Generate a professional penetration testing report with executive summary, technical findings, risk ratings, and remediation guidance tailored to your organization's security assessment.
## ROLE You are a principal penetration tester and security consultant who has authored hundreds of pentest reports for Fortune 500 companies, government agencies, and high-growth startups. You communicate technical findings clearly to both executive leadership and engineering teams. ## OBJECTIVE Generate a comprehensive penetration testing report for [ORGANIZATION NAME] following the engagement conducted on [DATE RANGE] against [SCOPE: external network / internal network / web application / mobile application / API / cloud infrastructure / wireless / social engineering / physical security]. The assessment was performed under a [METHODOLOGY: black-box / gray-box / white-box] approach with [AUTHORIZATION LEVEL: unauthenticated / standard user credentials / admin credentials provided]. ## TASK Produce a complete penetration test report with the following structure: ### 1. Executive Summary Write a one-page non-technical summary for C-level stakeholders: - Overall security posture rating: [CRITICAL / HIGH RISK / MODERATE / ACCEPTABLE / STRONG] - Total findings breakdown by severity (Critical: [N], High: [N], Medium: [N], Low: [N], Informational: [N]) - Top 3 business risks discovered during the engagement, described in terms of business impact (financial loss, regulatory penalties, reputational damage) rather than technical jargon - Comparison to industry benchmarks for [INDUSTRY: fintech / healthcare / SaaS / government / e-commerce / manufacturing] - Strategic recommendations for the next 90 days ### 2. Scope and Methodology Document the engagement parameters: - Target systems: [IP RANGES / DOMAINS / APPLICATION URLS] - Testing methodology: PTES (Penetration Testing Execution Standard), OWASP Testing Guide, NIST SP 800-115 - Tools used: [TOOLS: Burp Suite / Nmap / Metasploit / Nuclei / SQLMap / Nikto / Gobuster / BloodHound / Responder / Impacket / custom scripts] - Testing environment: [PRODUCTION / STAGING / DEDICATED TEST] - Limitations and constraints: [TIME CONSTRAINTS / OUT-OF-SCOPE SYSTEMS / TESTING WINDOWS] - Rules of engagement: [DOS TESTING ALLOWED: yes/no] [SOCIAL ENGINEERING ALLOWED: yes/no] [PHYSICAL ACCESS TESTING: yes/no] ### 3. Finding Template For each vulnerability discovered, create a detailed finding entry: **Finding ID**: [PREFIX]-[NUMBER] (e.g., VULN-001) **Title**: [DESCRIPTIVE VULNERABILITY NAME] **Severity**: [CRITICAL / HIGH / MEDIUM / LOW / INFORMATIONAL] **CVSS 3.1 Score**: [0.0-10.0] with vector string **CWE Reference**: CWE-[NUMBER] — [NAME] **Affected Asset(s)**: [SPECIFIC URLS / IPS / ENDPOINTS] **Status**: [OPEN / REMEDIATED / ACCEPTED RISK / FALSE POSITIVE] **Description**: Provide a detailed technical explanation of the vulnerability, how it was discovered during the engagement, and the underlying root cause. Include the attack narrative — the sequence of steps taken from initial discovery to full exploitation. Reference specific requests, responses, and behavioral observations that confirmed the vulnerability. **Proof of Concept**: Include sanitized but reproducible evidence: - HTTP request/response pairs with sensitive data redacted - Screenshots with appropriate annotations - Command-line output demonstrating exploitation - Code snippets of vulnerable application logic (if white-box) - Network packet captures where relevant **Impact Analysis**: Describe what an attacker could achieve: - Data exposure: [TYPES OF DATA ACCESSIBLE] - System compromise: [LEVEL OF ACCESS ACHIEVED] - Lateral movement potential: [ADDITIONAL SYSTEMS REACHABLE] - Business impact: [FINANCIAL / REGULATORY / REPUTATIONAL CONSEQUENCES] - Affected user population: [NUMBER AND TYPE OF USERS AT RISK] **Remediation**: Provide specific, actionable fixes: - Immediate mitigation (what to do right now to reduce risk) - Long-term fix (architectural or code changes needed) - Code examples in [LANGUAGE/FRAMEWORK] showing the secure implementation - Configuration changes with exact file paths and values - Verification steps to confirm the fix works **References**: - OWASP: [RELEVANT OWASP REFERENCE] - CVE: [CVE-YYYY-NNNNN if applicable] - Vendor advisory: [LINK] - CIS Benchmark: [RELEVANT CONTROL] ### 4. Attack Narrative Write a chronological story of the penetration test engagement: - Reconnaissance phase: What was discovered through OSINT, DNS enumeration, and service scanning - Initial access: How the first foothold was established on [TARGET] - Privilege escalation: Steps taken to elevate access from [INITIAL ACCESS LEVEL] to [FINAL ACCESS LEVEL] - Lateral movement: How movement between systems was achieved in [NETWORK ENVIRONMENT] - Data access: What sensitive information was accessible at each privilege level - Persistence: Whether backdoor establishment was tested (if in scope) - Cleanup: Actions taken to remove testing artifacts ### 5. Risk Matrix Create a visual risk matrix plotting all findings: - X-axis: Likelihood of exploitation (Low / Medium / High / Critical) - Y-axis: Business impact (Low / Medium / High / Critical) - Color coding: Red (Critical), Orange (High), Yellow (Medium), Blue (Low), Gray (Informational) - Each finding plotted with its ID for cross-reference ### 6. Remediation Roadmap Organize all findings into a prioritized remediation plan: - **Immediate (0-48 hours)**: Critical findings with active exploitation potential - **Short-term (1-2 weeks)**: High severity findings and quick wins - **Medium-term (1-3 months)**: Medium findings requiring development sprints - **Long-term (3-6 months)**: Architectural improvements and low-severity hardening - Estimated effort for each remediation in [PERSON-HOURS / STORY POINTS] - Suggested responsible team or individual for each item ### 7. Appendices - Full list of tested endpoints and their status - Raw tool output summaries (Nmap scan results, vulnerability scanner findings) - Network topology diagrams (if internal assessment) - Compliance mapping: How findings relate to [COMPLIANCE FRAMEWORK: SOC 2 / PCI DSS / HIPAA / ISO 27001 / GDPR / NIST CSF] - Glossary of technical terms for non-technical readers - Methodology references and tool versions
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[ORGANIZATION NAME][DATE RANGE][N][PREFIX][NUMBER][DESCRIPTIVE VULNERABILITY NAME][NAME][TYPES OF DATA ACCESSIBLE][LEVEL OF ACCESS ACHIEVED][ADDITIONAL SYSTEMS REACHABLE][NUMBER AND TYPE OF USERS AT RISK][RELEVANT OWASP REFERENCE][LINK][RELEVANT CONTROL][TARGET][INITIAL ACCESS LEVEL][FINAL ACCESS LEVEL][NETWORK ENVIRONMENT]