The idea for PTDoc emerged during the growth of our binsec team: How can we keep quality consistently high when individual penetration testers have different personal areas of expertise? And how do you ensure that the result of a pentest is always consistent – regardless of which Senior Penetration Tester conducts the assessment?
Before PTDoc, we at binsec faced the typical challenge: Should reports be written in Word or created with LaTeX? Initially, the decision was made for LaTeX, which produced technically clean but rather “typical” LaTeX documents in terms of design. With PTDoc, this changed fundamentally – today, it delivers professionally designed reports that are still powered by extensive LaTeX code in the background but managed through a user-friendly interface.
The core idea of the tool is to provide a uniform and standardized methodology for different targets – such as Active Directory, mobile applications (e.g., Android apps), or networks. Our binsec team continuously maintains and extends this methodology, integrating well-established standards such as the OWASP Testing Guide, MASVS, and OSSTMM. This ensures consistently high quality and the exact repeatability of penetration tests.
In recent years, it has become clear that this structured approach regularly reveals vulnerabilities that were missed in previous tests. One client even stated that they no longer consider earlier assessments from other providers to have been “real” penetration tests.
PTDoc covers all three phases of pentest documentation:
- Execution of the test – systematically working through the defined methodology.
- Creation of findings – including management-level descriptions, detailed technical analysis, risk ratings (qualitatively via traffic-light system or quantitatively via CVSS), and management of screenshots and evidence.
- Report generation – automated creation of a consistent, audit-proof report.
Retesting is also integrated: Once a tester verifies that a client has fixed a vulnerability, they simply document the proof of fix in the finding. When rebuilding the report, the issue is automatically marked as remediated, and the management summary is updated accordingly.
In addition, PTDoc supports the creation of both German and English reports, making it easy to provide clients with deliverables in either language – or even in both.
Conclusion: With PTDoc, penetration testers can fully focus on their actual work – conducting the test. At the same time, report creation becomes quick and efficient, ensuring that clients receive their results shortly after the test is completed. And even if it sounds like marketing now: so far, everyone who has started working with it has been absolutely thrilled.
