Skip to content

Reporting

Jump to bottom
Melvin PETIT edited this page Jun 17, 2026 · 1 revision

Reporting

Menu key: 5 · File: lib/modules/report.sh · Entry point: kraken_report_run

Walks the current session directory and aggregates every module's output into a single report. As of v1.2 it produces two formats side by side.

Output formats

File Format Use
REPORT_<timestamp>.txt Plaintext terminal review, grep, legacy tooling
REPORT_<timestamp>.md Markdown paste into tickets, wikis, client deliverables

Both are generated from the same session data in one pass, so they stay consistent. The plaintext format is unchanged from earlier versions.

Report structure

  1. Header – generation time, operator (user@host), session name.
  2. Executive summary – total findings, hosts scanned, open ports, vulnerabilities, scope (the list of targets), output directory.
  3. Reconnaissance – per-target subdomain counts and DNS records.
  4. Port scanning – per-target open ports and detected services.
  5. Web enumeration – per-target HTTP status, discovered paths, technologies.
  6. Vulnerability assessment – per-target findings.
  7. Recommendations – standard remediation guidance.

The Markdown variant renders the summary as a table and each module as headings with fenced code blocks, so it is readable as-is on GitHub or in any Markdown viewer.

How the summary is computed

Metric Source
Total findings lines matching MISSING_HEADER / HTTP_METHODS / INFO_DISCLOSURE across all findings.txt
Hosts scanned count of recon_* and scan_* directories
Open ports sum of open lines across all nmap_services.txt
Scope target names parsed from the recon_/scan_/web_/vuln_ directory prefixes

Viewing

After generation Kraken offers to open the report immediately (via less if available, else cat) and prints the paths so you can open them later:

cat  kraken_output/<session>/REPORT_<timestamp>.txt
less kraken_output/<session>/REPORT_<timestamp>.md

Notes

  • Run the report after the other modules, it only sees files that already exist in the session.
  • Re-running creates a new timestamped pair, it never overwrites a previous report.
  • See Output Structure for where reports live within a session.

Kraken Pentest Framework · MIT License · Maintained by Melvin PETIT · For authorized security testing only.

Kraken

Getting started

Reference

Modules

Development

More

Clone this wiki locally