Public pentest reports

Follow the links to see more details and a PDF for each one of the penetration test reports.

• astra - Astra-Security-Sample-VAPT-Report
• BishopFox - Beast - Hybrid Application Assessment 2017 - Assessment Report - 20171114
• BishopFox - Bishop Fox Assessment Report - Winston Privacy
• BishopFox - Bishop-Fox-Research-Report-Efficacy-of-micro-segmentation-V01
• BishopFox - C Plus Plus Alliance - Boost JSON Security Assessment 2020 - Assessment Report - 20210317
• BishopFox - CF2016 Security Audit Report
• BishopFox - stj expert witness report
• BitesPenTesting - long-penetration-test-report
• BitesPenTesting - penetration-test-report
• BitesPenTesting - short-penetration-test-report
• BlazeInformationSecurity - Annihilatio smart contract security review 1.0 final
• BlazeInformationSecurity - Public Jury.Online Smart Contract Security Review
• Bugcrowd - Instructure Canvas Security Summary 2014
• Bugcrowd - Instructure Canvas Security Summary 2015
• Chess-CyberSecurity - chess-cybersecurity-penetration-testing-sample-report
• Cobalt - Pentest-report-for-shiftleft
• Coinspect - CoinspectReportZcash2016
• COMSATS_Islamabad-CyberSecurityLab - Threat Modeling Trinity Wallet
• Consensys - 0x-v3-audit-2019-09
• Consensys - 0x-v3-staking-audit-2019-10
• Consensys - 2018-09-20 - Full Ecosystem [Phase 2] - Audit by ConsenSys final
• Consensys - ConsenSys Diligence Audit Report
• Consensys - dandelion-audit-2019-12
• Consensys - foam-controller-audit-report-2018-08-24-master
• Consensys - omisego-morevp-audit-2019-10
• Consensys - orchid-audit-2019-10
• Consensys - SimpleMultisigWallet Audit
• Consensys - vega-vegatoken-audit-2020-01
• Consensys - vyper-audit-2019-10
• Cure53 - analysis-report bxaq
• Cure53 - analysis-report ijop
• Cure53 - analysis-report sgn
• Cure53 - Dnsmasq-report
• Cure53 - HLM-01-report
• Cure53 - Jaeger Cure53 20190504
• Cure53 - pentest-report accessmyinfo
• Cure53 - pentest-report bitwarden
• Cure53 - pentest-report briar
• Cure53 - pentest-report casebox-1
• Cure53 - pentest-report casebox-2
• Cure53 - pentest-report clipperz
• Cure53 - pentest-report CoreDNS
• Cure53 - pentest-report cryptech
• Cure53 - pentest-report Cryptocat-2
• Cure53 - pentest-report curl
• Cure53 - pentest-report Curl
• Cure53 - pentest-report cyph
• Cure53 - pentest-report dompurify
• Cure53 - pentest-report dovecot
• Cure53 - pentest-report envoy
• Cure53 - pentest-report fdroid
• Cure53 - pentest-report fluent
• Cure53 - pentest-report frame
• Cure53 - pentest-report fxa
• Cure53 - pentest-report globaleaks
• Cure53 - pentest-report libjpeg-turbo
• Cure53 - pentest-report libssh
• Cure53 - pentest-report mailvelope
• Cure53 - pentest-report metamask
• Cure53 - pentest-report minilock
• Cure53 - pentest-report mullvad v2
• Cure53 - pentest-report mycrypto
• Cure53 - pentest-report nitrokey
• Cure53 - pentest-report nitrokey-hardware
• Cure53 - pentest-report ntp
• Cure53 - pentest-report ntpsec
• Cure53 - pentest-report onion-browser
• Cure53 - pentest-report opa
• Cure53 - pentest-report openkeychain
• Cure53 - pentest-report openpgpjs
• Cure53 - pentest-report padlock
• Cure53 - pentest-report pcre
• Cure53 - pentest-report peerio
• Cure53 - pentest-report prometheus
• Cure53 - pentest-report psiphon
• Cure53 - pentest-report remembear
• Cure53 - pentest-report SC4
• Cure53 - pentest-report securedrop
• Cure53 - pentest-report smartsheriff
• Cure53 - pentest-report smartsheriff-2
• Cure53 - pentest-report streamcryptor
• Cure53 - pentest-report Subrosa-may2014
• Cure53 - pentest-report surfshark
• Cure53 - pentest-report telekube
• Cure53 - pentest-report teleport
• Cure53 - pentest-report tuf
• Cure53 - pentest-report whiteout
• Cure53 - pentest-report-mozilla-vpn-apps-clients-03-2021
• Cure53 - Pomerium-Cure53-042021
• Cure53 - Thunderbird-enigmail-report
• Cure53 - VIT-01-report
• Cynergi-Solutions - eclipse-bank-security-assessment-report-example
• Defuse - gocryptfs-cryptography-design-audit
• Doyensec - Doyensec Basecamp HEY Platform Q32020 SAS
• Doyensec - Doyensec Gravitational GravityPlatform Q22019
• Doyensec - Doyensec Gravitational Teleport CloudTesting Q12021
• Doyensec - Doyensec Gravitational Teleport FeaturesTesting Q32021
• Doyensec - Doyensec Gravitational Teleport FeaturesTesting Q42021
• Doyensec - Doyensec Gravitational Teleport Testing Q22019
• Doyensec - Doyensec Gravitational Teleport Testing Q42020
• Doyensec - Doyensec SoloKeys Firmware Q12020
• FalanxCyberDefence - realvnc-penetration-test
• FH-Munster - security audit report threema 2019
• Fireye - ACCELLION FTA Security Assessment Summary 2021
• Fox-IT - 201912 Report Operation Wacao
• Fox-IT - Fox-IT - DigiNotar
• Fraunhofer - Fraunhofer - TrueCrypt
• FTIConsulting - FTI-Report-into-Jeff-Bezos-Phone-Hack
• GlitchSecure - GlitchSecure-Example-Pentest-Report-05-2023-1684260695
• GlitchSecure - GlitchSecure-Example-Vulnerability-Assessment-Report-06-2023-1684271621
• Hacken - 03042021 Kalmar SC Audit Report
• Hacken - 1inch-v2-audit-report-hacken
• Hacken - 20210218-Hacken-ACryptoSFarmV2
• Hacken - audit report
• Hacken - Dexe SC Audit Report
• Hacken - GosseDeFi-hackenAudit
• Hacken - Hacken-SONM-Security-Audit
• Hacken - Statera SC Audit Report
• Hacken - YFD-Audit-Report-211220
• HackerOne - HackerOne Pentest Challenge Report - 2020-03-31
• HackmanIT - 2019-03 DENIC ID
• HighBitSecurity - HB SampeRpt PenTesting
• IncludeSecurity - IncludeSec SecureDrop Workstation Asmt November 2018
• IncludeSecurity - relaycorp relaynet network protocol
• IncludeSecurity - Streisand security config review
• IncludeSecurity - Tcpdump Libpcap code review
• IndependentSecurityEvaluators - ISE - Apple iPhone
• InsecuritySH-PrivacyCanada - Openemr insecurity
• IOActive - ioactive-bromium-test-report-final
• iSEC - 150922 iSEC Security First Umbrella Final 2015-06-26 v1.1
• iSEC - iSEC Cryptocat iOS
• iSEC - iSec Final Open Crypto Audit Project TrueCrypt Security Assessment
• iSEC - iSEC OTF FPF SecureDrop Deliverable v1.2
• iSEC - iSEC Wikimedia
• iSEC - Mailvelope-iSEC-Final-v1.2
• iSEC - ncc docker notary audit 2015 07 31
• iSEC - NCC Group - phpMyAdmin
• iSEC - NCC Group - Ricochet
• iSEC - NCC Group Olm Cryptogrpahic Review 2016 11 01
• iSEC - NCC Group Zcash Crypto Report 2016 -10-10
• iSEC - ncc osquery security assessment 2016 01 25
• iSEC - OTF Security Audit Review
• iSEC - Psiphon-3-iSEC-Partners-v1.1-08-2014
• iSEC - Tor-Browser-Bundle-iSEC-Deliverable-1.3-2
• iSEC - TrueCrypt Phase II NCC OCAP final
• ITProTV - AI WEB REPORT 1 1
• Kudelski-Security - KudelskiBulletproofsFinal
• Kudelski-Security - Report-Kudelski-201907022
• KudelskiSecurity-X41 - Kudelski-X41-Wire-Report-phase1-20170208
• KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-Android
• KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-iOS
• KudelskiSecurity-X41 - X41-Kudelski-Wire-Security-Review-Web-Calling
• LeastAuthority - LeastAuthority-Cryptocat-audit-report
• LeastAuthority - LeastAuthority-GlobaLeaks-audit-report
• Leviathan - Leviathan Golden Frog Report - VyprVPN
• Leviathan - OmniFileStore Encryption Review - FINAL - 06102016
• Leviathan - SpiderOak-Crypton pentest-Final report u
• LogicalTrust - LogicalTrust-OPNsense-security-assessment-report
• Matasano - Matasano SourceT Security Evaluation Report
• Matasano - wp-multistore-security-analysis
• MITRE - pr-16-0202-android-security-analysis-final-report
• mnemonic - mnemonic - Norwegian electronic voting system
• mnemonic - watchout-rapport-october-2017
• NCCGroup - NCC Group Dell DELL195 PublicReport 2021-04-30 v1.0
• NCCGroup - NCC Group EthereumFoundation ETHF002 Report 2021-01-20 v1.0
• NCCGroup - NCC Group Google EncryptedBackup 2018-10-10 v1.0
• NCCGroup - NCC Group Google GOOG065C Report 2020-08-13 v2.0
• NCCGroup - NCC Group Google GOOG169 Report 2022-04-07 v1.2
• NCCGroup - NCC Group Keybase KB2018 Public Report 2019-02-27 v1.3
• NCCGroup - NCC Group MobileCoin RustCrypto AESGCM ChaCha20Poly1305 Implementation Review 2020-02-12 v1.0
• NCCGroup - NCC Group O1Labs O1LB001 Report 2020-05-11 v1.1
• NCCGroup - NCC Group O1LabsOperatingCo Report 2022-02-21 v1.0
• NCCGroup - NCC Group ProtocolLabs FilecoinGroth16 Report 2021-06-02
• NCCGroup - NCC Group ProtocolLabs PRLB007 Report 2020-10-20 v1.0
• NCCGroup - NCC Group Qredo Apache Milagro MPC Cryptographic Review 2020-07-16 v1.3
• NCCGroup - NCC Group WhatsApp E001000M Report 2021-10-27 v1.2
• NCCGroup - NCC Group WhatsAppLLC OPAQUE Report 2021-12-10 v1.3
• NCCGroup - NCC Group Zcash NU3 Blossom Report 2020-02-06 v1.1
• NCCGroup - NCC Group Zcash NU5 PublicReportFinal
• NCCGroup - NCC Group Zcash ZCHX006 Report 2020-09-03 v2.0
• NCCGroup - NCC Group ZenBlockchainFoundation E001741 Report 2021-11-29 v1.2
• NCCGroup - NCC Group Zephyr MCUboot Research Report 2020-05-26 v1.0
• NCCGroup - NCC Microsoft-go-cose-Report 2022-05-26 v1.0
• NCCGroup - NCC-Group-Public-Report-VPN-by-Google-One-v1.0
• Nettitude - management report linux foundation iroha march 2018 v1
• Nettitude - technical report linux foundation iroha march 2018 v1
• NiiConsulting - NII Penetration Testing Report v1.2
• OffensiveSecurity - penetration-testing-sample-report-2013
• OPM-OIG - OPM-OIG - US Office of Personnel Management
• OS3 - tinder-report
• Paragon-Initiative-Enterprises - ByteJail-1.1
• Paragon-Initiative-Enterprises - ByteJailBackend
• Paragon-Initiative-Enterprises - BytejailClient
• Paragon-Initiative-Enterprises - BytejailCore
• Paragon-Initiative-Enterprises - LCoubucciJWT
• Paragon-Initiative-Enterprises - NaclKeys
• Pentest-Limited - Report URI - 2020 Penetration Test Report
• PenTestHub - EXAMPLE-Penetration Testing Report v.1.0
• PrimoConnect - SAMPLE+Security+Testing+Findings
• PrincetonUni - Princeton University - Diebold AccuVote-TS
• PrincetonUni - Princeton University - Safeplug
• ProCheckUp - CHECK-1-2012
• PulsarComputerConsultingGmbh - Sample Pentest Report
• PurpleSec - Sample-Penetration-Test-Report-PurpleSec
• PwC - PwC - HM Revenue and Customs
• QuarksLab - 14-03-022 ChatSecure-sec-assessment
• QuarksLab - 18-04-720-REP v1.2
• QuarksLab - OpenVPN1.2final
• QuarksLab - OSTIF-QuarksLab-Monero-Bulletproofs-Final2
• QuarksLab - Report-Quarkslab1
• QuarksLab - VeraCrypt-Audit-Final-for-Public-Release
• RadicallyOpenSecurity - Graphite-report
• RadicallyOpenSecurity - Libexpat-report
• RadicallyOpenSecurity - Mullvad VPN Pentest Report 2023 1.1
• RadicallyOpenSecurity - NL-covid19-code review
• RadicallyOpenSecurity - OMEMO-Cryptographic-Analysis-Report
• RadicallyOpenSecurity - Paskoocheh-Proxy-Servers-Report
• RadicallyOpenSecurity - REP-20170303-vv1-pen-otf-ushahidi-pentest Redacted
• RadicallyOpenSecurity - report otf-orc
• RadicallyOpenSecurity - uProxy-report
• Randorisec - randorisec-pentest-report-thehive-v1-0-tlp white
• RedSiege - RedSiege-SampleReport
• RhinoSecurityLabs - RSL Network Pentest Sample Report
• Sakurity - Sakurity - Peatio
• SECConsult - ProtonVPN-Android-app-audit-report-2020
• SECConsult - ProtonVPN-macOS-app-audit-report-2020
• SECConsult - ProtonVPN-Windows-app-audit-report-2020
• Secura - Coronamelder-REPORT-v1.0
• SecureIdeas - Instructure Canvas Security Summary 2013
• SecureIdeas - SecureIdeas SampleReport 2020
• SecureLayer7 - Penetration-testing-report--open-source-Ruby-on-rails-Refinery-CMS
• SecureLayer7 - SecureLayer7-Pentest-report-Pagekit-CMS
• Securitum - enventory-sample-pentest-report
• Securitum - Livecall web 20200306 public
• Securitum - raport testy bezpieczenstwa yetiforce
• Securitum - SECURITUM Raport z testow bezpieczenstwa 20200720-PL
• Securitum - securitum-protonmail-security-audit
• Securitum - securitum-protonvpn-nologs-20220330
• Securitum - simplelogin-android
• Securitum - simplelogin-web
• SecurusGlobal - Instructure Canvas Security Summary 2011
• SecurusGlobal - Instructure Canvas Security Summary 2012
• SinglePointOfContact - SPoC Penetration-Test
• Sixgen - Trinity-Sixgen-Assessment
• SwissCERT - Report Ruag-Espionage-Case
• Syslifters - Demo-Report Syslifters AD v1.0
• Syslifters - Demo-Report Syslifters External v1.0
• Syslifters - Demo-Report Syslifters Web v1.0
• TBGSecurity - tbg-sample-2016
• TCMSecurity - Demo Company - Security Assessment Findings Report
• TCMSecurity - TCMS-Demo-Corp-Security-Assessment-Findings-Report
• TrailOfBits - Helm Final Report 2020
• TrailOfBits - Kubernetes Final Report
• TrailOfBits - livepeer
• TrailOfBits - nucypher
• TrailOfBits - PegaSys-Pantheon-Final-Report-Updated
• TrailOfBits - sai
• TrailOfBits - ToB RandomX-Monero
• TrailOfBits - Trail of Bits - Apple iOS 4
• TrailOfBits - Zlib-report
• TrustFoundry - TrustFoundry - Sample - Application Penetration Test - v1.0
• TVS - template-penetration-testing-report-v03
• UnderDefense - Anonymised-BlackBox-Penetration-Testing-Report
• UnderDefense - Anonymised-Web-and-Infrastructure-Penetration-Testing-Report 2019
• UniWashington - UW-CSE-13-08-02
• Veracode - Veracode - Cryptocat
• Veracode - Veracode - GlobaLeaks and Tor2web
• Verizon - verizon-stratfor-hack
• VoidSec - VoidSec-Ghost
• Volkis - Company Name - Security Review and Phishing Campaign v1.0
• X41-D-SEC - Report-X41-20190705
• X41-D-SEC - X41-Unbound-Security-Audit-2019-Final-Report