pentext/xml/source/report.xml

<?xml version="1.0" encoding="UTF-8"?>
<pentest_report xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns:xi="http://www.w3.org/2001/XInclude"
                xmlns:xlink="http://www.w3.org/1999/xlink"
                xmlns:fo="http://www.w3.org/1999/XSL/Format"
                xsi:noNamespaceSchemaLocation="../dtd/pentestreport.xsd"
                xml:lang="en"
                findingCode="XXX">
   <meta>
      <title>Penetration Test Report</title>
      <xi:include href="client_info.xml"/>
      <targets><!--one target element per target-->
         <target>dsfsd</target>
         <target>adfsd</target>
      </targets>
      <collaborators>
         <reviewers>
            <reviewer>FirstName LastName</reviewer>
         </reviewers>
         <approver>
            <name>Melanie Rieback</name>
            <bio>Melanie Rieback is a former Asst. Prof. of Computer Science from the
                            VU, who is also the co-founder/CEO of Radically Open Security.</bio>
         </approver>
         <pentesters>
            <pentester>
               <name>FirstName LastName</name>
               <bio>Info</bio>
            </pentester>
         </pentesters>
      </collaborators>
      <classification>Confidential</classification>
      <version_history><!--needed for date on frontpage and in signature boxes; it is possible to add a new <version> after each review; in that case, make sure to update the date/time-->
         <version number="auto" date="2016-08-25T10:00:00"><!--actual date-time here; you can leave the number attribute alone-->
            <v_author>ROS Writer</v_author>
            <!--name of the author here; for internal use only-->
            <v_description>Initial draft</v_description>
            <!--for internal use only-->
         </version>
      </version_history>
      <xi:include href="snippets/company_info.xml"/>
   </meta>
   <generate_index/>
   <section id="executiveSummary">
      <title>Executive Summary</title>
      <section id="introduction">
         <title>Introduction</title>
         <p>...</p>
         <p>This report contains our findings as well as detailed explanations of exactly
                        how ROS performed the penetration test.</p>
      </section>
      <section id="scope">
         <title>Scope of work</title>
         <p>The scope of the penetration test was limited to the following target:</p>
         <generate_targets/>
      </section>
      <section id="objectives">
         <title>Project objectives</title>
         <p>...</p>
      </section>
      <section id="timeline">
         <title>Timeline</title>
         <p>The Security Audit took place between X and Y, 2016.</p>
      </section>
      <xi:include href="resultsinanutshell.xml"/>
      <section id="findingSummary">
         <title>Summary of Findings</title>
         <generate_findings/>
         <!-- generated from Findings section -->
      </section>
      <section id="recommendationSummary">
         <title>Summary of Recommendations</title>
         <generate_recommendations/>
         <!-- generated from Findings section -->
      </section>
   </section>
   <xi:include href="snippets/report/methodology.xml"/>
   <section id="recon">
      <title>Reconnaissance and Fingerprinting</title>
      <p>Through automated scans we were able to gain the following information about the
                    software and infrastructure. Detailed scan output can be found in the sections
                    below.</p>
      <section id="scans">
         <title>Automated Scans</title>
         <p>As part of our active reconnaissance we used the following automated
                        scans:</p>
         <ul><!--analyze_hosts - https://github.com/PeterMosmans/security-scripts-->
            <li>nmap – <a href="http://nmap.org">http://nmap.org</a>
            </li>
            <!--OWASP Zed Attack Proxy - https://github.com/zaproxy/zaproxy Skipfish – https://code.google.com/p/skipfish/ sqlmap – https://github.com/sqlmapproject/sqlmap testssl.sh –
        https://github.com/drwetter/testssl.sh-->
         </ul>
      </section>
   </section>
   <section id="techSummary">
      <title>Pentest Technical Summary</title>
      <section id="findings">
         <title>Findings</title>
         <p>We have identified the following issues:</p>
         <!-- Listing of Findings (written by pentesters) -->
         <!-- Extreme -->
         <!-- High -->
         <!-- Moderate -->
         <!-- Elevated -->
         <!-- Low -->
      </section>
      <section id="nonFindings">
         <title>Non-Findings</title>
         <p>In this section we list some of the things that were tried but turned out to
                        be dead ends.</p>
      </section>
      <!-- Listing of Non-Findings (written by pentesters) -->
   </section>
   <xi:include href="futurework.xml"/>
   <xi:include href="conclusion.xml"/>
   <appendix id="testteam">
      <title>Testing team</title>
      <generate_testteam/>
   </appendix>
</pentest_report>