Free exam report templates (OSCP, HTB CPTS)
Certification exams grade your report, not just your shells. OffSec's OSCP and Hack The Box's CPTS both require a professional penetration test report, and a strong technical performance can still fail if the writeup is incomplete or hard to follow. You can write that report in NullReport's free tier and export a clean, formatted DOCX from a template that matches what each exam expects.
The ready-made .docx files for OSCP and HTB CPTS are being finalized. In the meantime, the
structure below is everything you need to build your own template in a few minutes, and the
walkthrough works the same once the downloads are live. Check back, or install the free
tier and start from the seeded showcase template today.
What an exam report needs
Both exams expect the same fundamentals: a clear record of what you did, evidence that you did it, and enough detail for someone to reproduce each step. Always follow the current official guide for your exam, because the exact requirements change. As a baseline, an exam report should include:
- A short executive summary written for a non-technical reader.
- The scope and objectives the exam set.
- Your methodology and the tools you used.
- One finding per vulnerability, each with reproduction steps, evidence, and impact.
- The required proof, such as the contents of
local.txtandproof.txt, shown in context with the host they came from. - Screenshots that include enough of the screen to prove the work is yours.
OSCP report structure
The OSCP report documents your exam machines end to end. A template that maps to it has:
- Executive summary and a high-level overview of the result.
- Scope listing the target hosts and the rules of the exam.
- Methodology describing your testing approach.
- A section per target, each containing enumeration, the initial foothold with proof, privilege escalation, and the proof file contents.
- Appendices for long tool output.
HTB CPTS report structure
The CPTS report is shaped like a real client deliverable for a full engagement. A template that maps to it has:
- Executive summary with business-level risk and a findings count by severity.
- Scope and assessment overview.
- Attack path narrative showing how individual findings chained into a full compromise.
- Detailed findings, each with a CVSS rating, evidence, impact, and remediation.
- Remediation summary prioritizing the fixes.
Set up in the free tier
The free tier covers this whole workflow with no time limit and no card.
- Install NullReport with the one-line installer and log in.
- Click New Report, give it the exam name and a target, and create it.
- On the Content tab, build the sections above. Rename the defaults or add your own to match the exam structure.
- On the Findings tab, add one finding per vulnerability. Set the severity, run the built-in CVSS v3.1 calculator, and paste your command output and screenshots straight into the fields.
- Build a
.docxthat matches the structure above, add placeholders, and upload it on the Templates page. The free tier allows one report template, which is all an exam needs. - Click Export and download the finished DOCX. See Exporting.
Tips for exam reports
- Capture full proof. Show
local.txtandproof.txtnext to the host and the command that read them, not as bare strings. - Keep screenshots legible and include your terminal or username where the exam asks for it.
- Make every finding reproducible. The grader should be able to follow your steps without guessing.
- Use a loop over your findings so the report numbers them automatically and stays consistent. See the findings summary example.
Why the free tier is enough
Exam reporting needs unlimited reports, one branded template, the finding workflow, and DOCX export, and the free tier has all of it. Everything runs on your own machine, so your exam work never leaves it. When you move from exams into paid engagements and want AI drafting or a library of templates, the same reports carry forward to Pro. See Licensing for what each tier adds.