This is an example reconnaissance report. The purpose is to give you an idea about how to structure your report and effectively present your findings. Your introduction should be a paragraph describing your basic approach to reconnaissance.
From one to several paragraphs describing the "interesting" information that you discovered for each host. For example:
Hostname: Tequila
IP Address: 192.168.1.2
OS: Linux Kernel 2.4.0 - 2.5.20
Web Server: Apache (version unknown)
FTP Server: vsFTPd 1.1.3
SSH Server: OpenSSH 3.5p1
SMTP Server: Sendmail 8.12.8/8.12.8
My initial nmap scan reports that this host is running a firewall, and two ports are open besides the four required services (21, 22, 25, 80). Those additional ports are TCP ports 79 and 587. Further analysis confirmed that version 6.3.7 of the Berkeley finger daemon is running on port 79. I know this becuase ... This is a potential system vulnerability because ... The guest account for this host is in a chroot jail. However, I was able to access...
Hostname: Vodka
IP Address: 192.168.1.3
OS: Windows 2003 Server
Web Server: Microsoft IIS/6.0
FTP Server: Microsoft FTP Service
SSH Server: Foxit WAC Server 1.4
SMTP Server: Microsoft ESMTP MAIL Service, Version: 6.0.3790.0
This host does not run a firewall, but other than that its nmap scan looks identical to Tequila's. Interestingly, only four Windows Server 2003 Hotfixes (KB 823182, KB 823980, KB 828035, KB 832894) were listed. This is significantly fewer than the number of patches seen on other Windows hosts in the Lab, most of which had 12 or so. In addition to uncovering the information about the patches list above, I was also able to determine what programs were installed on the system. Some programs of note were: AVG 6.0 Antivirus, Cain & Abel v2.5 beta47, Foxit WAC, Winfingerprint, WinPcap 3.0, and ZoneAlarm 4.5.538.000. This system made a considerable amount of information about itself available to the guest user including...
A concluding paragraph summarizing your most important findings (i.e. what hosts do you plan to attack first during penetration testing?)