Julio Cesar Fort has started putting together a curated list of penetration testing reports from a variety of security consultancies. While the list is new, and not exhaustive yet, it’s on the right track and I look forward to seeing it grow. It’s always interesting to see how different companies do their reporting, and there is a lot to be learned in these reports. If you’re a professional penetration tester, the layout, structure and formatting choices are probably more interesting than the actual content in this case.
The list is on GitHub, so I’m sure we’ll start seeing others contributing soon: https://github.com/juliocesarfort/public-pentesting-reports