DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity
pentext/xml/templates/pentestreport/report.xml
skyanth 765ac2aef7 Removing some test content
2019-01-30 15:16:49 +01:00

157 lines
5.1 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<pentest_report xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" findingCode="???" xsi:noNamespaceSchemaLocation="../dtd/pentestreport.xsd" xmlns:xi="http://www.w3.org/2001/XInclude">
<meta>
<title>Penetration Test Report</title>
<xi:include href="client_info.xml"/>
<targets>
<target>Target</target>
</targets>
<collaborators>
<reviewers>
<reviewer>FirstName LastName</reviewer>
</reviewers>
<approver>
<name>Melanie Rieback</name>
<bio>Melanie Rieback is a former Asst. Prof. of Computer Science from the VU,
who is also the co-founder/CEO of Radically Open Security.</bio>
</approver>
<pentesters>
<pentester>
<name>FirstName LastName</name>
<bio>Info</bio>
<!--
or, include it as separate segment:
<xi:include href="snippets/bios/FirstName.LastName.xml"/>
-->
</pentester>
</pentesters>
</collaborators>
<classification>Confidential</classification>
<version_history>
<version date="2016-01-01T00:00:00" number="auto">
<v_author>YourName</v_author>
<v_description>Initial draft</v_description>
</version>
</version_history>
<xi:include href="snippets/company_info.xml"/>
</meta>
<generate_index/>
<section id="executiveSummary">
<title>Executive Summary</title>
<section id="introduction">
<title>Introduction</title>
<p>...</p>
<p>This report contains our findings as well as detailed explanations
of exactly how ROS performed the penetration test.</p>
</section>
<section id="scope">
<title>Scope of work</title>
<p>The scope of the penetration test was limited to the following
target:</p>
<generate_targets/>
</section>
<section id="objectives">
<title>Project objectives</title>
<p>...</p>
</section>
<section id="timeline">
<title>Timeline</title>
<p>The Security Audit took place between X and Y, 2016.</p>
</section>
<xi:include href="resultsinanutshell.xml"/>
<section id="findingSummary">
<title>Summary of Findings</title>
<generate_findings/>
<!-- generated from Findings section -->
</section>
<section id="recommendationSummary">
<title>Summary of Recommendations</title>
<generate_recommendations/>
<!-- generated from Findings section -->
</section>
</section>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="snippets/report/methodology.xml"/>
<section id="recon" break="before">
<title>Reconnaissance and Fingerprinting</title>
<p>Through automated scans we were able to gain the following information about the
software and infrastructure. Detailed scan output can be found in the sections
below.</p>
<table border="1">
<tr><th>Fingerprinted Information</th></tr>
<tr>
<td>
<!--
<b>sitename</b><br/>
Port 80: HTTP<br/>
Port 443: SSL/TLS<br/>
DumboService 1.3.3.7<br/>
-->
</td>
</tr>
</table>
<section id="scans">
<title>Automated Scans</title>
<p>As part of our active reconnaissance we used the following automated scans:</p>
<ul>
<!--
<li>analyze_hosts - <a
href="https://github.com/PeterMosmans/security-scripts">https://github.com/PeterMosmans/security-scripts</a></li>
<li>nikto <a href="https://github.com/sullo/nikto">https://github.com/sullo/nikto</a></li>
-->
<li>nmap <a href="http://nmap.org">http://nmap.org</a></li>
<!--
<li>OWASP Zed Attack Proxy - <a href="https://github.com/zaproxy/zaproxy">https://github.com/zaproxy/zaproxy</a></li>
<li>Skipfish <a href="https://code.google.com/p/skipfish/">https://code.google.com/p/skipfish/</a></li>
<li>sqlmap <a href="https://github.com/sqlmapproject/sqlmap">https://github.com/sqlmapproject/sqlmap</a></li>
<li>testssl.sh
<a href="https://github.com/drwetter/testssl.sh">https://github.com/drwetter/testssl.sh</a></li>
-->
</ul>
</section>
</section>
<section id="techSummary" break="before">
<title>Pentest Technical Summary</title>
<section id="findings">
<title>Findings</title>
<p>We have identified the following issues:</p>
<!-- Listing of Findings (written by pentesters) -->
<!-- Extreme -->
<!-- High -->
<!-- Elevated -->
<!-- Moderate -->
<!-- Low -->
<!--
<xi:include href="../findings/my-finding.xml"/>
-->
</section>
<section id="nonFindings">
<title>Non-Findings</title>
<p>In this section we list some of the things that were tried but turned
out to be dead ends.</p>
</section>
<!-- Listing of Non-Findings (written by pentesters) -->
</section>
<xi:include href="futurework.xml"/>
<xi:include href="conclusion.xml"/>
<appendix id="testteam">
<title>Testing team</title>
<generate_testteam/>
</appendix>
</pentest_report>
View Git Blame Copy Permalink