gain complete control of customer database..."]
**Most Likely Scenario:**
[Describe realistic attack path based on findings]
---
## 4. TOP PRIORITY RECOMMENDATIONS
1. **[Finding Name]** - [One sentence impact + recommendation]
2. **[Finding Name]** - [One sentence impact + recommendation]
3. **[Finding Name]** - [One sentence impact + recommendation]
4. **[Finding Name]** - [One sentence impact + recommendation]
5. **[Finding Name]** - [One sentence impact + recommendation]
---
## 5. POSITIVE OBSERVATIONS
- [Security controls that worked well]
- [Good practices observed]
- [Improvements since last assessment, if applicable]
---
## 6. STRATEGIC RECOMMENDATIONS
### Short-term (0-30 days)
- Address all Critical and High severity findings
- [Specific quick wins]
### Medium-term (30-90 days)
- [Security program improvements]
- [Process changes]
### Long-term (90+ days)
- [Strategic security initiatives]
- [Architecture improvements]
---
## 7. CONCLUSION
[Brief conclusion restating overall risk level and emphasizing the importance
of addressing findings. Professional, constructive tone.]
---
**Prepared by:** [Tester Name], [Certification]
**Reviewed by:** [QA Name], [Certification]
**Company:** [Your Company]
**Classification:** CONFIDENTIAL
Technical Report Template
# PENETRATION TEST TECHNICAL REPORT
## [Client Name]
### [Date]
---
## DOCUMENT CONTROL
| Version | Date | Author | Changes |
|---------|------|--------|---------|
| 1.0 | [Date] | [Name] | Initial draft |
| 1.1 | [Date] | [Name] | [Changes] |
**Classification:** CONFIDENTIAL
**Distribution:** [List of authorized recipients]
---
## TABLE OF CONTENTS
1. Executive Summary
2. Engagement Overview
3. Methodology
4. Attack Narrative
5. Detailed Findings
6. Appendices
---
## 1. EXECUTIVE SUMMARY
[Insert executive summary or reference separate document]
---
## 2. ENGAGEMENT OVERVIEW
### 2.1 Objective
[State the purpose of the test - what client wanted to learn]
### 2.2 Scope
**In Scope:**
| Asset | Description | IP/URL |
|-------|-------------|--------|
| [Name] | [Description] | [Address] |
**Out of Scope:**
- [List excluded systems with reason]
### 2.3 Testing Constraints
- [Time limitations]
- [Access restrictions]
- [Testing windows]
- [Sensitive systems to avoid]
### 2.4 Testing Team
| Role | Name | Contact |
|------|------|---------|
| Lead Tester | [Name] | [Email] |
| Tester | [Name] | [Email] |
---
## 3. METHODOLOGY
### 3.1 Testing Approach
[Describe methodology - black box, gray box, white box]
[Reference standards followed - OWASP, PTES, etc.]
### 3.2 Tools Used
| Category | Tools |
|----------|-------|
| Reconnaissance | Nmap, Amass, Shodan |
| Scanning | Nessus, Burp Suite, Nikto |
| Exploitation | Metasploit, SQLMap, custom scripts |
| Post-Exploitation | Mimikatz, BloodHound |
### 3.3 Severity Rating Scale
| Rating | CVSS | Description |
|--------|------|-------------|
| Critical | 9.0-10.0 | Immediate exploitation possible, severe business impact |
| High | 7.0-8.9 | Exploitation likely, significant business impact |
| Medium | 4.0-6.9 | Exploitation possible, moderate business impact |
| Low | 0.1-3.9 | Minimal risk, limited business impact |
| Informational | N/A | Best practice observations |
---
## 4. ATTACK NARRATIVE
[Chronological description of the test from attacker's perspective.
Helps reader understand how findings chain together.]
### 4.1 Initial Access
[How initial foothold was gained]
### 4.2 Privilege Escalation
[How elevated access was achieved]
### 4.3 Lateral Movement
[How access spread across environment]
### 4.4 Objective Achievement
[What ultimate goals were reached - domain admin, data access, etc.]
---
## 5. DETAILED FINDINGS
[Include individual finding entries - see Finding Template below]
---
## 6. APPENDICES
### Appendix A: Raw Scan Data
[Include relevant tool output]
### Appendix B: Screenshots
[All supporting screenshots]
### Appendix C: Credentials Discovered
[List of any credentials found - handle securely]
### Appendix D: Remediation Verification
[Notes on any remediation testing performed]
---
**END OF REPORT**
Individual Finding Template
## FINDING: [ID]-[SHORT NAME]
---
### Overview
| Attribute | Value |
|-----------|-------|
| **Severity** | [Critical/High/Medium/Low/Info] |
| **CVSS Score** | [X.X] |
| **CVSS Vector** | [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H] |
| **CWE ID** | [CWE-XXX: Name] |
| **Affected Assets** | [List of affected hosts/URLs] |
| **Status** | [New/Existing/Remediated] |
---
### Description
[Clear explanation of what the vulnerability is. 2-3 paragraphs.
Include technical details but also explain business context.
Reference CVEs if applicable.]
---
### Affected Assets
| Asset | Location | Notes |
|-------|----------|-------|
| [Host/App] | [URL/IP:Port] | [Version info, etc.] |
---
### Evidence
#### Request
```http
[HTTP request or command used]
```
#### Response
```
[Relevant response showing vulnerability]
```
#### Screenshot
[Reference to screenshot in appendix]
---
### Business Impact
[Explain what an attacker could do with this vulnerability.
Focus on business outcomes - data theft, service disruption,
compliance violations, reputational damage, financial loss.]
---
### Proof of Concept
[Step-by-step reproduction instructions]
1. [Step 1]
2. [Step 2]
3. [Step 3]
**Note:** [Any conditions required for exploitation]
---
### Remediation
#### Recommended Fix
[Specific technical steps to fix the issue]
#### Short-term Mitigation
[Temporary measures if immediate fix not possible]
#### References
- [Link to vendor advisory]
- [Link to OWASP/CWE]
- [Link to remediation guide]
---
### Additional Notes
[Any other relevant information - related findings,
historical context, etc.]
---
CVSS Scoring Quick Reference
Attack Vector (AV)
- Network (N) - Remotely exploitable
- Adjacent (A) - Same network segment
- Local (L) - Local access required
- Physical (P) - Physical access required
Attack Complexity (AC)
- Low (L) - No special conditions
- High (H) - Special conditions required
Privileges Required (PR)
- None (N) - No authentication
- Low (L) - Basic user access
- High (H) - Admin/elevated access
Impact (C/I/A)
- High (H) - Total loss of C/I/A
- Low (L) - Partial impact
- None (N) - No impact
text
# Common CVSS Scores
# Critical (9.0-10.0)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H # 10.0 - Unauthenticated RCE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H # 9.8 - Unauthenticated SQLi
# High (7.0-8.9)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H # 8.8 - Authenticated RCE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N # 7.1 - Reflected XSS
# Medium (4.0-6.9)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N # 5.4 - Auth'd info disclosure
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N # 5.3 - Directory listing
# Low (0.1-3.9)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N # 3.1 - Info leak with conditions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N # 0.0 - Informational
# Calculator: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorReporting Best Practices
Always write findings from the client's perspective. Focus on business impact, provide clear
remediation steps, and maintain professional tone. Screenshots and PoC steps should allow
client to reproduce and verify the fix.