Merge branch 'master' of https://github.com/radicallyopensecurity/pentext

2016-10-04 15:20:04 +02:00 · 2016-10-04 15:20:04 +02:00 · 5a2b15a34b
commit 5a2b15a34b
parent 5e2e87f37e 65ffbccd6f
2 changed files with 65 additions and 1 deletions
--- a/chatops/bash/releaser.sh
+++ b/chatops/bash/releaser.sh
@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+# releaser - renames (and encrypts) pentest reports for release
+#
+# This script is part of the PenText framework
+#                            https://pentext.org
+#
+#    Copyright (C) 2016      Radically Open Security
+#                            https://www.radicallyopensecurity.com
+#
+#                 Author(s): Peter Mosmans
+#                            Marcus Bointon
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+
+
+source=target/report-latest.pdf
+name=$1
+targetdir=target
+type=REP
+version=1.0
+
+if [ -z ${name} ]; then
+    echo "Usage: releaser NAME [version [TYPE]]"
+    echo "Names files TYPE-YYYYMMDD-vVERSION-NAME"
+    echo "Expects source to be ${source}, and the target directory is ${targetdir}"
+    echo "defaults are version=1.0 and TYPE=REP"
+    exit 1
+fi
+
+[ ! -z $2 ] && version=$2
+[ ! -z $3 ] && type=$3
+
+fullname="${targetdir}/${type}-$(date +'%Y%m%d')-v${version}-${name}.pdf"
+if [ -f ${source} ]; then
+    if [ -f ${fullname} ]; then
+        echo "${fullname} already exists. Exiting..."
+        exit 1
+    else
+        cp -v ${source} ${fullname}
+        PASS=$(head -c 25 /dev/random | base64 | head -c 25)
+        zip --password ${PASS} "${fullname}.zip" ${fullname} 2>/dev/null && echo "Zip file encrypted with password '${PASS}'"
+    fi
+else
+    echo "Could not find source ${source}"
+    exit 1
+fi
--- a/xml/templates/pentestreport/finding.xml
+++ b/xml/templates/pentestreport/finding.xml
@ -1,5 +1,19 @@
 <finding id="..." threatLevel="Moderate" type="Information Leak">
-  <!-- Note: threatLevel can be Low, Moderate, Elevated, High or Extreme; type is free text -->
+
+  <!--
+      id needs to be unique across the report, preferably identical to the filename
+      (without extension).
+
+      threatLevel can be Low, Moderate, Elevated, High or Extreme.
+
+      type is the root cause, written in Title Case.
+
+        Examples: Easily Guessable Credentials
+                  Lack Of Application Hardening
+                  Lack Of Webserver Hardening
+                  Missing Patch
+                  Network Design Flaw
+  -->

  <title>Title Case</title>