Files
hermes-agent/optional-skills/security/web-pentest/templates/pentest-report.md
T
2026-06-14 14:30:48 -04:00

4.6 KiB
Raw Blame History

Penetration Test Report

Target: <name + URL> Engagement ID: Engagement window: Operator: Tester: Hermes Agent + operator Report generated: <ISO 8601 timestamp>


Executive Summary

<2-4 paragraph plain-language summary. Focus on:

  • What was tested
  • What was found (count by severity)
  • Most critical finding in one sentence
  • High-level remediation recommendation>
Severity Count
Critical 0
High 0
Medium 0
Low 0
Info 0

Engagement Scope

In-scope targets (from engagement/scope.txt):

Out of scope: see engagement/authorization.md.

Authorization basis: see engagement/authorization.md.

Methodology

Approach was based on the Hermes web-pentest skill (a Hermes Agent adaptation of the OWASP Testing Guide with elements of Shannon's proof-based methodology). Phases performed:

  • Pre-recon (source code review)
  • Recon (live, read-only)
  • Vulnerability analysis (one queue per OWASP class)
  • Exploitation (proof-based)
  • Reporting

Tools used: <nmap, whatweb, curl, Hermes browser tool, ...>.

Findings (L3/L4 — Verified Exploitable)

Every finding in this section has a reproducible proof-of-concept. L1/L2 candidates that were not promoted to confirmed exploitation are listed in the "Not Exploited" section.

F-001: