pt-report-creation
Pen Test Report Creation
Objectives
- Convert assessment evidence into clear stakeholder-ready reporting.
- Provide technical depth for remediation teams and concise risk framing for leadership.
- Produce actionable remediation and retest guidance.
Workflow
- Collect and normalize evidence:
- Consolidate outputs from all test phases
- Deduplicate related findings and validate source evidence
- Draft executive section:
- Overall risk posture and top business risks
- Key decisions and immediate actions for leadership
- Draft technical findings:
- One finding per issue or exploit chain
- Include affected assets, reproduction summary, impact, and fixes
More from santosomar/ethical-hacking-agent-skills
pt-scanning
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
1pt-fuzzing-web-api
Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.
1pt-analysis-reporting
Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.
1pt-post-exploitation
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
1pt-maintaining-access
Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
1pt-lotl-techniques
Demonstrates Living-off-the-Land (LotL) techniques using native OS tools to simulate realistic threat actor behavior during authorized penetration tests. Use when proving attack feasibility without custom malware, testing detection coverage, and validating what a real adversary could achieve with only built-in system capabilities.
1