In recent years, automotive cyber security incidents occur frequently, WP 29 Passed R155, the world's first mandatory automotive cyber security regulation. No matter from the perspective of security enhancement or meeting the requirements of standards and regulations, enterprises need to carry out penetration testing in the process of research and development. However, including standards and regulations, there is no uniform acceptance specification for the deliverables of penetration testing. According to KBA's requirements for type approval, type approval needs to review test documents in the R&D process, so the quality of test documents becomes particularly important. This paper aims to study the specification of penetration test document set based on domestic and foreign regulations and standards, and help enterprises improve the quality of penetration test documents.