Example Report Templates

May 29, 2024   Luke Rogerson   report writing report writing templates

Something that has been commonly requested by students of our report writing course is an example of what the report would look like if following the contents of the course. While all the information to produce such an example is available in the course, I’ve put together a couple of structural templates for folks to either use during the exercises in the course, or as a starting point when developing their own report templates.

In this post, I’ll quickly run through the a couple of example report template formats I have produced and how to build them.

LaTeX

LaTeX is a powerful formatting language that can be used to produce smart and consistently styled documents. While the syntax of LaTeX can feel a little overwhelming, with a bit of practice and playing around it can actually be quite a joy to produce a document in, especially if you’re like me and you’re more of a command line, markup language sort of person, rather than someone that prefers to sit in a Word Processor.

The LaTeX report template can be found here. If you’re familiar with programming, some of the initial parts of the template may look similar to importing code to be used in the file. In a way, that’s exactly what it is. LaTeX has a massive library of open-source packages that can be used to style and present information in a document in all sorts of ways. Here are the following packages:

• amsmath - Provides enhanced mathematical typesetting
• graphicx - Allows inclusion of graphics and images
• lipsum - Generates dummy text for testing and layout purposes
• fancyhdr - Customises headers and footers in documents
• tabularx - Enhances table creation with flexible column widths
• caption - Customises captions for figures and tables
• hyperref - Adds hyperlinks and cross-references in documents
• float - Provides improved control over the placement of figures and tables

You’ll see these packages used throughout the example report.

So how do we build this? LaTeX can be rendered using the pdflatex command. Here’s the build script:

#!/bin/sh
pdflatex report.tex
pdflatex report.tex

No, the duplicated line is not a typo. The first pdflatex command renders the document, including the table of contents placeholder (\tableofcontents) just after the title page. However, to correctly map headings to their respective page numbers, the document needs to be rendered again. The initial render generates an auxiliary file (.aux) that contains this information. The second pdflatex command uses this .aux file to accurately construct the table of contents, ensuring all headings point to the correct pages.

Markdown

Markdown has become incredibly popular among pentesters and developers alike. The formatting options are simple but also limited, allowing content to be produced in a very consistent way. While there are shortcomings in terms of the available formatting features (especially compared to word processing software), many features are unnecessary for producing a pentest report.

The Markdown report template can be found here. At a glance, this will look like standard Markdown, but a closer examination will show that some additional and perhaps confusing/new syntax has been added in. Looking at the Markdown closely you’ll spot:

• \newline
• \pagebreak

While writing Markdown into systems like GitHub, Microsoft Azure DevOps, and JIRA is sufficiently effective, producing a presentable document for a client or internal team requires additional formatting. In this example, I have used LaTeX commands to force new lines and page breaks. Without these, the document would appear untidy and messy.

In order to build the document, I am using Pandoc, a common tool for rendering Markdown. To leverage commands like \newline or \pagebreak, I instruct Pandoc to use the xelatex engine.

Here’s the basic build script for generating a PDF from Markdown:

#!/bin/sh
pandoc -s report.md -o report.pdf --pdf-engine=xelatex

This will interpret the LaTeX commands and inject the result into the generated document.

Summary

Both Markdown and LaTeX offer a consistent approach to generating documents from a markup language; both are a great starting point for creating your first pentest report and are useful to learn. These examples are extremely simple, and there are other avenues that can be taken to build these documents, or perhaps even to combine Markdown findings into a LaTeX template.

For more information on the requirements to build the above template, check out the GitHub repository.

If you have any questions on report templates, do contact us at [email protected].

If you’re interested in learning more about what the content should look like in a pentest report rather than just the structure, check out our report writing training course on the Zero-Point Security training website here!