PeTeReport Application Vulnerability Reporting Tool

PeTeReport: Application Vulnerability Reporting Tool

PeTeReport (PenTest Report) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports.

PeTeReport user interface
PeTeReport user interface

Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase.

PeTeReport (PenTest Report) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).

Features

PeTeReport architecture
PeTeReport architecture
  • Customizable reports output
  • Customizable reports templates
  • Findings template database
  • Possibility to add appendix to findings
  • Possibility to add attack trees Deciduous to findings
  • HTML Output format
  • CSV Output format
  • PDF Output format
  • Jupyter Notebook Output format
  • Markdown Output format
  • CVSS 3.1 Score
  • Docker installation
  • DefectDojo integration
  • User management

TODO

"
"
  • More Output formats
  • API

Installation and deployment

Docker

Environment

$ sudo apt install docker.io docker-compose

Deployment

  • Clone repository
$ cd /opt
$ git clone https://github.com/1modm/petereport
$ cd petereport
  • Customize reports and configuration in app/config/petereport_config.py
  • Build environment
$ docker-compose up --build
  • Go to https://127.0.0.1/
  • Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file
  • Try harder
  • Create a report

Django

Prerequisites

PeTeReport requires Python ≥ 3.8. Recommended installation requires pip. As a base requirement, the following packages are needed:

  • Ubuntu/Debian
$ sudo apt-get install python3-pip python3-venv build-essential
  • OpenSuse:
 $ sudo zypper install python3-devel gcc
  • CentOS:
$ sudo yum install python3-devel gcc

Environment

It is strongly recommended to set up the installation in a virtual environment (Pipenv):

Pipenv

  • Linux: $ sudo apt-get install pipenv
  • pip: $ python3 -m pip install pipenv
  • MAC: $ brew install pipenv

Dependencies

Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh

"
"

For more details, read the documentation

Demo

  • Demo here: admin/P3t3r3p0rt
PeTeReport Demo
PeTeReport Demo

Sample Reports

Dark Mode

petereport (this link opens in a new window) by 1modm (this link opens in a new window)

PeTeReport is an open-source application vulnerability reporting tool.