DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

implemented pentest report --> retest quote

Browse Source
This commit is contained in:
skyanth 2016-09-16 20:21:39 +02:00
parent be5d69942c
commit cffb6a0789
11 changed files with 254 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
xml/dtd/common.xsd
View File

@ -105,6 +105,29 @@
</xs:complexType>
</xs:element>
<xs:element name="permission_parties">
<xs:complexType>
<xs:sequence>
<xs:element maxOccurs="1" ref="client"/>
<xs:element maxOccurs="unbounded" minOccurs="0" ref="party"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="party">
<xs:complexType>
<xs:sequence>
<xs:element ref="full_name"/>
<xs:element ref="short_name"/>
<xs:element ref="waiver_rep"/>
<xs:element ref="address"/>
<xs:element ref="city"/>
<xs:element ref="country"/>
<xs:element minOccurs="0" ref="coc"/>
</xs:sequence>
<xs:attribute name="id" type="xs:ID"/>
</xs:complexType>
</xs:element>
<xs:element name="invoice_rep" type="xs:string"/>
<xs:element name="invoice_mail" type="emailAddress"/>

23
xml/dtd/offerte.xsd
View File

@ -39,29 +39,6 @@
<xs:element name="offered_service_short" type="xs:string"/>
<xs:element name="permission_parties">
<xs:complexType>
<xs:sequence>
<xs:element maxOccurs="1" ref="client"/>
<xs:element maxOccurs="unbounded" minOccurs="0" ref="party"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="party">
<xs:complexType>
<xs:sequence>
<xs:element ref="full_name"/>
<xs:element ref="short_name"/>
<xs:element ref="waiver_rep"/>
<xs:element ref="address"/>
<xs:element ref="city"/>
<xs:element ref="country"/>
<xs:element minOccurs="0" ref="coc"/>
</xs:sequence>
<xs:attribute name="id" type="xs:ID"/>
</xs:complexType>
</xs:element>
<xs:element name="pentestinfo">
<xs:complexType>

2
xml/dtd/pentestreport.xsd
View File

@ -33,9 +33,9 @@
<xs:complexType>
<xs:sequence>
<xs:element ref="title"/>
<xs:element ref="client"/>
<xs:element ref="targets"/>
<xs:element ref="pentestinfo" minOccurs="0"/>
<xs:element ref="permission_parties"/>
<xs:element ref="collaborators"/>
<xs:element ref="classification"/>
<xs:element ref="version_history"/>

10
xml/source/snippets/localisationstrings.xml
View File

@ -9,7 +9,7 @@
<!-- THIS you can change/expand! -->
<string id="coverpage_offer">
<translation xml:lang="nl">OFFERTE</translation>
<translation xml:lang="en">OFFER</translation>
<translation xml:lang="en">QUOTE</translation>
</string>
<string id="coverpage_service_pentest">
<translation xml:lang="nl">penetratietestdiensten</translation>
@ -19,6 +19,14 @@
<translation xml:lang="nl">penetratietest</translation>
<translation xml:lang="en">penetration test</translation>
</string>
<string id="coverpage_service_retest">
<translation xml:lang="nl">penetratietestdiensten</translation>
<translation xml:lang="en">penetration retesting services</translation>
</string>
<string id="coverpage_service_retest_short">
<translation xml:lang="nl">hertest</translation>
<translation xml:lang="en">retest</translation>
</string>
<string id="coverpage_service_basic-scan">
<translation xml:lang="nl">basis-securityscandiensten</translation>
<translation xml:lang="en">basic security scan services</translation>

10
xml/source/snippets/offerte/en/introandscope_retest.xml Normal file
View File

@ -0,0 +1,10 @@
<section xmlns:xi="http://www.w3.org/2001/XInclude">
<title>Introduction</title>
<p><client_long/> (hereafter “<b><client_short/></b>”), with its registered office
at <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
(hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
Motivation for this request is that <client_short/> recently had penetration test done by <company_short/> and wishes to test if the vulnerabilities have been mitigated.</p>
<p>This offer sets out the scope of the work and the terms and conditions under
which <company_short/> will perform these services.</p>
</section>

27
xml/source/snippets/offerte/en/projectoverview_retest.xml Normal file
View File

@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?>
<section>
<title>Project Overview</title><!-- section with an overview of ROS activities -->
<!-- snippet --><p><company_short/> will perform <company_svc_long/>
for <client_short/> as a follow-up on the previous test in <b>XXXXXXXXXX TODO XXXXXXXXXX (timeframe of previous pentest)</b>. The services are intended to see if the previously discovered exploits are patched correctly. To do so, <company_short/> will access the systems again and test the findings from the previous penetration test (the “<b>Targets</b>”).</p>
<!-- snippet --><p><company_short/> will test using both publicly available vulnerability scanning tools and manual testing. <company_short/> shall perform a <p_duration/>-day, <p_boxtype/> follow-up penetration test via the internet.</p>
<!-- snippet --> <!--Not Needed if Disclaimer is Included; Duplicate Text-->
<!--p>It is possible that in the course of the penetration
testing, <company_short/> might hinder the operations of the Targets or
cause damage to the Targets. <client_short/> gives permission for this, to
the extent that <company_short/> does not act negligently or
recklessly. <client_short/> also warrants it has the authority to give such
permission.</p-->
<!-- snippet --><!--Not Needed if Disclaimer is Included; Duplicate Text-->
<!--p>It is important to understand the limits of
<company_short/>'s services. <company_short/> does not (and cannot)
give guarantees that something is secure. <company_short/> instead has
an obligation to make reasonable efforts (in Dutch:
<i>inspanningsverplichting</i>”) to perform the agreed services.</p-->
<!--REMOVE commented-out text above if not including Disclaimer-->
</section>

16
xml/source/snippets/snippetselection.xml
View File

@ -24,6 +24,22 @@
<snippet>waiver</snippet>
</snippet_group>
</selection>
<selection subtype="retest">
<snippet_group set="group1">
<snippet>introandscope_retest</snippet>
<snippet>projectoverview_retest</snippet>
<snippet>prerequisites</snippet>
<snippet>disclaimer</snippet>
<snippet>methodology</snippet>
<snippet>teamandreporting</snippet>
<snippet>planningandpayment</snippet>
<snippet>aboutus</snippet>
<snippet>conditions</snippet>
<snippet>generaltermsandconditions</snippet>
<snippet>waiver</snippet>
</snippet_group>
</selection>
<selection subtype="basic-scan">
<snippet_group set="group1">

2
xml/xslt/meta.xslt
View File

@ -25,7 +25,7 @@
<xsl:text>for</xsl:text>
</fo:block>
<fo:block xsl:use-attribute-sets="title-client">
<xsl:value-of select="client/full_name"/>
<xsl:value-of select="//client/full_name"/>
</fo:block>
<fo:block break-after="page">
<fo:table width="100%" table-layout="fixed">

23
xml/xslt/off2rep.xsl
View File

@ -13,9 +13,6 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" findingCode="???">
<meta>
<title>Penetration Test Report</title>
<xsl:element name="xi:include">
<xsl:attribute name="href">client_info.xml</xsl:attribute>
</xsl:element>
<targets>
<xsl:comment>one target element per target</xsl:comment>
<xsl:for-each select="/*/meta/targets/target">
@ -24,6 +21,26 @@
</xsl:copy>
</xsl:for-each>
</targets>
<pentestinfo>
<xsl:for-each select="/offerte/meta/pentestinfo/*">
<xsl:if test="not(self::fee)">
<xsl:copy>
<xsl:copy-of select="node()"/>
</xsl:copy>
</xsl:if>
</xsl:for-each>
</pentestinfo>
<permission_parties>
<xsl:element name="xi:include">
<xsl:attribute name="href">client_info.xml</xsl:attribute>
</xsl:element>
<xsl:for-each select="/offerte/meta/permission_parties/party">
<xsl:copy>
<xsl:copy-of select="node()"/>
</xsl:copy>
</xsl:for-each>
</permission_parties>
<collaborators>
<reviewers>
<reviewer>FirstName LastName</reviewer>

8
xml/xslt/placeholders.xslt
View File

@ -36,25 +36,25 @@
</xsl:template>
<xsl:template match="client_legal_rep">
<xsl:param name="placeholderElement"
select="/offerte/meta/permission_parties/client/legal_rep"/>
select="/*/meta//client/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_waiver_rep">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/waiver_rep"/>
<xsl:param name="placeholderElement" select="/*/meta//client/waiver_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_poc1">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/poc1"/>
<xsl:param name="placeholderElement" select="/*/meta//client/poc1"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_coc">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/coc"/>
<xsl:param name="placeholderElement" select="/*/meta//client/coc"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>

143
xml/xslt/rep2off.xsl Normal file
View File

@ -0,0 +1,143 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format" exclude-result-prefixes="xs" version="2.0">
<xsl:import href="localisation.xslt"/>
<xsl:import href="snippets.xslt"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
<xsl:variable name="lang" select="/pentest_report/@xml:lang"/>
<xsl:param name="snippetBase" select="'offerte'"/>
<xsl:variable name="snippetSelectionRoot"
select="document('../source/snippets/snippetselection.xml')/snippet_selection/document[@type = $docType]"/>
<xsl:variable name="docType" select="'offerte'"/>
<xsl:variable name="docSubType" select="'retest'"/>
<!-- ROOT -->
<xsl:template match="/">
<offerte xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../dtd/offerte.xsd"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xsl:attribute name="xml:lang">
<xsl:value-of select="$lang"/>
</xsl:attribute>
<xsl:comment>document meta information; to be filled in by the offerte writer</xsl:comment>
<meta>
<offered_service_long>
<xsl:call-template name="getString">
<xsl:with-param name="stringID"
select="concat('coverpage_service_', $docSubType)"
/>
</xsl:call-template>
</offered_service_long>
<xsl:comment>if there is a shorter way of saying the same thing, you can type it here (it makes for more dynamic offerte text). If not, just repeat the long name.</xsl:comment>
<offered_service_short>
<xsl:call-template name="getString">
<xsl:with-param name="stringID"
select="concat('coverpage_service_', $docSubType, '_short')"
/>
</xsl:call-template>
</offered_service_short>
<xsl:element name="xi:include">
<xsl:attribute name="href">snippets/company_info.xml</xsl:attribute>
</xsl:element>
<targets>
<!-- copy targets from quickscope -->
<xsl:comment>one target element per target</xsl:comment>
<xsl:for-each select="/*/meta/targets/target">
<xsl:copy>
<xsl:copy-of select="node()"/>
</xsl:copy>
</xsl:for-each>
</targets>
<permission_parties>
<!-- copy permission parties from quickscope -->
<xsl:element name="xi:include">
<xsl:attribute name="href">client_info.xml</xsl:attribute>
</xsl:element>
<xsl:for-each select="/*/third_party"><!-- TODO add to report -->
<party>
<xsl:copy-of select="node()"/>
</party>
</xsl:for-each>
</permission_parties>
<pentestinfo>
<!-- copy various variables from quickscope -->
<duration>2</duration>
<xsl:comment>duration of pentest, in working days</xsl:comment>
<test_planning>
<xsl:choose>
<xsl:when test="/*/pentest_info/test_planning"><xsl:value-of select="/*/pentest_info/test_planning"/></xsl:when>
<xsl:otherwise>TBD</xsl:otherwise>
</xsl:choose>
</test_planning>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2015</xsl:comment>
<report_due>
<xsl:choose>
<xsl:when test="/*/pentest_info/report_due"><xsl:value-of select="/*/pentest_info/report_due"/></xsl:when>
<xsl:otherwise>TBD</xsl:otherwise>
</xsl:choose>
</report_due>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2015</xsl:comment>
<nature>
<xsl:choose>
<xsl:when test="/*/pentest_info/nature"><xsl:value-of select="/*/pentest_info/nature"/></xsl:when>
<xsl:otherwise>???</xsl:otherwise>
</xsl:choose>
</nature>
<type>
<xsl:choose>
<xsl:when test="/*/pentest_info/type"><xsl:value-of select="/*/pentest_info/type"/></xsl:when>
<xsl:otherwise>???-box</xsl:otherwise>
</xsl:choose>
</type>
<xsl:comment>please choose one of the following: black-box, grey-box, crystal-box</xsl:comment>
<fee denomination="eur">???</fee>
<xsl:comment>(eur|usd|gbp)</xsl:comment>
<xsl:if test="*/pentest_info/target_application">
<target_application>
<xsl:value-of select="/*/pentest_info/target_application"/>
</target_application>
</xsl:if>
</pentestinfo>
<version_history>
<xsl:comment>needed for date on frontpage and in signature boxes; it is possible to add a new &lt;version> after each review; in that case, make sure to update the date/time</xsl:comment>
<version number="auto">
<xsl:attribute name="date"><xsl:value-of
select="format-date(current-date(), '[Y]-[M,2]-[D,2]', 'en', (), ())"
/>T10:00:00</xsl:attribute>
<xsl:comment>actual date-time here; you can leave the number attribute alone</xsl:comment>
<v_author>ROS Writer</v_author>
<xsl:comment>name of the author here; for internal use only</xsl:comment>
<v_description>Initial draft</v_description>
<xsl:comment>for internal use only</xsl:comment>
</version>
</version_history>
</meta>
<xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'group1']/snippet">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNameBase" select="."/>
<xsl:with-param name="snippetDirectory" select="$snippetBase"/>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:for-each>
</offerte>
</xsl:template>
</xsl:stylesheet>