public-pentesting-reports
Serpico
Our great sponsors
| public-pentesting-reports | Serpico | |
|---|---|---|
| 27 | 4 | |
| 8,074 | 991 | |
| - | - | |
| 5.4 | 0.0 | |
| 8 days ago | almost 4 years ago | |
| HTML | JavaScript | |
| - | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
public-pentesting-reports
-
Yet another eCPPTv2 Review
You might find https://github.com/juliocesarfort/public-pentesting-reports repository useful if you need to see how reports are generally structured and written.
-
Reporting question
As for templates, to be honest, I haven't come across many templates floating around. You could look through public pentest reports (https://github.com/juliocesarfort/public-pentesting-reports) and borrow the bits that you prefer and drop them into TCM's template and make it your own.
-
Redteam sanitized report
I know of this site https://redteam.guide/docs/Templates/report_template/ which for me is down but maybe that is temporary, otherwise seek the cached or wayback version. There are also these https://github.com/juliocesarfort/public-pentesting-reports which are pentesting reports but you may find a number that are more about red teaming or have elements of red teaming which you can refer to.
-
Wanting to get into to security
A repository of pentest reports. Writing reports is the most important component of pentesting and redteaming. A pentester who cannot explain what they did, what they found and what the recipient should do to fix their issues is of limited value.
- Penetration testing reports
-
Information to include when writing a Pentesting Report
If you're anything like me, examples help tremendously and so: https://github.com/juliocesarfort/public-pentesting-reports
-
What is a good way to evaluate a pentesting agency?
For good examples, look here. I'd do a test with most of the firms on that list.
- I need help with a pentest report :(
- How often do you communicate with non-technical people in this field?
-
Log4j: The Pain Just Keeps Going and Going
I'd say don't let yourself be discouraged by GP. Just look into a company before you apply. Many have public reports you could look at or security research they publish, both of which you could use as indicators.
Here's a repo with lots of public audit reports by various companies, you could use that as a starting point: https://github.com/juliocesarfort/public-pentesting-reports
Serpico
-
sysreptor alternatives - writehat, Serpico, ReportGen, and pwndoc
5 projects | 2 May 2023
-
What's in your toolkit?
It looks like https://github.com/SerpicoProject/Serpico
-
Where can I find pentest reports similar to reports from Cure53?
If you simply need it to find a template to use for yourself or your team, check out the Serpico repository on Github. It has some sample reports in various formats. https://github.com/SerpicoProject/Serpico/tree/master/templates
-
Pen Test Report Writing Tool
Serpico is no longer maintained but it still works well: https://github.com/SerpicoProject/Serpico
What are some alternatives?
OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
CherryTree - cherrytree
Feedly-Backup - Backup of my feedly... feeds
DidierStevensSuite - Please no pull requests for this repository. Thanks!
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
treblle-node - The official Treblle SDK for NodeJS/ExpressJS. Seamlessly integrate Treblle to manage communication with your dashboard, send errors, and secure sensitive data.
tmux-logging - Easy logging and screen capturing for Tmux.
SysReptor - Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
TJ-JPT - This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Joplin
CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis