A small utility to automate the repetitive tasks that you shouldn’t be wasting time over, which generates a word security report by using a knowledge base(xlsx) which contains a detailed list of vulnerability summary (names, description, remediation steps etc).
Use only 1 version of word to create and use the template, using multiple word versions may generate unknown characters.(ex: creating template using word 2019 and using the autogen with word 2016 installed)
autogen_v2.2.mov
After testing, making a report manually consumes huge amount of time especially when we deal with same set of vulnerabilities found during other engagements.
Due to this, we have automated certain process of report making like title, description, severity, reference, remediation and poc of vulnerabilities and other generic content present in the report.
List of files required to automate the report are explained below.
- poc: Directory containing poc's for all vulnerabilities
- template.docx: A Docx template with all the contents and placeholders
- ptkb.xlsx: Compiled list of vulnerabilities with all the required details
- NOTE: Add the vulnerability details severity wise (From CRITICAL to LOW) in the vuln xlsx file. This way the details are added to the final word report in the given exact order.
- vuln.xlsx: A list of our findings in xlsx format.
- autogen.py: python utility to generate the report according to our template format.
- supports xlsx files generated by ms excel & google sheets.
- multi image support for poc
- caption for each image in poc
- sanitise special characters in ptkb & vuln files
we have made 2 versions based on input type which can be found in releases.
- txt file as input
- csv file as input
- xlsx file as input
NOTE: third version will be used for further developments.
pip install python-docx docxptl pandas openpyxl
- choose the type of input from the release and download the zip file or for latest version do:
git clone https://github.com/ari5ti/pentest-report-generator.git
python autogen.py
- choose the type of input from the release and download the zip file
- update ptkb.xlsx file with the list of vulnerabilities and associate ids to it.
- change template.docx(for older version - master-template.docx and vuln-template.docx) to your report format and add placeholders.
- alter code in (context) if changes have to be made to placeholder
for ex:
In template.docx, if you want to add a placeholder to display document version then add {{ version }}. In autogen.py context, add version placeholder and get value to be rendered from the user input function as shown below.
context = {
'service': service,
'version': ver,
}
def user_input():
global ver
ver = input("Enter document version: ")
- if you do not need to use certain placeholders provide blank input for autogen.py.
Detailed explaination of autogen can be found here: Automating report generation process