DirtyScripts / ReportToolz /
root authored on 14 Nov 2019
..
classes added some stuff 5 years ago
templates repgen revision 1 added 5 years ago
README.md repgen revision 1 added 5 years ago
rep2.php added some stuff 5 years ago
repgen.php repgen revision 1 added 5 years ago
README.md

First copy templates/odt/config.conf to current work dir.

Fill out fields in config.conf (company name, your name, contact, tel etc.)

As pentesting copy vulnerability.json for each issue found to current work dir

End of test generate report:

╰» ./repgen.php -p "/mnt/hgfs/Pentest/pentests/2019/Company/" 
_____ _____ _____ Gen
||_// ||==  ||_// 
|| \  ||___ ||    

[!] path: /mnt/hgfs/Pentest/pentests/2019/Company/
[+] doc extracted
[+] added config values
[!] sorting vulns by CVSS
[+] added Low: Software Version Numbers Disclosed
[+] added Low: Verbose Error Reporting Enabled
[+] added Medium: Mising Security Headers
[+] added Medium: Insescure SSL Certificate Detected
[+] added Medium: Missing Cookie Attributes
[+] added Medium: jQuery Vulnerabilities
[+] added Low: Wildcard SSL Certificate
[=] generated report: /mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt
[+] temp files removed

Create all of the tables from that report:

╰» ./rep2.php -d "/mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt" 
_____ _____ _____ 2
||_// ||==  ||_// 
|| \  ||___ ||    

[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/repgen.odt
[+] doc extracted
[=] fonts found: 23
[+] vulnerabilities identified
[+] temp files removed
[+] created directory /mnt/hgfs/Pentest/pentests/2019/Company/rep2/
[+] medium issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_medium.csv
[+] low issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_low.csv
[+] all issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_all.csv
[+] remediation table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/remediation.csv
[+] OWASP table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/owasp.csv
[=] Serious = 0, High = 0, Medium = 4, Low = 3

Ref    | Title                             |  Risk  |  CVSS  |  Remediation  |  OWASP
-------|-----------------------------------|--------|--------|---------------|------------------------------
5.1.1  |Missing Security Headers           |Medium  |5.1     |Configuration  |A6 Security Misconfiguration  
5.1.2  |Insecure SSL Certificate Detected  |Medium  |4.8     |Configuration  |A6 Security Misconfiguration  
5.1.3  |Missing Cookie Attributes          |Medium  |4.7     |Configuration  |A6 Security Misconfiguration  
5.1.4  |jQuery Vulnerabilities             |Medium  |4.3     |Configuration  |A9 Components with Known Vulne
5.2.1  |Software Version Numbers Disclosed |Low     |5.3     |Configuration  |A6 Security Misconfiguration  
5.2.2  |Verbose Error Reporting Enabled    |Low     |5.3     |Configuration  |A6 Security Misconfiguration  
5.2.3  |Wildcard SSL Certificate           |Low     |3.7     |Configuration  |A6 Security Misconfiguration