Report template

[noraj]

cbk914 (#38 (comment))

The demo site is not working, there's some way to import the report templates and the vulnerabilities from Github into the Reconmap WUI?

Vulnerability templates should be importable from https://demo.reconmap.org/system/import-data but you need to be connected as admin.

But it's true that report templates are not very configurable.

The documentation https://reconmap.org/user-manual/pentest-report-configuration.html says

Reconmap simplifies by creation of pentest reports with the use of customisable templates. It comes with a pre-defined pentest report template but you can change styles, cover, header and footer, as well as deciding which options to include or exclude from the report.

It's true that the Configuration tab on Report generation let you choose some options and custom headers for example.

But the documentation don't say what is the expected format? HTML? a templating language? LaTeX? only text or markdown is supported?

I was expecting something similar to Pwndoc https://pwndoc.github.io/pwndoc/#/docxtemplate or PCF https://gitlab.com/invuls/pentest-projects/pcf/-/wikis/Reports%20moderation

• The ability to import custom report templates
• Template using fiels so the report is 100% customizable
• The ability to create custom fields in vulnerabilities that can be added in the report

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[noraj]

unstale

[santiagolizardo]

Hi @noraj ; I have implemented a basic report generation system based on Docx templates. You can see it live on the demo instance.
Basically, Reconmap comes with a very basic Docx template, but you can modify it and upload a new one to use in your reports.

Hope you find it useful. Feedback as always is very welcome

[noraj]

@santiagolizardo Amazing I need to test that soon, but I didn't find the documentation about it? I suppose a pointer to the library used would be enough if the library used already has a documentation explaining how to craft templates.

[santiagolizardo]

Good point @noraj . I am using https://phpword.readthedocs.io/en/latest/templates-processing.html to generate the word documents using templates. The syntax is somehow limited (eg no conditionals), but does the trick for now.
Thanks

[noraj]

reconmap/documentation#7

[noraj]

I checked the doc and the template, so there are no loops but cloneblocks to iterate over all vulnerabilities of a project?

[noraj]

Seems that vuldash (php) was using PhpWord (php) too https://github.com/talsoft/vuldash/blob/408e44ecfccb96fc6a659f01e4c9e5a05c247d11/application/controllers/Reports.php while Smersh (php) is using Docxtemplater (JS) https://github.com/CMEPW/Smersh/blob/16fe8be4c3f840db41e8650162cfb1e0afd60acf/client/src/app/components/mission-single/mission-single.component.ts and pwndoc (JS) is using Docxtemplater (JS) too https://github.com/pwndoc/pwndoc/blob/6c3ac8d9cd57dbbc17ae2311be955ad925223310/backend/src/routes/template.js and https://github.com/pwndoc/pwndoc/blob/6c3ac8d9cd57dbbc17ae2311be955ad925223310/docs/docxtemplate.md.
While Docxtemplater seems more powerful, it has ended in a freemium open-source model that brings trouble like inserting image tag is only in teh paid version but that is possible to work around it with docxtemplater-image-module (see this discussion pwndoc/pwndoc#13).

Hope it can give you some ideas / examples.

[noraj]

Example for AttackForge: https://youtu.be/xJUEAljK0Zc

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[noraj]

unstale

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.