The idea behind is to speed up the preparation stage of penetration testing and automated scan reports as well as make it more uniform.
Developed with Python 2.7 on Windows. Code does not contain tests, but application itself has proven its value in production use for over two years now.
Microsoft Office Word is being used to prepare report templates. HP WebInspect and BurpSuite Pro scan exports might be used as input data for the report as well. XML and Yaml or Json are used interchangeably as input formats. Report in Openxml format is the final product of this application.
Error traceback is on. If you will work with templating and wont stick to the rules presented below, you will very likely encounter it.
Main application window contains four fields that act as an input (drag & drop is supported):
Template – Word report template
Content – additional data that should be automatically propagated to the report
Scan – HP WebInspect / Burp Suite Pro scan
Knowledge base – knowledge base that could be used to reinforce final report customization
Double click on given text area will popup the content on larger area.
Command-line support has been added in order to allow bulk generation of report-files. Application currently supports one set of switches:
-t template-file [-c content-file] [-k kb-file] [-s scan-file]
python report-ng.py -t examples/example-2-scan-report-template.xml -c examples/example-2-content.yaml -k examples/example-2-kb.yaml -s examples/example-2-scan-export-Burp.xml -r examples/\!.xml
The post report-ng: Web application security assessment reporting tool appeared first on Penetration Testing.