Writing the final report is the most important phase of a penetration test, given that it is what your client is paying you for; penetration testers often forget that. Your client is not paying you to hack their organization and pwn as many machines as you can; they are paying you to help them to determine their security level, identify high-risk findings, and prioritize fixes.
Although report generation is only available on paid versions of Metasploit, we can still take advantage of the exploit capabilities of the Metasploit Framework to help us in the report phase.
- Using workspaces allows us to stay organized during a penetration test but also to access data later, thus providing easy-to-access collected data when writing the report. Also, do not forget that some modules and Meterpreter scripts may store...