PeTeReport (PenTest Report) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writing and generation of reports.
Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase.
PeTeReport (PenTest Report) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).
Architecture
Features
Installation And Deployment
Docker
Environment
$ sudo apt install docker.io docker-compose
Deployment
$ cd /opt $ git clone https://github.com/1modm/petereport $ cd petereport
app/config/petereport_config.py
$ docker-compose up –build
Django Installation
Prerequisites
PeTeReport requires Python ≥ 3.8. Recommended installation requires pip
. As a base requirement, the following packages are needed:
$ sudo apt-get install python3-pip python3-venv build-essential
$ sudo zypper install python3-devel gcc
$ sudo yum install python3-devel gcc
Environment
It is strongly recommended to set up the installation in a virtual environment (Pipenv):
Pipenv
$ sudo apt-get install pipenv
$ python3 -m pip install pipenv
$ brew install pipenv
Dependencies
Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh
Latex
Linux:
$ sudo apt-get install texlive-full
Mac:
$ brew remove basictex $ brew cask install mactex
Pandoc
Linux:
$ sudo apt-get install pandoc $ sudo apt-get install python3-pypandoc
Mac:
$ brew install pandoc $ brew install pandoc-citeproc
Eisvogel
$ python3 -m pip install pandoc-latex-environment
/Users/$USER/.pandoc/templates/eisvogel.latex
or /home/$USER/.pandoc/templates
PeTeReport
cd petereport/
pipenv install
pipenv shell
cd app/
python manage.py migrate
python manage.py makemigrations
python manage.py createsuperuser
python manage.py loaddata config/cwe-list.json
Start The Server
pipenv shell
cd app/
python manage.py runserver
or python manage.py runserver 0.0.0.0:8000
Ctrl + C
Upgrade PeTeReport
Ctrl + C
git pull
or download the source and replace the files.pipenv install
pipenv shell
python manage.py makemigrations
python manage.py migrate
python manage.py runserver
Clean PeTeReport
Ctrl + C
pipenv shell
cd app/
python clean.py
python manage.py makemigrations
python manage.py migrate
python manage.py runserver
Configuration
Ctrl + C
app/config/petereport_config.py
python manage.py runserver
or python manage.py runserver 0.0.0.0:8000
Default Credentials
User Management
The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer.
List of users and roles
Create new users
Products
The products module facilitate the management of products. A product is defined by:
List of products
Create new products
Reports
The report module facilitate the management of products. A report is defined by:
List of Reports
Create new reports
Report Details
Findings
The finding module facilitate the management of findings in the reports. A finding is defined by:
List of findings
Create new findings
Add Finding From Templates
Can be added findings to a report from the template list previously created.
Import Findings From DefectDojo
We can import the findings from DefectDojo, first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment.
Edit configuration in app/config/petereport_config.py
DEFECTDOJO_CONFIG = { ‘DefectDojoURL’: ‘https://demo.defectdojo.org’, ‘apiKey’: ‘Token Key’ # Format Token Key }
Import Findings from CSV
Can be imported from a CSV findings following the next format:
// Comma-separated values (CSV) file format
“ID”,”Status”,”Title”,”Severity”,”CVSS Base Score”,”CVSS Score”,”CWE”,”Description”,”Location”,”Impact”,”Recommendation”,”References”,”Appendix”,”Appendix Description”
“2834q345-b24e-4ghf-r86d-ftue38af5480″,”Open”,”Finding 1″,”Low”,”3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)”,”3.7″,”73″,”Description”,”127.0.0.1″,”Impact”,”Recommendation”,”References”,”Appendix”,”Appendix Description”
CWE List
When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre:
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…