Any other information such as screenshots, the service enumeration, the CVSS calculation formulas, and anything else that the client might need is added to this subsection of the report.
Now, you know how to write an executive report, as well as a DTR. The main issue that arises during reporting is gathering all the technical details. As a pentester, we have to make sure we collect all the screenshots, URLs, payloads used, and so on during the penetration test so that we can feed those details into the DTR report.
There won't be an issue if the scope is a few IPs or URLs, but if the project is huge, then collecting data sometimes becomes a nuisance. To sort out these issues, we can always opt for reporting frameworks that are openly available on GitHub. These frameworks can automatically parse the output scan files and Nmap port scanning results and give us a report based on the details that were fed to it. In the next section, we'll discuss one such framework – Dradis.