Internal Pentest Report Template
Internal network penetration tests operate under the assumption that an attacker has already gained a foothold inside the corporate perimeter. Whether through a phishing campaign, a compromised VPN credential, or a rogue device on the network, the starting point is inside the firewall. The goal is to determine how far an attacker can move laterally, what privileges they can escalate to, and whether full domain compromise is achievable.
A well-structured internal pentest report needs to document Active Directory enumeration findings, credential-based attacks such as Kerberoasting and AS-REP roasting, lateral movement paths through SMB, WMI, or PSRemoting, and privilege escalation chains from standard user to Domain Admin. The report should clearly map the attack path from initial access to the furthest point of compromise, making it easy for defenders to understand exactly where controls failed.
This template is built for internal infrastructure and Active Directory assessments. It includes sections for documenting host discovery, service enumeration, AD-specific attack findings, and a full domain compromise assessment. Download it in DOCX or PDF and customize it for your engagement.
What's Included in the Template
Executive Summary
A non-technical overview of the assessment for leadership and stakeholders. Covers the overall risk posture of the internal network, whether domain compromise was achieved, and the most critical findings that require immediate attention.
Scope Definition
Documents the tested IP ranges, subnets, VLAN segments, and Active Directory domain or forest. Includes the testing methodology, tools used, and any limitations or exclusions agreed upon before the engagement.
Attack Path Summary
A dedicated section that maps the full attack chain from initial network access to domain compromise. Documents each step including the technique used, the credential or misconfiguration exploited, and the resulting access gained. This section gives defenders a clear narrative of how the attack progressed.
Active Directory Findings
AD-specific findings organized by category: Kerberos attacks, ACL misconfigurations, Group Policy weaknesses, excessive privileges, stale accounts, unconstrained delegation, and trust relationship issues. Each finding includes the affected objects, the attack technique, and the evidence collected.
CVSS Scoring
Every finding is scored using CVSS 3.1 with the full vector string. Internal findings often have different scoring considerations than external ones since the attack vector is already from an adjacent or local network position.
Remediation Guidance
Actionable remediation steps tailored to internal environments. Includes Group Policy Object hardening recommendations, network segmentation strategies, LAPS deployment for local administrator passwords, tiered administration model guidance, and credential hygiene improvements.
Appendix with BloodHound Graphs
Space for BloodHound attack path visualizations, SharpHound collection data references, and supplementary evidence including network diagrams, Nmap scan results, and raw tool output that supports the findings.
Download the Template
Skip the Template
Instead of manually filling in a template, generate your internal pentest report automatically with AI. Paste your findings, tool output, and notes. PentestReportAI structures everything into a professional report with CVSS scoring, attack path narratives, and AD-specific remediation guidance in minutes.
Generate your report with AIRelated templates:
Free Pentest Report Template - A general-purpose penetration testing report template for any engagement type.
Network Pentest Report Template - Template for external and internal network infrastructure assessments.
Professional Pentest Report Template - Enterprise-grade template with compliance-ready structure.