report-ng: Web application security assessment reporting tool – Penetration Testing

report-ng – Web application security assessment reporting tool

The idea behind is to speed up the preparation stage of penetration testing and automated scan reports as well as make it more uniform.

Developed with Python 2.7 on Windows. Code does not contain tests, but application itself has proven its value in production use for over two years now.

Download

Demo

Basics

Microsoft Office Word is being used to prepare report templates. HP WebInspect and BurpSuite Pro scan exports might be used as input data for the report as well. XML and Yaml or Json are used interchangeably as input formats. Report in Openxml format is the final product of this application.

Error traceback is on. If you will work with templating and wont stick to the rules presented below, you will very likely encounter it.

GUI Interface

Main application window contains four fields that act as an input (drag & drop is supported):

Template – Word report template

Content – additional data that should be automatically propagated to the report

Scan – HP WebInspect / Burp Suite Pro scan

Knowledge base – knowledge base that could be used to reinforce final report customization

Double click on given text area will popup the content on larger area.

CLI Interface

Command-line support has been added in order to allow bulk generation of report-files. Application currently supports one set of switches:

-t template-file [-c content-file] [-k kb-file] [-s scan-file]
-r report-file

Example use:

python report-ng.py -t examples/example-2-scan-report-template.xml -c examples/example-2-content.yaml -k examples/example-2-kb.yaml -s examples/example-2-scan-export-Burp.xml -r examples/\!.xml

Tutorial

The post report-ng: Web application security assessment reporting tool appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s