上QQ阅读APP看书，第一时间看更新

Enumerating your findings

Now that we have just finished using a bunch of information gathering tools to map out, probe, and discover the infrastructure we are working with, let us take that information and enumerate it into a logical and more structured documentation. We can then merge this information with the data we obtained from both the stakeholders meeting and the team interviews to create a solid documentation pack that will almost always guarantee us success in the upcoming phases of the penetration test. This information that we created will be included within the finalized penetration report not only to help present our findings, but also to verify what the organization currently has documented. Many times I have presented documents that were either more detailed than what the organization currently had, were newer than what they had, or just more complete. The more value we as penetration testers can show, the more times we will be called back for future engagements.

Organization is key to a successful project. The tools you use provide lots of great information of all types about the network and systems. When enumerating that information from various tools, make sure to keep items organized by some structure. This could be by system type or by information type; that decision is up to you. But you don't want to lose or miss valuable information because it was not where it should have been in your documentation.