Because it worked for me, I figured I’d detail how I went about generating my pentest reports for the PWK exam and labs. I figure if it’s good enough for Offsec, it’s good enough or you!
So, to begin. I started off by taking the provided Offsec template and modifying some of the executive bits. These are fairly common includes in most pentest reports that I’ve read in my career and include things such as:
- Executive Summary
- Information gathered (High level)
This is not an all inclusive list, your results may vary, but this is generally what I find on most pentest reports. With that out of the way, spellchecked, and formatted, I set it aside and move onto the next steps.
Pandoc Is a nifty little (probably big) tool that converts one markup to another! That means we can build ourselves a standard Markdown template for each of our hosts and then convert that Markdown to DOCX and export to PDF for a final report. It can also convert right to PDF with LaTeX, but I have no knowledge of LaTeX and couldn’t get it to run on the PWK Kali VM. I also want to further format the DOCX file and prepend my report template that I modified above.
Here is the standard template I used.
# HOST - IP ## Vulnerabilities - Some vulnerability - [Link Description](http://link to site.com) ## Details Insert some text here about how you exploited it/found it or whatever your style is. ## Impact and Recommendations ##### Vulnerability title - Impact: Text about the impact - Recommendation: How to fix the vulnerability # Proofs ![Image Caption](../img/host-description.png)
The Folder Structure
Great, we have a template to work with and we also have our prepended template data. This next bit is entirely up to you, but I advise that you save your final markdowns into one folder and all your images into a sub folder. Mine looked like this:
Exam-Report - (Markdown Files Here) - img - (Images go here)
Putting It Together
With everything we need, now we just need to do the fun parts…pwn all the things! Each host get’s it’s own folder. Do what you do best and then once you’ve reached that golden end and landed Root/Admin/System on the target take the template and update it. Fill in the relevant details, button up your screenshots and then COPY the file out to the exam report folder. Yes, copy it, don’t take the original with you. This way if you need to update it in the future, you can do so easily.
With all of your files in one folder the final step is:
pandoc -i *.md -o report.docx
And there you go. A shiny new report of all the hosts. All that’s left now is to copy that over to the template you created in the beginning and format to your taste. One thing I like to do is add a page break before every Header 1. For me, this looks cleaner.
I want to automate this more and use some metadata to build better data into the reports. I’m looking at others scripts and building them out to my taste. The idea will be to have a fully automated report, all you will be required to do is fill in some data.