# 6. Reporting

The final phase of the pentest methodology is the reporting phase.

This is one of the most important phases where you will outline everything that you found. The reporting phase often includes the following things:

1. The Finding(s) or Vulnerabilities
2. The CRITICALITY of the Finding
3. A description or brief overview of how the finding was discovered
4. Remediation recommendations to resolve the finding

The amount of reporting documentation varies widely by the type of engagement that the pentester is involved in. A findings report generally goes in three formats:

* Vulnerability scan results (a simple listing of vulnerabilities)
* Findings summary (list of the findings as outlined above)
* Full formal report.

A full formal report sample can be found here: [**https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report**](https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.nomanaziz.me/cybersecurity/penetration-testing/tryhackme/main-methodology/6.-reporting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.