As painful as it may seem, every step of the penetration test must be properly documented. This enables not only accurate and repeatable results, but also the ability for someone to double-check the work and ensure nothing was missed during testing. As penetration testing is becoming more common, testing teams are becoming more segmented and specialized. There may be one person on a team who is specialized in application penetration testing and another who is a post-exploitation genius. One thing that does not change from role to role is the need for proper documentation and reporting.
Luckily, there are tools available to the community that reduce the overall pain of documenting every single step, command, and result of a penetration test. With proper usage of these tools, documentation will become second nature.
This chapter introduces the usage of tools and techniques that can make documenting the testing progress less painful and report writing...