Enumerating your findings

Now that we have just finished using a bunch of information gathering tools to map out, probe, and discover the infrastructure we are working with, let us take that information and enumerate it into a logical and more structured documentation. We can then merge this information with the data we obtained from both the stakeholders meeting and the team interviews to create a solid documentation pack that will almost always guarantee us success in the upcoming phases of the penetration test. This information that we created will be included within the finalized penetration report not only to help present our findings, but also to verify what the organization currently has documented. Many times I have presented documents that were either more detailed than what the organization currently had, were newer than what they had, or just more complete. The more value we as penetration testers can show, the more times we will be called back for future engagements.