report-writinglisted
Install: claude install-skill sunilgentyala/OmniRed
# Penetration Test Report Writing
## Report Structure
```
1. Cover Page
- Engagement title, target, dates, report date
- Classification: CONFIDENTIAL
2. Executive Summary (1-2 pages)
- Overall risk rating
- Critical findings summary (non-technical)
- Business impact statement
- Top 3 remediation priorities
3. Scope and Methodology
- In-scope assets, IP ranges, domains
- Testing approach (black/grey/white box)
- Tools used
- Testing dates and testers
4. Risk Rating Matrix
- CVSS v4.0 base scores
- Environmental modifiers
5. Technical Findings (one section per finding)
6. Remediation Roadmap
- Priority order
- Estimated effort
- Quick wins vs. strategic fixes
7. Appendices
- Raw scan output
- Payload lists
- Tool configurations
```
## Finding Format (per vulnerability)
```markdown
## FINDING-001: [Vulnerability Name]
**Severity:** Critical | High | Medium | Low | Informational
**CVSS v4.0 Score:** 9.3 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
**CWE:** CWE-89 (SQL Injection)
**OWASP:** A03:2021 — Injection
**MITRE ATT&CK:** T1190 — Exploit Public-Facing Application
### Description
[Plain English description of the vulnerability — what it is and why it exists]
### Business Impact
[What an attacker can do if they exploit this — in business terms, not technical terms]
### Evidence
**Request:**
```http
POST /api/login HTTP/1.1
Host: target.com
Content-Type: application/json
{"username":"admin' OR '1'