Notes Template Structure

During the penetration testing, it's important to be very organized from the beginning and take notes of each pentest phase and finding.

We can use a notetaking application like: OneNote, Evernote, Notion, Cherrytree,...

Starting with a template helps you starting organized from the beginnig and will save you a lot of time when writing the final Report.

An example OneNote (also applicable to other tools) structure may look like the following for the discovery phase:

External Penetration Test Template - <Client Name>

Scope

(including in-scope IP addresses/ranges, URLs, any fragile hosts, testing timeframes, and any limitations or other relative information we need handy)

Client Points of Contact

Credentials

Discovery/Enumeration

Scans

Live hosts

Application Discovery

Scans

Interesting/Notable Hosts

Exploitation

<Hostname or IP>

Post-Exploitation

<Hostname or IP>

PreviousAAD NextCoding Agents

Last updated 19 days ago

hashtagExternal Penetration Test Template - <Client Name>

hashtagScope

hashtagClient Points of Contact

hashtagCredentials

hashtagDiscovery/Enumeration

hashtagScans

hashtagLive hosts

hashtagApplication Discovery

hashtagScans

hashtagInteresting/Notable Hosts

hashtagExploitation

hashtag<Hostname or IP>

hashtag<Hostname or IP>

hashtagPost-Exploitation

hashtag<Hostname or IP>

hashtag<Hostname or IP>

External Penetration Test Template - <Client Name>

Scope

Client Points of Contact

Credentials

Discovery/Enumeration

Scans

Live hosts

Application Discovery

Scans

Interesting/Notable Hosts

Exploitation

<Hostname or IP>

<Hostname or IP>

Post-Exploitation

<Hostname or IP>

<Hostname or IP>