Metasploit includes reports with detailed vulnerabilities descriptions, remediation information and customized design templates, making it easier for you to report your findings and for your company to document compliance.

Reports are available as live reports, which are displayed on-screen during or after the penetration test, or generated reports, which include PDF, Microsoft Word and XML. Reports are generated from the information collected in the project, for example the screenshots, passwords, and cryptographic keys automatically collected as evidence during the assignment.

Click to enlarge

Generated reports can use customized templates using iReport and JasperSoft. Consulting firms can either use their own or their client's corporate design to deliver a polished report in no time.

Available standard reports include:

• Executive Summary
• Detailed Audit Report
• Compromised Hosts
• Collected Evidence
• Network Services
• Authentication Tokens
• Web Vulnerabilities
• PCI DSS Report
• FISMA Report

You can choose to exclude sensitive information from the reports, for example you can:

• Mask username/passwords
• Exclude screenshots
• Exclude collected passwords

Metasploit can also generate reports in the form of a replay script, which enables network administrators to replay a penetration testing attack after vulnerability mitigations have taken place to verify that the network is now secure. Replay scripts only require the free, open source Metasploit Framework and can therefore be presented without incurring additional licensing costs.

Click to enlarge