Shulou(Shulou.com)05/31 Report--

This article is to share with you about how to use WriteHat to generate penetration test report, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

About WriteHat

WriteHat is a powerful penetration test report tool, with the help of this tool, the majority of researchers can easily generate penetration test reports, and no longer have to spend a lot of time on text editing tools such as Microsoft Word. Everything from Markdown to HTML to PDF. This tool is developed by penetration testers and is designed for penetration testers, but we can also use it to generate any type of report. The tool is developed based on Python 3 and driven by Django.

Function introduction

Easily generate a beautiful penetration test report

Dynamic drag-and-drop report generator

Markdown support, including code blocks and icons, etc.

Clip, comment, title and upload image support

Report background / footer can be customized

Assign operators and tracking status to each report section

Ability to clone and template reports

Search results database

Multiple scoring types are supported (CVSS 3.1 dared)

Multiple reports can be easily generated from the same set of analysis results

The extensible design enables advanced users to create highly customized report sections

LDAP integration

Installation requirements

The use of this tool requires the local host to install Docker and Docker Compose. We can use tools such as apt, pacman, and dnf to install dependent components:

$sudo apt install docker.io docker-compose deployment WriteHat method 1 (for testing only)

WriteHat can easily complete the deployment installation using the following one-line command:

$git clone https://github.com/blacklanternsecurity/writehat & & cd writehat & & docker-compose up

Next, access to https://127.0.0.1 in the browser to use WriteHat, the default user name and password is "admin / PLEASECHANGETHISFORHEA*VENSSAKE".

Method two

First, we still need to install Docker and Docker Compose. Next, clone the project source code locally using the following command in the / opt directory:

$cd / opt$ git clone https://github.com/blacklanternsecurity/writehat$ cd writehat

Next, create a security password in the writehat/config/writehat.conf file that will be used to:

MongoDB

MySQL

Django

Administrator user

Add our target hostname and set it in the allowed_hosts field in the writehat/config/writehat.conf file.

When the setup is complete, replace the self-signed SSL certificate in nginx/:

Writehat.crtwritehat.key

We can now test whether the tool is configured correctly using the following command:

$docker-compose up-build

Note that if you use VPN, you need to disconnect the VPN before using docker-compose to run the service for the first time to ensure that Docker can create the virtual network correctly.

Now we need to install and activate the Systemd service, and after configuration, WriteHat will run automatically when the device starts:

$sudo cp writehat/config/writehat.service / etc/systemd/system/$ sudo systemctl enable writehat-- now

We can use the following command to track the service log:

$sudo journalctl-xefu writehat.service

For the creation of users, we need to log in to https://127.0.0.1/admin with the administrator credentials defined in writehat/config/writehat.conf, because some operations can only be performed by administrators, such as database backup and so on:

# Enter the app container$ docker-compose exec writehat bash # Promote the user and exit$. / manage.py ldap_promote $exit how to write custom report components

Each report component consists of the following:

1. Python file in writehat/components/

2. HTML template in writehat/templates/componentTemplates/

3. CSS file in writehat/static/css/component/

We recommend that you directly refer to the existing files in these directories. If you want to customize the development, please refer to the following examples.

Components/CustomComponent.pyfrom .base import * class CustomComponentForm (ComponentForm): summary = forms.CharField (label='Component Text', widget=forms.Textarea, max_length=50000, required=False) field_order = ['name',' summary', 'pageBreakBefore' 'showTitle'] class Component (BaseComponent): default_name =' Custom Report Component' formClass = CustomComponentForm # the "templatable" attribute decides whether or not that field # gets sa*ved if the report is ever converted into a template fieldList = {'summary': StringField (markdown=True, templatable=True) } # make sure to specify the HTML template htmlTemplate = 'componentTemplates/CustomComponent.html' # Font Awesome icon type + color (HTML/CSS) # This is just eye candy in the web app iconType =' fas fa-stream' iconColor = 'var (--blue)' # the "preprocess" function is executed when the report is rendered # use this to perform any last-minute operations on its data def preprocess (self, context): # for example To uppercase the entire "summary" field: # context ['summary'] = context [' summary'] .upper () return contextcomponentTemplates/CustomComponent.html {% load custom_tags%} {% include 'componentTemplates/Heading.html'%}

{% markdown summary%}

ComponentTemplates/CustomComponent.cssdiv.custom-component-summary {font-weight: bold;}

After the configuration is complete, don't forget to restart the WriteHat service using the following command:

The above $docker-compose restart writehat is how to use WriteHat to generate penetration test reports. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.