Follow the links to see more details and a PDF for each one of the penetration test reports.
- astra - Astra-Security-Sample-VAPT-Report
- BishopFox - Beast - Hybrid Application Assessment 2017 - Assessment Report - 20171114
- BishopFox - Bishop Fox Assessment Report - Winston Privacy
- BishopFox - Bishop-Fox-Research-Report-Efficacy-of-micro-segmentation-V01
- BishopFox - C Plus Plus Alliance - Boost JSON Security Assessment 2020 - Assessment Report - 20210317
- BishopFox - CF2016 Security Audit Report
- BishopFox - stj expert witness report
- BitesPenTesting - long-penetration-test-report
- BitesPenTesting - penetration-test-report
- BitesPenTesting - short-penetration-test-report
- BlazeInformationSecurity - Annihilatio smart contract security review 1.0 final
- BlazeInformationSecurity - Public Jury.Online Smart Contract Security Review
- Bugcrowd - Instructure Canvas Security Summary 2014
- Bugcrowd - Instructure Canvas Security Summary 2015
- Chess-CyberSecurity - chess-cybersecurity-penetration-testing-sample-report
- Cobalt - Pentest-report-for-shiftleft
- Coinspect - CoinspectReportZcash2016
- COMSATS_Islamabad-CyberSecurityLab - Threat Modeling Trinity Wallet
- Consensys - 0x-v3-audit-2019-09
- Consensys - 0x-v3-staking-audit-2019-10
- Consensys - 2018-09-20 - Full Ecosystem [Phase 2] - Audit by ConsenSys final
- Consensys - ConsenSys Diligence Audit Report
- Consensys - dandelion-audit-2019-12
- Consensys - foam-controller-audit-report-2018-08-24-master
- Consensys - omisego-morevp-audit-2019-10
- Consensys - orchid-audit-2019-10
- Consensys - SimpleMultisigWallet Audit
- Consensys - vega-vegatoken-audit-2020-01
- Consensys - vyper-audit-2019-10
- Cure53 - analysis-report bxaq
- Cure53 - analysis-report ijop
- Cure53 - analysis-report sgn
- Cure53 - Dnsmasq-report
- Cure53 - HLM-01-report
- Cure53 - Jaeger Cure53 20190504
- Cure53 - pentest-report accessmyinfo
- Cure53 - pentest-report bitwarden
- Cure53 - pentest-report briar
- Cure53 - pentest-report casebox-1
- Cure53 - pentest-report casebox-2
- Cure53 - pentest-report clipperz
- Cure53 - pentest-report CoreDNS
- Cure53 - pentest-report cryptech
- Cure53 - pentest-report Cryptocat-2
- Cure53 - pentest-report curl
- Cure53 - pentest-report Curl
- Cure53 - pentest-report cyph
- Cure53 - pentest-report dompurify
- Cure53 - pentest-report dovecot
- Cure53 - pentest-report envoy
- Cure53 - pentest-report fdroid
- Cure53 - pentest-report fluent
- Cure53 - pentest-report frame
- Cure53 - pentest-report fxa
- Cure53 - pentest-report globaleaks
- Cure53 - pentest-report libjpeg-turbo
- Cure53 - pentest-report libssh
- Cure53 - pentest-report mailvelope
- Cure53 - pentest-report metamask
- Cure53 - pentest-report minilock
- Cure53 - pentest-report mullvad v2
- Cure53 - pentest-report mycrypto
- Cure53 - pentest-report nitrokey
- Cure53 - pentest-report nitrokey-hardware
- Cure53 - pentest-report ntp
- Cure53 - pentest-report ntpsec
- Cure53 - pentest-report onion-browser
- Cure53 - pentest-report opa
- Cure53 - pentest-report openkeychain
- Cure53 - pentest-report openpgpjs
- Cure53 - pentest-report padlock
- Cure53 - pentest-report pcre
- Cure53 - pentest-report peerio
- Cure53 - pentest-report prometheus
- Cure53 - pentest-report psiphon
- Cure53 - pentest-report remembear
- Cure53 - pentest-report SC4
- Cure53 - pentest-report securedrop
- Cure53 - pentest-report smartsheriff
- Cure53 - pentest-report smartsheriff-2
- Cure53 - pentest-report streamcryptor
- Cure53 - pentest-report Subrosa-may2014
- Cure53 - pentest-report surfshark
- Cure53 - pentest-report telekube
- Cure53 - pentest-report teleport
- Cure53 - pentest-report tuf
- Cure53 - pentest-report whiteout
- Cure53 - pentest-report-mozilla-vpn-apps-clients-03-2021
- Cure53 - Pomerium-Cure53-042021
- Cure53 - Thunderbird-enigmail-report
- Cure53 - VIT-01-report
- Cynergi-Solutions - eclipse-bank-security-assessment-report-example
- Defuse - gocryptfs-cryptography-design-audit
- Doyensec - Doyensec Basecamp HEY Platform Q32020 SAS
- Doyensec - Doyensec Gravitational GravityPlatform Q22019
- Doyensec - Doyensec Gravitational Teleport CloudTesting Q12021
- Doyensec - Doyensec Gravitational Teleport FeaturesTesting Q32021
- Doyensec - Doyensec Gravitational Teleport FeaturesTesting Q42021
- Doyensec - Doyensec Gravitational Teleport Testing Q22019
- Doyensec - Doyensec Gravitational Teleport Testing Q42020
- Doyensec - Doyensec SoloKeys Firmware Q12020
- FalanxCyberDefence - realvnc-penetration-test
- FH-Munster - security audit report threema 2019
- Fireye - ACCELLION FTA Security Assessment Summary 2021
- Fox-IT - 201912 Report Operation Wacao
- Fox-IT - Fox-IT - DigiNotar
- Fraunhofer - Fraunhofer - TrueCrypt
- FTIConsulting - FTI-Report-into-Jeff-Bezos-Phone-Hack
- GlitchSecure - GlitchSecure-Example-Pentest-Report-05-2023-1684260695
- GlitchSecure - GlitchSecure-Example-Vulnerability-Assessment-Report-06-2023-1684271621
- Hacken - 03042021 Kalmar SC Audit Report
- Hacken - 1inch-v2-audit-report-hacken
- Hacken - 20210218-Hacken-ACryptoSFarmV2
- Hacken - audit report
- Hacken - Dexe SC Audit Report
- Hacken - GosseDeFi-hackenAudit
- Hacken - Hacken-SONM-Security-Audit
- Hacken - Statera SC Audit Report
- Hacken - YFD-Audit-Report-211220
- HackerOne - HackerOne Pentest Challenge Report - 2020-03-31
- HackmanIT - 2019-03 DENIC ID
- HighBitSecurity - HB SampeRpt PenTesting
- IncludeSecurity - IncludeSec SecureDrop Workstation Asmt November 2018
- IncludeSecurity - relaycorp relaynet network protocol
- IncludeSecurity - Streisand security config review
- IncludeSecurity - Tcpdump Libpcap code review
- IndependentSecurityEvaluators - ISE - Apple iPhone
- InsecuritySH-PrivacyCanada - Openemr insecurity
- IOActive - ioactive-bromium-test-report-final
- iSEC - 150922 iSEC Security First Umbrella Final 2015-06-26 v1.1
- iSEC - iSEC Cryptocat iOS
- iSEC - iSec Final Open Crypto Audit Project TrueCrypt Security Assessment
- iSEC - iSEC OTF FPF SecureDrop Deliverable v1.2
- iSEC - iSEC Wikimedia
- iSEC - Mailvelope-iSEC-Final-v1.2
- iSEC - ncc docker notary audit 2015 07 31
- iSEC - NCC Group - phpMyAdmin
- iSEC - NCC Group - Ricochet
- iSEC - NCC Group Olm Cryptogrpahic Review 2016 11 01
- iSEC - NCC Group Zcash Crypto Report 2016 -10-10
- iSEC - ncc osquery security assessment 2016 01 25
- iSEC - OTF Security Audit Review
- iSEC - Psiphon-3-iSEC-Partners-v1.1-08-2014
- iSEC - Tor-Browser-Bundle-iSEC-Deliverable-1.3-2
- iSEC - TrueCrypt Phase II NCC OCAP final
- ITProTV - AI WEB REPORT 1 1
- Kudelski-Security - KudelskiBulletproofsFinal
- Kudelski-Security - Report-Kudelski-201907022
- KudelskiSecurity-X41 - Kudelski-X41-Wire-Report-phase1-20170208
- KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-Android
- KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-iOS
- KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-Web-Calling
- LeastAuthority - LeastAuthority-Cryptocat-audit-report
- LeastAuthority - LeastAuthority-GlobaLeaks-audit-report
- Leviathan - Leviathan Golden Frog Report - VyprVPN
- Leviathan - OmniFileStore Encryption Review - FINAL - 06102016
- Leviathan - SpiderOak-Crypton pentest-Final report u
- LogicalTrust - LogicalTrust-OPNsense-security-assessment-report
- Matasano - Matasano SourceT Security Evaluation Report
- Matasano - wp-multistore-security-analysis
- MITRE - pr-16-0202-android-security-analysis-final-report
- mnemonic - mnemonic - Norwegian electronic voting system
- mnemonic - watchout-rapport-october-2017
- NCCGroup - NCC Group Dell DELL195 PublicReport 2021-04-30 v1.0
- NCCGroup - NCC Group EthereumFoundation ETHF002 Report 2021-01-20 v1.0
- NCCGroup - NCC Group Google EncryptedBackup 2018-10-10 v1.0
- NCCGroup - NCC Group Google GOOG065C Report 2020-08-13 v2.0
- NCCGroup - NCC Group Google GOOG169 Report 2022-04-07 v1.2
- NCCGroup - NCC Group Keybase KB2018 Public Report 2019-02-27 v1.3
- NCCGroup - NCC Group MobileCoin RustCrypto AESGCM ChaCha20Poly1305 Implementation Review 2020-02-12 v1.0
- NCCGroup - NCC Group O1Labs O1LB001 Report 2020-05-11 v1.1
- NCCGroup - NCC Group O1LabsOperatingCo Report 2022-02-21 v1.0
- NCCGroup - NCC Group ProtocolLabs FilecoinGroth16 Report 2021-06-02
- NCCGroup - NCC Group ProtocolLabs PRLB007 Report 2020-10-20 v1.0
- NCCGroup - NCC Group Qredo Apache Milagro MPC Cryptographic Review 2020-07-16 v1.3
- NCCGroup - NCC Group WhatsApp E001000M Report 2021-10-27 v1.2
- NCCGroup - NCC Group WhatsAppLLC OPAQUE Report 2021-12-10 v1.3
- NCCGroup - NCC Group Zcash NU3 Blossom Report 2020-02-06 v1.1
- NCCGroup - NCC Group Zcash NU5 PublicReportFinal
- NCCGroup - NCC Group Zcash ZCHX006 Report 2020-09-03 v2.0
- NCCGroup - NCC Group ZenBlockchainFoundation E001741 Report 2021-11-29 v1.2
- NCCGroup - NCC Group Zephyr MCUboot Research Report 2020-05-26 v1.0
- NCCGroup - NCC Microsoft-go-cose-Report 2022-05-26 v1.0
- NCCGroup - NCC-Group-Public-Report-VPN-by-Google-One-v1.0
- Nettitude - management report linux foundation iroha march 2018 v1
- Nettitude - technical report linux foundation iroha march 2018 v1
- NiiConsulting - NII Penetration Testing Report v1.2
- OffensiveSecurity - penetration-testing-sample-report-2013
- OPM-OIG - OPM-OIG - US Office of Personnel Management
- OS3 - tinder-report
- Paragon-Initiative-Enterprises - ByteJail-1.1
- Paragon-Initiative-Enterprises - ByteJailBackend
- Paragon-Initiative-Enterprises - BytejailClient
- Paragon-Initiative-Enterprises - BytejailCore
- Paragon-Initiative-Enterprises - LCoubucciJWT
- Paragon-Initiative-Enterprises - NaclKeys
- Pentest-Limited - Report URI - 2020 Penetration Test Report
- PenTestHub - EXAMPLE-Penetration Testing Report v.1.0
- PrimoConnect - SAMPLE+Security+Testing+Findings
- PrincetonUni - Princeton University - Diebold AccuVote-TS
- PrincetonUni - Princeton University - Safeplug
- ProCheckUp - CHECK-1-2012
- PulsarComputerConsultingGmbh - Sample Pentest Report
- PurpleSec - Sample-Penetration-Test-Report-PurpleSec
- PwC - PwC - HM Revenue and Customs
- QuarksLab - 14-03-022 ChatSecure-sec-assessment
- QuarksLab - 18-04-720-REP v1.2
- QuarksLab - OpenVPN1.2final
- QuarksLab - OSTIF-QuarksLab-Monero-Bulletproofs-Final2
- QuarksLab - Report-Quarkslab1
- QuarksLab - VeraCrypt-Audit-Final-for-Public-Release
- RadicallyOpenSecurity - Graphite-report
- RadicallyOpenSecurity - Libexpat-report
- RadicallyOpenSecurity - Mullvad VPN Pentest Report 2023 1.1
- RadicallyOpenSecurity - NL-covid19-code review
- RadicallyOpenSecurity - OMEMO-Cryptographic-Analysis-Report
- RadicallyOpenSecurity - Paskoocheh-Proxy-Servers-Report
- RadicallyOpenSecurity - REP-20170303-vv1-pen-otf-ushahidi-pentest Redacted
- RadicallyOpenSecurity - report otf-orc
- RadicallyOpenSecurity - uProxy-report
- Randorisec - randorisec-pentest-report-thehive-v1-0-tlp white
- RedSiege - RedSiege-SampleReport
- RhinoSecurityLabs - RSL Network Pentest Sample Report
- Sakurity - Sakurity - Peatio
- SECConsult - ProtonVPN-Android-app-audit-report-2020
- SECConsult - ProtonVPN-macOS-app-audit-report-2020
- SECConsult - ProtonVPN-Windows-app-audit-report-2020
- Secura - Coronamelder-REPORT-v1.0
- SecureIdeas - Instructure Canvas Security Summary 2013
- SecureIdeas - SecureIdeas SampleReport 2020
- SecureLayer7 - Penetration-testing-report--open-source-Ruby-on-rails-Refinery-CMS
- SecureLayer7 - SecureLayer7-Pentest-report-Pagekit-CMS
- Securitum - enventory-sample-pentest-report
- Securitum - Livecall web 20200306 public
- Securitum - raport testy bezpieczenstwa yetiforce
- Securitum - SECURITUM Raport z testow bezpieczenstwa 20200720-PL
- Securitum - securitum-protonmail-security-audit
- Securitum - securitum-protonvpn-nologs-20220330
- Securitum - simplelogin-android
- Securitum - simplelogin-web
- SecurusGlobal - Instructure Canvas Security Summary 2011
- SecurusGlobal - Instructure Canvas Security Summary 2012
- SinglePointOfContact - SPoC Penetration-Test
- Sixgen - Trinity-Sixgen-Assessment
- SwissCERT - Report Ruag-Espionage-Case
- Syslifters - Demo-Report Syslifters AD v1.0
- Syslifters - Demo-Report Syslifters External v1.0
- Syslifters - Demo-Report Syslifters Web v1.0
- TBGSecurity - tbg-sample-2016
- TCMSecurity - Demo Company - Security Assessment Findings Report
- TCMSecurity - TCMS-Demo-Corp-Security-Assessment-Findings-Report
- TrailOfBits - Helm Final Report 2020
- TrailOfBits - Kubernetes Final Report
- TrailOfBits - livepeer
- TrailOfBits - nucypher
- TrailOfBits - PegaSys-Pantheon-Final-Report-Updated
- TrailOfBits - sai
- TrailOfBits - ToB RandomX-Monero
- TrailOfBits - Trail of Bits - Apple iOS 4
- TrailOfBits - Zlib-report
- TrustFoundry - TrustFoundry - Sample - Application Penetration Test - v1.0
- TVS - template-penetration-testing-report-v03
- UnderDefense - Anonymised-BlackBox-Penetration-Testing-Report
- UnderDefense - Anonymised-Web-and-Infrastructure-Penetration-Testing-Report 2019
- UniWashington - UW-CSE-13-08-02
- Veracode - Veracode - Cryptocat
- Veracode - Veracode - GlobaLeaks and Tor2web
- Verizon - verizon-stratfor-hack
- VoidSec - VoidSec-Ghost
- Volkis - Company Name - Security Review and Phishing Campaign v1.0
- X41-D-SEC - Report-X41-20190705
- X41-D-SEC - X41-Unbound-Security-Audit-2019-Final-Report