1 minute read

A wise guy in Discord once said “a pentester is good as his report”. I agree.

I’m a big beliver that a good report make all the difference in a good or bad pentest.

So I decided to write a tool to assist the creation of reports.

Make Reports great again is usefull when:

  1. you want to keep your pentest organized and want to use a web interface
  2. you want to keep a score of all your findings
  3. you don’t want to store your notes online (MRGA it’s a local-only webapp - use at production at your own risk)
  4. you want to provide to your client something interactive

It creates a browserable interface for the client project (please don’t use in production!)

screenshots

functions

  1. support markdown
  2. support dataleaks
  3. interactive dashboard
  4. export functions from webui (zip, pdf, csv, etc.)
  5. Table with searchable and sortable found vulnerabilities
  6. Admin panel
  7. User panel
  8. whitelabel reports (use your logo)
  9. multiple project for each user
  10. assign a score on each vulnerability (1/10)
  11. you can add a mitigation for each found vulnerability

personalization

you can navigate on “templates/core” folder and edit everything you like.

For example, on the “project_general_report.html” file you can add your company logo and personalize the CSS.

installation

github repo clone the repo and run ./install.sh and follow the instruction on screen to create the superuser.

Then, launch ./run.sh to start the server on localhost:9000 (again, do not use in production!)

usage

Navigate to http://127.0.0.1:9000/admin/ , login with the user you created before and create your first project.

Then, from the admin panel, you can create entires (vulnerabilities you found) and assign to the projects. Or/and you can create reports, that are basically step by step exploitation reports where you can use markdown.

You can also create addictional, low privileges user that can access only specific projects.

In the next days I will create a more detailed documentation.

usage

next version

  1. automap to CVE database (autoupdate)
  2. automap to MITRE Att&ck framework
  3. add company logo from UI

Categories:

Updated:

You may also enjoy

Bind Shellcode written for x86 in nasm

3 minute read

During SLAE32/SLAE64, I had a lot of fun writing x86 and x64 shellcode in NASM. In this post I will share my code of an x86 bind shell (linux), and some uti...