Loading...
Advanced Pentest Reporting

Advanced Pentest
Reporting

Quickly create editable (docx) pentest reports,
ready to be delivered

Show me more
Advanced Pentest Reporting

Reporting summary

PenTest yourself. Don't get hacked.

Discover and validate vulnerabilities in websites and network infrastructures

Reporting details

Pentest reports ready to be delivered

With our advanced reporting feature you can generate penetration testing reports that are almost ready to be delivered to your customer.

We know how much time a penetration tester has to spend on reporting and that reporting is often a frustrating part of a pentester's job. We have also spent countless hours ourselves transcripting vulnerabilities reported by various tools into our reports, formatting, reordering, rephrasing, drawing risk diagrams, etc.

Having this in mind, we have created this report generation feature which gives you editable docx reports which can be easily adjusted into final deliverables.

Generating such a report is very easy, it's just a matter of clicks. Choose the findings that you want to be included in the report, select a report template and generate the document.

This way you can save multiple work hours of an engagement. You can spend this time on finding more interesting vulnerabilities or just to shorten the overall time of the engagement.

Lock

This feature is only available for our Pro Advanced and Enterprise customers.

See our Pricing

Report structure

The structure of the reports that we generate follows the items below:

  • Introduction
  • Background
  • Objectives
  • Scope
  • Approach
  • Methodology
  • Disclaimer
  • Executive summary
  • Findings
  • Addendum

Each section of the report (ex. background, objectives, methodology, etc) is a basic block which you can predefine however you want in the report template - see below.

Executive summary

You can choose a predefined content for this section but it often needs to be manually rephrased according to the specifics of each engagement.

However, the platform automatically generates a graphical overview of the findings and a table with the most significant findings in the report.

Detailed findings

The findings produced by the report generator have the following structure:

  • Finding name
  • Finding description
  • Evidence
  • Risk description
  • Recommendation

The content of each finding is produced by the tools from the platform but it can also be manually introduced by the penetration tester.

Report templates

You can create your own report templates or choose the predefined ones. A report template contains a set of predefined sections (Background, Objectives, Scope, etc) which can be customized for the various types of engagements.

The text within each section contains placeholders (tags) which will be automatically filled with the information of each user, like: {{CONTRACTOR_NAME}}, {{CLIENT_COMPANY}}, {{SCOPE_TABLE}}, etc.

    Engagements

    This feature allows you to define engagements that you are working at. The information from an engagement will be automatically inserted in the penetration testing report:

    • Engagement name
    • Client company
    • Contract number
    • Contract start date
    • Engagment start date
    • Engagment end date

Finding templates

In case you want to add additional findings to the report (discovered manually or with other tools), you can use the finding templates to do this faster.

Finding templates allow you to have predefined descriptions, risks and recommendations for findings. We have a nice collection of finding templates that you can easily adjust to your needs or use directly in your reports. The templates cover common vulnerabilities such as:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • File Inclusion
  • OS Command Injection
  • XML External Entity vulnerability (XXE)
  • Session fixation
  • Open redirect
  • Detailed error messages
  • Session does not expire
  • Internal IP disclosure
  • Default credentials in use
  • Debug functionality present

PenTest yourself. Don't get hacked.

Discover and validate vulnerabilities in websites and network infrastructures

See our Pricing