public-pentesting-reports
TJ-JPT
Our great sponsors
public-pentesting-reports | TJ-JPT | |
---|---|---|
27 | 6 | |
8,074 | 622 | |
- | - | |
5.4 | 4.2 | |
2 days ago | 4 months ago | |
HTML | ||
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
public-pentesting-reports
-
Yet another eCPPTv2 Review
You might find https://github.com/juliocesarfort/public-pentesting-reports repository useful if you need to see how reports are generally structured and written.
-
Reporting question
As for templates, to be honest, I haven't come across many templates floating around. You could look through public pentest reports (https://github.com/juliocesarfort/public-pentesting-reports) and borrow the bits that you prefer and drop them into TCM's template and make it your own.
-
Redteam sanitized report
I know of this site https://redteam.guide/docs/Templates/report_template/ which for me is down but maybe that is temporary, otherwise seek the cached or wayback version. There are also these https://github.com/juliocesarfort/public-pentesting-reports which are pentesting reports but you may find a number that are more about red teaming or have elements of red teaming which you can refer to.
-
Wanting to get into to security
A repository of pentest reports. Writing reports is the most important component of pentesting and redteaming. A pentester who cannot explain what they did, what they found and what the recipient should do to fix their issues is of limited value.
- Penetration testing reports
-
Information to include when writing a Pentesting Report
If you're anything like me, examples help tremendously and so: https://github.com/juliocesarfort/public-pentesting-reports
-
What is a good way to evaluate a pentesting agency?
For good examples, look here. I'd do a test with most of the firms on that list.
- I need help with a pentest report :(
- How often do you communicate with non-technical people in this field?
-
Log4j: The Pain Just Keeps Going and Going
I'd say don't let yourself be discouraged by GP. Just look into a company before you apply. Many have public reports you could look at or security research they publish, both of which you could use as indicators.
Here's a repo with lots of public audit reports by various companies, you could use that as a starting point: https://github.com/juliocesarfort/public-pentesting-reports
TJ-JPT
-
Passed!
For building notes, I suggest using TJNULL's joplin repo: https://github.com/tjnull/TJ-JPT
- Passed with 90 points (incl report)
- Note Taking
- What software do you use to take notes?
- Need advice / suggestion on report writing tech stack
-
Has anyone had issues with Joplin? Thinking of leaving Cherrytree...
If you are looking to switch to Joplin take a look at TjNulls template repo. https://github.com/tjnull/TJ-JPT
What are some alternatives?
OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
CherryTree - cherrytree
OSCP-Exercise-Checklist - A checklist to help students track their OSCP exercise progress.
writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
PrivescCheck - Privilege Escalation Enumeration Script for Windows
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
OSCP-Bash-Scripts - Some handy bash scripts I used for the OSCP
tmux-logging - Easy logging and screen capturing for Tmux.
template-generator - A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates.
Serpico - SimplE RePort wrIting and COllaboration tool
BugBountyTemplates - A collection of templates for bug bounty reporting