{"id":3879,"date":"2025-09-18T10:36:23","date_gmt":"2025-09-18T08:36:23","guid":{"rendered":"https:\/\/security.sauer.ninja\/?p=3879"},"modified":"2025-09-18T11:01:18","modified_gmt":"2025-09-18T09:01:18","slug":"ptdoc-documentation-and-reporting-for-penetration-tests","status":"publish","type":"post","link":"https:\/\/security.sauer.ninja\/en\/binsec\/ptdoc-documentation-and-reporting-for-penetration-tests\/","title":{"rendered":"PTDoc \u2013 Documentation and Reporting for Penetration Tests"},"content":{"rendered":"\n

The binsec GmbH<\/strong> relies on PTDoc<\/strong>\u00ae for its penetration tests \u2013 a specialized tool for structured penetration testing and professional report generation<\/a>. PTDoc was developed by binsec systems GmbH<\/strong>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

The idea for PTDoc emerged during the growth of the binsec team: How can quality remain consistently high when individual penetration testers have different personal focus areas? And how can we ensure that the outcome of a test is always identical \u2013 regardless of which senior penetration tester carries it out?<\/p>\n\n\n\n

Before PTDoc, binsec faced the typical challenge: Should reports be written in Word<\/strong> or created with LaTeX<\/strong>? Initially, the decision was made for LaTeX, which produced technically clean but rather \u201ctypical\u201d LaTeX documents in terms of design. With PTDoc, this changed fundamentally \u2013 today, it delivers professionally designed reports<\/strong> that are still powered by extensive LaTeX code in the background but managed through a user-friendly interface.<\/p>\n\n\n\n

The core idea of the tool is to provide a uniform and standardized methodology for different targets \u2013 such as Active Directory, mobile applications (e.g., Android apps), or networks. The binsec team continuously maintains and extends this methodology, integrating well-established standards such as the OWASP Testing Guide<\/strong>, MASVS<\/strong>, and OSSTMM<\/strong>. This ensures consistently high quality and the exact repeatability of penetration tests.<\/p>\n\n\n\n

In recent years, it has become clear that this structured approach regularly reveals vulnerabilities that were missed in previous tests. One client even stated that they no longer consider earlier assessments from other providers to have been \u201creal\u201d penetration tests.<\/p>\n\n\n\n

PTDoc covers all three phases of pentest documentation:<\/p>\n\n\n\n