Just as there are different types of penetration testing, there are different types of report structure. We have presented a generic version of a network-based penetration testing report that can be extended to utilize almost any other type (for example, web application, firewall, wireless networks, and so on). In addition to the following table of contents, you will also want a cover page, which states the testing company's name, type of report, scan date, author name, document revision number, and a short copyright and confidentiality statement.
The following would be the table of contents for a network-based penetration testing report:
Legal notice
Penetration testing agreement
Introduction
Project objective
Assumptions and imitations
Vulnerability risk scale
Executive summary
Risk matrix
Testing methodology
Security threats
Recommendations
Vulnerabilities map
Exploits map
Compliance assessment
Change management
Best practices
Annexes
As you can see,...