At the end of your penetration test, you should have a clear understanding of real ways a threat actor may utilize to gain access into systems and data within your organization.
If not, and you received a long list of vulnerabilities without a clear understanding of which is exploitable, that is pretty much a vulnerability-scan.
A growing trend for 2022, many organizations are ditching those fancy platforms in favor of a real penetration test by experienced ethical hackers. The platform based penetration testing may work out for some companies, but there is no replacement for a traditional and manual pen-test.
A penetration test should display what tactics, tools and procedures a threat-actor used to exploit vulnerabilities that were discovered across networks and systems within your organization. It should include sections for the various tasks, including tools used and screenshots of the evidence. A findings section should also clearly describe each finding and a risk-rank table should display the severity of the findings (informational, low, medium, high, critical).
Contact us at Black Hat Pen-Test for a sample report.