Understanding the Penetration Test Report

Writing an Effective Penetration Testing Report

A guide for OSCP candidates, students, and cybersecurity professionals

1. Executive Summary

  • A concise, non-technical overview of the engagement.

  • Summarize:

    • Number and severity of vulnerabilities found

    • Types of systems affected

    • Business risk and overall security posture

  • Charts and graphs are highly recommended:

    • Severity distribution (e.g., Critical/High/Medium/Low)

    • Affected systems by category (e.g., Web, Internal, External)

2. Methodologies

  • Provide a step-by-step breakdown of the penetration testing approach.

  • Helps stakeholders understand how findings were discovered.

Key Stages:

  • Information Gathering

    • Tools: WHOIS, Nslookup, Google dorks, Recon-ng

  • Service Enumeration

    • Tools: Nmap, Nikto, Enum4Linux

    • Includes open ports, running services, and versions

(Optional: Mention alignment with PTES or OWASP Testing Guide.)

3. Attack Path

Describe the narrative of exploitation from discovery to compromise.

Each attack should include:

  • Targeted vulnerability

    • Whether found via Exploit-DB, CVE, or custom scripting

  • Exploitation process

    • Tools used (e.g., Metasploit, manual payloads)

    • Privilege escalation steps

  • Technical explanation

    • Include CVE, CWE, or CAPEC ID (when applicable)

    • Provide a fix/remediation

  • Severity

    • Use CVSS scoring or the CVE’s severity rating

    • Justify based on impact, exploitability, and risk

4. Screenshots

  • Capture every critical step with IP addresses visible.

  • Include:

    • Successful exploitation

    • Privilege escalation

    • Proof.txt or local.txt files

  • Best practices:

    • Annotate screenshots

    • Include timestamps (optional)

    • Use clean formatting

“You can never have too many screenshots.”

5. Appendix

  • Include extra technical evidence that clutters the main report.

    • Tool output (e.g., Nmap scans, exploit code)

    • Additional logs

  • Note: This section was present in the 2013 PWK report but removed in 2016. Still useful for learning and internal reviews.

6. Bonus Tips & Exam Advice

  • If you've written a Lab Report, the OSCP report becomes easier.

  • If you finish the exam early:

    • Recheck attack steps, screenshots, and formatting

  • Read OffSec write-ups (Alpha, Beta) to understand expected reporting quality.

7. Hacking the Report (Efficiency Tips)

Don’t Reinvent the Wheel

  • Use OffSec’s official template

    • Tried and tested

    • Accepted by OffSec and used in other certifications/job tests

Speed Up Research

  • Vulnerability descriptions and fixes:

    • Google them: use CVE, CWE, CAPEC databases

  • Determining Severity:

    • Use CVSS calculator

    • Look up CVE base scores

Report Even Partial Success

  • Couldn’t get proof.txt or local.txt?

    • Still report:

      • What you found

      • What you tried

      • Why you couldn’t proceed

    • Shows strong methodology and effort

8. Submission Musts

Double-check before submitting.

  • All proof files included?

    • local.txt and proof.txt with visible IP addresses

  • Submit in Control Panel

    • Upload both report and proof files

  • Follow submission instructions exactly

    • File format (PDF), naming conventions, structure

  • No resubmissions allowed

    • One shot only. A great hack without a great report = fail

“You can get all the proofs but still fail because of a bad report.”

Final Checklist

Task
Done?

Used official template

Included all screenshots with IPs

Listed all CVEs/CWEs and severities

Clearly explained vulnerabilities

Added remediation steps

Proof files submitted correctly

Submission instructions followed

PreviousM01 : Setting the Foundation for SuccessNextPenetration Test Report Demo

Last updated