External Penetration Test - <Client Name>

• Scope (including in-scope IP addresses/ranges, URLs, any fragile hosts, testing timeframes, and any limitations or other relative information we need handy)
• Client Points of Contact
• Credentials
• Discovery/Enumeration
  • Scans
  • Live hosts
• Application Discovery
  • Scans
  • Interesting/Notable Hosts
• Exploitation
  • <Hostname or IP>
  • <Hostname or IP>
• Post-Exploitation
  • <Hostname or IP>
  • <<Hostname or IP>