Pentest report writing in 5 minutes (Defcamp 2018 talk)
Nov 12, 2018 • Adrian Furtuna
Tired of writing pentest reports? Let’s automate this and let you get back to hacking! Slides included.
Last Friday we had the pleasure to to participate at Defcamp 2018 - the biggest security conference in Central Eastern Europe.
Besides having an exhibition booth there and talking to a lot of interesting people, we also gave a talk about our newest feature: the Pentest Report Generator.
The idea is to decrease the time (and friction) spent with report writing and forget about formatting, executive summaries, introductions and other details. This feature tries to cover as much as possible of this effort in order to leave the pentester focus on the interesting stuff.
The report generator is based on another new feature that we have added: Findings. This is a new view in the application which contains the aggregated results of all the scans from the current workspace. Having this aggregation, you can now select which findings you want to include in the report and press the button Generate Report.
You will obtain an editable report (.docx for Microsoft Word) that is well formatted and ready to be shipped to your client.
You also have the option to manually add findings obtained from outside the platform (other scanners or manually) so you are not bound to our scanners’ results.
When adding manual findings, you can take advantage of the Finding Templates feature, where you can have predefined findings with standard descriptions, risks and recommendations. We will have a separate blog post dedicated to report writing and we will detail these features.
Our awesome team
In the end of this short blog post, here is the Pentest-Tools.com team (at our Defcamp booth) which makes all the magic happen.
Here are the slides from our talk at Defcamp 2018. We will update this blog post with the video of the presentation when it will be available.
Feel free to try our report generation tool (beta version) and send us feedback!
- BlueKeep, the Microsoft RDP vulnerability – What we know so far
- Exploiting Magento SQL Injection with Sqlmap
- How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com
- Analysis of a WordPress Remote Code Execution Attack
- Common SQL Injection Attacks
- Exploiting OGNL Injection in Apache Struts
- Inside Nmap, the world’s most famous port scanner
- Pentest report writing in 5 minutes (Defcamp 2018 talk)
- Essential HTTP Headers for Securing Your Web Server
- 5 Practical Scenarios for XSS Attacks
- All posts ...