From ed081d7f2903471af9f5d0ac29932791319ea5c7 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Tue, 31 Oct 2023 17:45:24 +0100
Subject: [PATCH] Vulnerability Reports

---
 .../Vulnerability Reports.md                  | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 Methodology and Resources/Vulnerability Reports.md

diff --git a/Methodology and Resources/Vulnerability Reports.md b/Methodology and Resources/Vulnerability Reports.md
new file mode 100644
index 0000000..3f2e558
--- /dev/null
+++ b/Methodology and Resources/Vulnerability Reports.md	
@@ -0,0 +1,50 @@
+# Vulnerability Reports
+
+## Summary
+
+* [Tools](#tools)
+* [Vulnerability Report Structure](#vulnerability-report-structure)
+* [Vulnerability Details Structure](#vulnerability-details-structure)
+* [General Guidelines](#general-guidelines)
+* [References](#references)
+
+
+## Tools
+
+Tools to help you collaborate and generate your reports.
+* [GhostManager/Ghostwriter](https://github.com/GhostManager/Ghostwriter) - The SpecterOps project management and reporting engine
+* [pwndoc/pwndoc](https://github.com/pwndoc/pwndoc) - Pentest Report Generator
+
+List of penetration test reports and templates.
+* [reconmap/pentest-reports](https://github.com/reconmap/pentest-reports) - Collection of penetration test reports and pentest report templates
+* [juliocesarfort/public-pentesting-reports](https://github.com/juliocesarfort/public-pentesting-reports) - A list of public penetration test reports published by several consulting firms and academic security groups.
+
+
+## Vulnerability Report Structure
+
+* Executive Summary
+* Security Findings and Recommendations
+* Vulnerabilities (sorted by severity)
+* Appendix (optional)
+
+
+## Vulnerability Details Structure
+
+* **Summary**: a concise introduction to the vulnerability, providing a snapshot of the issue and its potential reach..
+* **Impact**: detailed insights into the potential business ramifications that could arise from exploiting this vulnerability.
+* **Reproductions Steps**: a comprehensive, step-by-step walkthrough on how to replicate the issue,, complete with screenshots, HTTP requests or Proof of Concept code snippets.
+* **Recommendations**: suggestions and best practices for addressing and resolving the highlighted issue.
+* **References**: links to external content, documentation, and security guidelines, including resources like OWASP.
+* **Severity**: Include a severity score like CVSS.
+
+
+## General Guidelines
+
+* Use a **Passive Voice Form**.
+* **Obfuscate** the secrets: passwords, token, ...
+* Add **caption** to all figures and pictures.
+
+## References
+
+* [Best Practices for Writing Quality Vulnerability Reports - Krzysztof Pranczk](https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-119882422a27)
+* [Overview of technical writing courses - Google Technical Writing](https://developers.google.com/tech-writing/overview)
\ No newline at end of file