{"id":3879,"date":"2025-09-18T10:36:23","date_gmt":"2025-09-18T08:36:23","guid":{"rendered":"https:\/\/security.sauer.ninja\/?p=3879"},"modified":"2026-05-17T20:56:41","modified_gmt":"2026-05-17T18:56:41","slug":"ptdoc-documentation-and-reporting-for-penetration-tests","status":"publish","type":"post","link":"https:\/\/security.sauer.ninja\/en\/binsec\/ptdoc-documentation-and-reporting-for-penetration-tests\/","title":{"rendered":"PTDoc \u2013 Documentation and Reporting for Penetration Tests"},"content":{"rendered":"\n

The idea for PTDoc<\/a> emerged during the growth of our binsec team: How can we keep quality consistently high when individual penetration testers have different personal areas of expertise? And how do you ensure that the result of a pentest is always consistent \u2013 regardless of which Senior Penetration Tester conducts the assessment?<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Before PTDoc, we at binsec faced the typical challenge: Should reports be written in Word<\/strong> or created with LaTeX<\/strong>? Initially, the decision was made for LaTeX, which produced technically clean but rather \u201ctypical\u201d LaTeX documents in terms of design. With PTDoc, this changed fundamentally \u2013 today, it delivers professionally designed reports<\/strong> that are still powered by extensive LaTeX code in the background but managed through a user-friendly interface.<\/p>\n\n\n\n

The core idea of the tool is to provide a uniform and standardized methodology for different targets \u2013 such as Active Directory, mobile applications (e.g., Android apps), or networks. Our binsec team continuously maintains and extends this methodology, integrating well-established standards such as the OWASP Testing Guide<\/strong>, MASVS<\/strong>, and OSSTMM<\/strong>. This ensures consistently high quality and the exact repeatability of penetration tests.<\/p>\n\n\n\n

In recent years, it has become clear that this structured approach regularly reveals vulnerabilities that were missed in previous tests. One client even stated that they no longer consider earlier assessments from other providers to have been \u201creal\u201d penetration tests.<\/p>\n\n\n\n

PTDoc covers all three phases of pentest documentation:<\/p>\n\n\n\n