This repository contains a toolchain to generate pentest reports based on Markdown inputs.
Clone repository:
$ git clone https://github.com/lauritzh/md-report-generator.gitInstall dependencies:
$ make initRun generation script for full report:
$ make allAlternatively only show findings:
$ make view-findingsOr export single PDFs for each finding:
$ make findingsThis repository can be cloned in order to obtain a self-containing pentest report with its generation script.
Basic configuration is available within the config.yaml file:
title: "Example Report"
author: "Lauritz Holtmann"
customer: "Demo Company"Content such as introduction and conclusion can be found within the content/ directory:
$ ls content
conclusion.md introduction.md scope.md technical-details.mdTo add a new finding, copy an example file from findings/ and adjust its contents. Each file contains basic meta data as HTML comment (YAML format) followed by the main contents of the finding:
<!--
title: Example Vuln
asset: Test Shop
CWE-ID: CWE-79
CWE-Link: https://cwe.mitre.org/data/definitions/79.html
cvss:
AV: N # Attack Vector: Network (N), Adjacent (A), Local (L), Physical (P)
AC: L # Attack Complexity: Low (L), High (H)
PR: N # Privileges Required: None (N), Low (L), High (H)
UI: R # User Interaction: None (N), Required (R)
S: U # Unchanged (U), Changed (C)
C: H # Confidentiality: High (H), Low (L), None (N)
I: L # Integrity: High (H), Low (L), None (N)
A: N # Availability: High (H), Low (L), None (N)
-->
Lorem Ipsum dolor sit amet...
[...]- Add argument parser
- Optional: Separate PDF files for findings (e.g. useful to share preliminary results with customer)
- Use constant finding IDs
- Add support for compiling from intermediate files (save Markdown and HTML files during generation)
This repository is licensed under the Unlicense.