The amount of time writing the report during an assessment could frustrate everybody, a good looking report it is necessary to correctly capture the discovered findings. While I was testing other great reporting tools like PTART, writehat or pwndoc I didn’t found the one that could cover all our needs. So why not to do it yourself?
To manage the data I used django, for the PDF reporting OSCP-Exam-Report-Template-Markdown and pandoc, for the frontend AdminLTE.
PeTeReport
PeTeReport (PenTest Report) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports.
Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase.
PeTeReport (PenTest Report) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).
Pentesting content management and reporting tool
Documentation
Installation and deployment
Features
- Customizable reports output
- Customizable reports templates
- Findings template database
- Possibility to add appendix to findings
- Possibility to add attack trees Deciduous to findings
- HTML Output format
- CSV Output format
- PDF Output format
- Jupyter Notebook Output format
- Markdown Output format
- CVSS 3.1 Score
- Docker installation
- DefectDojo integration
- User management