diff --git a/CHANGELOG.md b/CHANGELOG.md index 52c3b6a..48e45d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,4 +31,3 @@ Changelog ## Version 0.1 * [#64f78b2](https://github.com/1modm/petereport/commit/64f78b2edf504638ee619428dd4e2a54aeb9aaab) First commit - diff --git a/docs/django/index.html b/docs/django/index.html index 7e25511..c0de4a0 100644 --- a/docs/django/index.html +++ b/docs/django/index.html @@ -204,7 +204,7 @@

Start the server

  1. Run the virtual environment: pipenv shell
  2. Go to Django PeTeReport App: cd app/
    3. -
  3. Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000
    4. +
  4. Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure
  5. Go to http://127.0.0.1:8000/
  6. Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file
  7. Try harder
    8. @@ -219,7 +219,7 @@

    Upgrade PeTeReport

  8. Run the virtual environment: pipenv shell
  9. Make the latest database changes: python manage.py makemigrations
  10. Make the latest database changes: python manage.py migrate
    11. -
  11. Start the server: python manage.py runserver
    12. +
  12. Start the server: python manage.py runserver --insecure
  13. Try harder again

Clean PeTeReport

@@ -230,14 +230,14 @@

Clean PeTeReport

  • Run cleaner: python clean.py
  • Make the latest database changes: python manage.py makemigrations
  • Make the latest database changes: python manage.py migrate
    • -
  • Start the server: python manage.py runserver
    • +
  • Start the server: python manage.py runserver --insecure
  • Try harder again

    • Configuration

    1. Stop the server if it's running: Ctrl + C
    2. Customize reports and configuration in app/config/petereport_config.py
      3. -
    3. Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000
      4. +
    4. Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure
    diff --git a/docs/reports/index.html b/docs/reports/index.html index b031ee7..694abcc 100644 --- a/docs/reports/index.html +++ b/docs/reports/index.html @@ -74,6 +74,8 @@
  • Report Details
    • +
  • Template Customization +
  • Findings @@ -141,6 +143,8 @@

    Create new reports

    Create Report

    Report Details

    Report

    +

    Template Customization

    +

    It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.

    diff --git a/docs/search/search_index.json b/docs/search/search_index.json index 5c4981b..23c97e7 100644 --- a/docs/search/search_index.json +++ b/docs/search/search_index.json @@ -1 +1 @@ -{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"PeTeReport PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown). Pentesting content management and reporting tool Architecture Features Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add attack trees Deciduous to findings HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management Sample Reports PDF Sample HTML Sample MD Sample CSV Sample","title":"PeTeReport"},{"location":"#petereport","text":"PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).","title":"PeTeReport"},{"location":"#architecture","text":"","title":"Architecture"},{"location":"#features","text":"Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add attack trees Deciduous to findings HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management","title":"Features"},{"location":"#sample-reports","text":"PDF Sample HTML Sample MD Sample CSV Sample","title":"Sample Reports"},{"location":"appendix/","text":"Appendix The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description List of Appendix Add Appendix","title":"Appendix"},{"location":"appendix/#appendix","text":"The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description","title":"Appendix"},{"location":"appendix/#list-of-appendix","text":"","title":"List of Appendix"},{"location":"appendix/#add-appendix","text":"","title":"Add Appendix"},{"location":"attacktree/","text":"Attack Trees The Security decision trees module facilitate the management of attack path that can be linked to a finding. An attack trees is defined by: Finding Attack Tree Title Attack Tree Definition The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees as described in the Security Chaos Engineering report: Deciduous So all the credits to @swagitda . How to / getting started guide: https://swagitda.com/blog/posts/deciduous-attack-tree-app/ Also if needed to attach an Attack Path Planner I recommend you to take a look into: Walter: Attack Path Planner List of Attack Trees Add Attack Tree","title":"Attack tree"},{"location":"attacktree/#attack-trees","text":"The Security decision trees module facilitate the management of attack path that can be linked to a finding. An attack trees is defined by: Finding Attack Tree Title Attack Tree Definition The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees as described in the Security Chaos Engineering report: Deciduous So all the credits to @swagitda . How to / getting started guide: https://swagitda.com/blog/posts/deciduous-attack-tree-app/ Also if needed to attach an Attack Path Planner I recommend you to take a look into: Walter: Attack Path Planner","title":"Attack Trees"},{"location":"attacktree/#list-of-attack-trees","text":"","title":"List of Attack Trees"},{"location":"attacktree/#add-attack-tree","text":"","title":"Add Attack Tree"},{"location":"default_creds/","text":"Administrator: admin/P3t3r3p0rt Viewer: viewer/v13w3r","title":"Default Credentials"},{"location":"django/","text":"Django installation Prerequisites PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: $ sudo apt-get install python3-pip python3-venv build-essential OpenSuse: $ sudo zypper install python3-devel gcc CentOS: $ sudo yum install python3-devel gcc Environment It is strongly recommended to set up the installation in a virtual environment (Pipenv) : Pipenv Linux: $ sudo apt-get install pipenv pip: $ python3 -m pip install pipenv MAC: $ brew install pipenv Dependencies Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh Latex Linux: $ sudo apt-get install texlive-full Mac: $ brew remove basictex $ brew cask install mactex Pandoc Linux: $ sudo apt-get install pandoc $ sudo apt-get install python3-pypandoc Mac: $ brew install pandoc $ brew install pandoc-citeproc Eisvogel $ python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates PeTeReport Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json Start the server Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000 Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C Upgrade PeTeReport Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver Try harder again Clean PeTeReport Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver Try harder again Configuration Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000","title":"Django"},{"location":"django/#django-installation","text":"","title":"Django installation"},{"location":"django/#prerequisites","text":"PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: $ sudo apt-get install python3-pip python3-venv build-essential OpenSuse: $ sudo zypper install python3-devel gcc CentOS: $ sudo yum install python3-devel gcc","title":"Prerequisites"},{"location":"django/#environment","text":"It is strongly recommended to set up the installation in a virtual environment (Pipenv) :","title":"Environment"},{"location":"django/#pipenv","text":"Linux: $ sudo apt-get install pipenv pip: $ python3 -m pip install pipenv MAC: $ brew install pipenv","title":"Pipenv"},{"location":"django/#dependencies","text":"Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh","title":"Dependencies"},{"location":"django/#latex","text":"Linux: $ sudo apt-get install texlive-full Mac: $ brew remove basictex $ brew cask install mactex","title":"Latex"},{"location":"django/#pandoc","text":"Linux: $ sudo apt-get install pandoc $ sudo apt-get install python3-pypandoc Mac: $ brew install pandoc $ brew install pandoc-citeproc","title":"Pandoc"},{"location":"django/#eisvogel","text":"$ python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates","title":"Eisvogel"},{"location":"django/#petereport","text":"Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json","title":"PeTeReport"},{"location":"django/#start-the-server","text":"Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000 Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C","title":"Start the server"},{"location":"django/#upgrade-petereport","text":"Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver Try harder again","title":"Upgrade PeTeReport"},{"location":"django/#clean-petereport","text":"Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver Try harder again","title":"Clean PeTeReport"},{"location":"django/#configuration","text":"Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver or python manage.py runserver 0.0.0.0:8000","title":"Configuration"},{"location":"docker/","text":"Docker Environment $ sudo apt install docker.io docker-compose Deployment Clone repository $ cd /opt $ git clone https://github.com/1modm/petereport $ cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment $ docker-compose up --build Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Docker"},{"location":"docker/#docker","text":"","title":"Docker"},{"location":"docker/#environment","text":"$ sudo apt install docker.io docker-compose","title":"Environment"},{"location":"docker/#deployment","text":"Clone repository $ cd /opt $ git clone https://github.com/1modm/petereport $ cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment $ docker-compose up --build Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Deployment"},{"location":"findings/","text":"Findings The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path List of findings Create new findings Add Finding from Templates Can be added findings to a report from the template list previously created. Import Findings from DefectDojo We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key } Import Findings from CSV Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" CWE List When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"Findings"},{"location":"findings/#findings","text":"The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path","title":"Findings"},{"location":"findings/#list-of-findings","text":"","title":"List of findings"},{"location":"findings/#create-new-findings","text":"","title":"Create new findings"},{"location":"findings/#add-finding-from-templates","text":"Can be added findings to a report from the template list previously created.","title":"Add Finding from Templates"},{"location":"findings/#import-findings-from-defectdojo","text":"We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key }","title":"Import Findings from DefectDojo"},{"location":"findings/#import-findings-from-csv","text":"Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\"","title":"Import Findings from CSV"},{"location":"findings/#cwe-list","text":"When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"CWE List"},{"location":"products/","text":"Products The products module facilitate the management of products. A product is defined by: Product Name Product Description List of products Create new products","title":"Products"},{"location":"products/#products","text":"The products module facilitate the management of products. A product is defined by: Product Name Product Description","title":"Products"},{"location":"products/#list-of-products","text":"","title":"List of products"},{"location":"products/#create-new-products","text":"","title":"Create new products"},{"location":"reports/","text":"Reports The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date List of Reports Create new reports Report Details","title":"Reports"},{"location":"reports/#reports","text":"The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date","title":"Reports"},{"location":"reports/#list-of-reports","text":"","title":"List of Reports"},{"location":"reports/#create-new-reports","text":"","title":"Create new reports"},{"location":"reports/#report-details","text":"","title":"Report Details"},{"location":"users/","text":"User management The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view List of users and roles Create new users","title":"User management"},{"location":"users/#user-management","text":"The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view","title":"User management"},{"location":"users/#list-of-users-and-roles","text":"","title":"List of users and roles"},{"location":"users/#create-new-users","text":"","title":"Create new users"}]} \ No newline at end of file +{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"PeTeReport PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown). Pentesting content management and reporting tool Architecture Features Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add attack trees Deciduous to findings HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management Sample Reports PDF Sample HTML Sample MD Sample CSV Sample","title":"PeTeReport"},{"location":"#petereport","text":"PeTeReport ( Pe n Te st Report ) is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detailed findings, appendix, attack paths and manage a finding template database to avoid wasting time spent in the reporting phase. PeTeReport ( Pe n Te st Report ) is written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate reports in different formats (HTML, CSV, PDF, Jupyter and Markdown).","title":"PeTeReport"},{"location":"#architecture","text":"","title":"Architecture"},{"location":"#features","text":"Customizable reports output Customizable reports templates Findings template database Possibility to add appendix to findings Possibility to add attack trees Deciduous to findings HTML Output format CSV Output format PDF Output format Jupyter Notebook Output format Markdown Output format CVSS 3.1 Score Docker installation DefectDojo integration User management","title":"Features"},{"location":"#sample-reports","text":"PDF Sample HTML Sample MD Sample CSV Sample","title":"Sample Reports"},{"location":"appendix/","text":"Appendix The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description List of Appendix Add Appendix","title":"Appendix"},{"location":"appendix/#appendix","text":"The appendix module facilitate the management of appendix that can be linked to a finding. An appendix is defined by: Finding Appendix Title Appendix Description","title":"Appendix"},{"location":"appendix/#list-of-appendix","text":"","title":"List of Appendix"},{"location":"appendix/#add-appendix","text":"","title":"Add Appendix"},{"location":"attacktree/","text":"Attack Trees The Security decision trees module facilitate the management of attack path that can be linked to a finding. An attack trees is defined by: Finding Attack Tree Title Attack Tree Definition The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees as described in the Security Chaos Engineering report: Deciduous So all the credits to @swagitda . How to / getting started guide: https://swagitda.com/blog/posts/deciduous-attack-tree-app/ Also if needed to attach an Attack Path Planner I recommend you to take a look into: Walter: Attack Path Planner List of Attack Trees Add Attack Tree","title":"Attack tree"},{"location":"attacktree/#attack-trees","text":"The Security decision trees module facilitate the management of attack path that can be linked to a finding. An attack trees is defined by: Finding Attack Tree Title Attack Tree Definition The visualization of the attack path of a vulnerability or finding has been implemented adapting a web app that simplifies building attack decision trees as described in the Security Chaos Engineering report: Deciduous So all the credits to @swagitda . How to / getting started guide: https://swagitda.com/blog/posts/deciduous-attack-tree-app/ Also if needed to attach an Attack Path Planner I recommend you to take a look into: Walter: Attack Path Planner","title":"Attack Trees"},{"location":"attacktree/#list-of-attack-trees","text":"","title":"List of Attack Trees"},{"location":"attacktree/#add-attack-tree","text":"","title":"Add Attack Tree"},{"location":"default_creds/","text":"Administrator: admin/P3t3r3p0rt Viewer: viewer/v13w3r","title":"Default Credentials"},{"location":"django/","text":"Django installation Prerequisites PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: $ sudo apt-get install python3-pip python3-venv build-essential OpenSuse: $ sudo zypper install python3-devel gcc CentOS: $ sudo yum install python3-devel gcc Environment It is strongly recommended to set up the installation in a virtual environment (Pipenv) : Pipenv Linux: $ sudo apt-get install pipenv pip: $ python3 -m pip install pipenv MAC: $ brew install pipenv Dependencies Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh Latex Linux: $ sudo apt-get install texlive-full Mac: $ brew remove basictex $ brew cask install mactex Pandoc Linux: $ sudo apt-get install pandoc $ sudo apt-get install python3-pypandoc Mac: $ brew install pandoc $ brew install pandoc-citeproc Eisvogel $ python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates PeTeReport Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json Start the server Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C Upgrade PeTeReport Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again Clean PeTeReport Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again Configuration Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure","title":"Django"},{"location":"django/#django-installation","text":"","title":"Django installation"},{"location":"django/#prerequisites","text":"PeTeReport requires Python \u2265 3.8. Recommended installation requires pip . As a base requirement, the following packages are needed: Ubuntu/Debian: $ sudo apt-get install python3-pip python3-venv build-essential OpenSuse: $ sudo zypper install python3-devel gcc CentOS: $ sudo yum install python3-devel gcc","title":"Prerequisites"},{"location":"django/#environment","text":"It is strongly recommended to set up the installation in a virtual environment (Pipenv) :","title":"Environment"},{"location":"django/#pipenv","text":"Linux: $ sudo apt-get install pipenv pip: $ python3 -m pip install pipenv MAC: $ brew install pipenv","title":"Pipenv"},{"location":"django/#dependencies","text":"Easiest way in Linux (ubuntu): $ sudo bash scripts/ubuntu_environment_install.sh","title":"Dependencies"},{"location":"django/#latex","text":"Linux: $ sudo apt-get install texlive-full Mac: $ brew remove basictex $ brew cask install mactex","title":"Latex"},{"location":"django/#pandoc","text":"Linux: $ sudo apt-get install pandoc $ sudo apt-get install python3-pypandoc Mac: $ brew install pandoc $ brew install pandoc-citeproc","title":"Pandoc"},{"location":"django/#eisvogel","text":"$ python3 -m pip install pandoc-latex-environment Download the latest version of the Eisvogel template from the release page. Extract the downloaded ZIP archive and open the folder. Move the template eisvogel.tex to your pandoc templates folder and rename the file to eisvogel.latex. The location of the templates folder depends on your operating system: /Users/$USER/.pandoc/templates/eisvogel.latex or /home/$USER/.pandoc/templates","title":"Eisvogel"},{"location":"django/#petereport","text":"Clone the project and cd into PeTeReport: cd petereport/ Create a new virtual environment and installing dependencies: pipenv install Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Create the database: python manage.py migrate Make the latest database changes: python manage.py makemigrations Super user admin/P3t3r3p0rt will be created, but you can create a new super user: python manage.py createsuperuser Populate the CWE data python manage.py loaddata config/cwe-list.json","title":"PeTeReport"},{"location":"django/#start-the-server","text":"Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure Go to http://127.0.0.1:8000/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report Close up and stop the server: Ctrl + C","title":"Start the server"},{"location":"django/#upgrade-petereport","text":"Stop the server if it's running: Ctrl + C Pull the latest code base via git: git pull or download the source and replace the files. Setup any additional dependencies: pipenv install Run the virtual environment: pipenv shell Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again","title":"Upgrade PeTeReport"},{"location":"django/#clean-petereport","text":"Stop the server if it's running: Ctrl + C Run the virtual environment: pipenv shell Go to Django PeTeReport App: cd app/ Run cleaner: python clean.py Make the latest database changes: python manage.py makemigrations Make the latest database changes: python manage.py migrate Start the server: python manage.py runserver --insecure Try harder again","title":"Clean PeTeReport"},{"location":"django/#configuration","text":"Stop the server if it's running: Ctrl + C Customize reports and configuration in app/config/petereport_config.py Start the django server: python manage.py runserver --insecure or python manage.py runserver 0.0.0.0:8000 --insecure","title":"Configuration"},{"location":"docker/","text":"Docker Environment $ sudo apt install docker.io docker-compose Deployment Clone repository $ cd /opt $ git clone https://github.com/1modm/petereport $ cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment $ docker-compose up --build Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Docker"},{"location":"docker/#docker","text":"","title":"Docker"},{"location":"docker/#environment","text":"$ sudo apt install docker.io docker-compose","title":"Environment"},{"location":"docker/#deployment","text":"Clone repository $ cd /opt $ git clone https://github.com/1modm/petereport $ cd petereport Customize reports and configuration in app/config/petereport_config.py Build environment $ docker-compose up --build Go to https://127.0.0.1/ Login with any of users created admin/P3t3r3p0rt (administrator) and viewer/v13w3r (viewer) or the user credentials configured in the configuration file Try harder Create a report","title":"Deployment"},{"location":"findings/","text":"Findings The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path List of findings Create new findings Add Finding from Templates Can be added findings to a report from the template list previously created. Import Findings from DefectDojo We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key } Import Findings from CSV Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" CWE List When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"Findings"},{"location":"findings/#findings","text":"The finding module facilitate the management of findings in the reports. A finding is defined by: Title Status Severity CVSS Score CWE Description Location Impact Recommendation References Appendix Attack path","title":"Findings"},{"location":"findings/#list-of-findings","text":"","title":"List of findings"},{"location":"findings/#create-new-findings","text":"","title":"Create new findings"},{"location":"findings/#add-finding-from-templates","text":"Can be added findings to a report from the template list previously created.","title":"Add Finding from Templates"},{"location":"findings/#import-findings-from-defectdojo","text":"We can import the findings from DefectDojo , first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment. Edit configuration in app/config/petereport_config.py DEFECTDOJO_CONFIG = { 'DefectDojoURL': 'https://demo.defectdojo.org', 'apiKey': 'Token Key' # Format Token Key }","title":"Import Findings from DefectDojo"},{"location":"findings/#import-findings-from-csv","text":"Can be imported from a CSV findings following the next format: // Comma-separated values (CSV) file format \"ID\",\"Status\",\"Title\",\"Severity\",\"CVSS Base Score\",\"CVSS Score\",\"CWE\",\"Description\",\"Location\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\" \"2834q345-b24e-4ghf-r86d-ftue38af5480\",\"Open\",\"Finding 1\",\"Low\",\"3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\",\"3.7\",\"73\",\"Description\",\"127.0.0.1\",\"Impact\",\"Recommendation\",\"References\",\"Appendix\",\"Appendix Description\"","title":"Import Findings from CSV"},{"location":"findings/#cwe-list","text":"When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre: Software Development Hardware Design Research Concepts","title":"CWE List"},{"location":"products/","text":"Products The products module facilitate the management of products. A product is defined by: Product Name Product Description List of products Create new products","title":"Products"},{"location":"products/#products","text":"The products module facilitate the management of products. A product is defined by: Product Name Product Description","title":"Products"},{"location":"products/#list-of-products","text":"","title":"List of products"},{"location":"products/#create-new-products","text":"","title":"Create new products"},{"location":"reports/","text":"Reports The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date List of Reports Create new reports Report Details Template Customization It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Reports"},{"location":"reports/#reports","text":"The report module facilitate the management of products. A report is defined by: Product Report ID Report Title Executive summary Scope Out of scope Methodology Recommendation Report date","title":"Reports"},{"location":"reports/#list-of-reports","text":"","title":"List of Reports"},{"location":"reports/#create-new-reports","text":"","title":"Create new reports"},{"location":"reports/#report-details","text":"","title":"Report Details"},{"location":"reports/#template-customization","text":"It can be edited the templates used for each export format, just go to the folder /app/preport/templates/tpl and modify the markdown, latex or html as needed.","title":"Template Customization"},{"location":"users/","text":"User management The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view List of users and roles Create new users","title":"User management"},{"location":"users/#user-management","text":"The user module facilitate the management of users and roles in the application. There are 2 builtins roles: administrator and viewer. Administrator role has full permissions access Viewer role Projects: view Reports: view, generate output Findings: view Finding templates: view","title":"User management"},{"location":"users/#list-of-users-and-roles","text":"","title":"List of users and roles"},{"location":"users/#create-new-users","text":"","title":"Create new users"}]} \ No newline at end of file diff --git a/docs/sitemap.xml b/docs/sitemap.xml index d287f6b..d235d57 100644 --- a/docs/sitemap.xml +++ b/docs/sitemap.xml @@ -2,52 +2,52 @@ https://1modm.github.io/petereport/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/appendix/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/attacktree/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/default_creds/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/django/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/docker/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/findings/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/products/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/reports/ - 2021-09-16 + 2022-01-15 daily https://1modm.github.io/petereport/users/ - 2021-09-16 + 2022-01-15 daily \ No newline at end of file diff --git a/docs/sitemap.xml.gz b/docs/sitemap.xml.gz index 4b7e212..476b11b 100644 Binary files a/docs/sitemap.xml.gz and b/docs/sitemap.xml.gz differ diff --git a/scripts/ubuntu_environment_install.sh b/scripts/ubuntu_environment_install.sh index 0285bae..e048050 100644 --- a/scripts/ubuntu_environment_install.sh +++ b/scripts/ubuntu_environment_install.sh @@ -15,6 +15,10 @@ while read -r p ; do sudo apt-get install -y $p ; done < <(cat << "EOF" texlive-full pandoc python3-pypandoc + cairosvg + python3-cairosvg + libcairo2 + libcairo2-dev EOF )