first commit

.gitignore

@@ -0,0 +1,136 @@
+*~
+*.pyc
+*.bak
+TODO
+.DS_Store
+
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2021, Miguel Morillo
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Pipfile

@@ -0,0 +1,16 @@
+[[source]]
+name		= "pypi"
+url			= "https://pypi.org/simple"
+verify_ssl	= true
+
+[requires]
+python_version		= "3.8"
+
+[packages]
+Django				= "==3.2.5"
+requests			= ">=2.25.1"
+martor				= "==1.6.3"
+pypandoc			= "==1.6.3"
+termcolor			= "==1.1.0"
+
+[dev-packages]

README.md

@@ -0,0 +1,27 @@
+# PeTeReport 
+
+Pentest Reporting Tool written in Django and Python 3 with the aim to help pentesters to manage a finding repository, write reports (in Markdown) and generate in different formats (HTML, CSV, PDF and Markdown).
+
+![Dashboard](images/Dashboard.png "Dashboard")
+
+## Architecture
+
+![Architecture](images/architecture.png "Architecture")
+
+## Installation and deployment
+
+- [x] [Docker](doc/docker.md)
+- [x] [Django](doc/django.md)
+
+## Demo
+
+[PDF Sample](sample_reports/PEN-PDF_Offensive_Security_Network_202108181118.pdf "PDF Sample")
+
+[HTML Sample](sample_reports/PEN-HTML_Offensive_Security_Network_202108181117.html "HTML Sample")
+
+[MD Sample](sample_reports/PEN-MD_Offensive_Security_Network_202108181118.md "MD Sample")
+
+[CSV Sample](sample_reports/PEN-CSV_Offensive_Security_Network_202108181118.csv "CSV Sample")
+
+
+![Demo](images/demo.gif "Demo")

django/clean.py

@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import django
+import shutil
+from termcolor import colored #pip3 install termcolor
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "petereport.settings")
+django.setup()
+
+from petereport.settings import MEDIA_ROOT, REPORTS_MEDIA_ROOT
+from preport.models import DB_Product, DB_Report, DB_Finding, DB_Appendix, DB_Finding_Template, DB_Appendix, DB_CWE
+
+def remove_folder(path):
+    # check if folder exists
+    if os.path.exists(path):
+         # remove if exists
+         shutil.rmtree(path)
+    else:
+        print(colored("[-] Error removing files", "red"))
+
+def create_media_folders(path):
+
+    pathimg = path + "/images"
+
+    try:
+        os.makedirs(pathimg)
+
+    except OSError:
+        print(colored(f"[-] Creation of the directory {path} failed", "red"))
+    else:
+        print(colored(f"[+] Successfully created the petereport directories {MEDIA_ROOT}", "green"))
+
+
+def create_storage_reports_folders(path):
+
+    pathhtml = path + "/html"
+    pathpdf = path + "/pdf"
+    pathimg = path + "/images"
+
+    try:
+        os.makedirs(pathhtml)
+        os.makedirs(pathpdf)
+        os.makedirs(pathimg)
+
+    except OSError:
+        print(colored(f"[-] Creation of the directory {path} failed", "red"))
+
+    else:
+        print(colored(f"[+] Successfully created the petereport directories {REPORTS_MEDIA_ROOT}", "green"))
+
+
+#------------------------------------------------------------------------------
+# Main of program
+#------------------------------------------------------------------------------
+
+def main():
+
+    print(colored("[+] This will reset everything in the database and set up as fresh", "yellow"))
+    print(colored("[+] Are you wanna do this?", "yellow"))
+
+    answer = input("[No] | Yes?\n") or ""
+
+    if "yes" == answer.lower():
+
+        DB_Product.objects.all().delete()
+        DB_Report.objects.all().delete()
+        DB_Finding.objects.all().delete()
+        DB_Appendix.objects.all().delete()
+        DB_Finding_Template.objects.all().delete()
+        DB_Appendix.objects.all().delete()
+        DB_CWE.objects.all().delete()
+
+        remove_folder(MEDIA_ROOT)
+        create_media_folders(MEDIA_ROOT)
+
+        remove_folder(REPORTS_MEDIA_ROOT)
+        create_storage_reports_folders(REPORTS_MEDIA_ROOT)
+
+
+#------------------------------------------------------------------------------
+# Main
+#------------------------------------------------------------------------------
+
+if __name__ == '__main__':
+    main()

django/config/Dockerfile

@@ -0,0 +1,49 @@
+FROM ubuntu:latest
+
+# set environment variables
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+
+# no apt prompts
+ARG DEBIAN_FRONTEND=noninteractive
+
+# fetch package list
+RUN apt-get -y update
+
+# Make sure locale is set to UTF-8
+RUN apt-get -y update
+RUN apt-get -y upgrade
+RUN apt-get install -y locales locales-all
+ENV LC_ALL en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US.UTF-8
+
+# install python
+RUN apt-get -y install python3 python3-dev python3-pip
+
+# install dependencies
+RUN apt-get -y install pipenv texlive-full python3-pypandoc
+RUN apt-get -y install wget
+
+# alias "python" to "python3"
+RUN ln -s /usr/bin/python3 /usr/bin/python
+RUN apt-get -y install python3-gunicorn gunicorn
+RUN python3 -m pip install pandoc-latex-environment
+
+# https://github.com/dalibo/pandocker/blob/latest/alpine/Dockerfile
+# Templates are installed in '/.pandoc'.
+ARG TEMPLATES_DIR=/.pandoc/templates
+
+RUN mkdir -p ${TEMPLATES_DIR} && \
+    # Links for the root user
+    ln -s /.pandoc /root/.pandoc
+
+# eisvogel template
+ARG EISVOGEL_REPO=https://raw.githubusercontent.com/Wandmalfarbe/pandoc-latex-template
+ARG EISVOGEL_VERSION=2.0.0
+RUN wget ${EISVOGEL_REPO}/v${EISVOGEL_VERSION}/eisvogel.tex -O ${TEMPLATES_DIR}/eisvogel.latex
+
+WORKDIR /opt/petereport
+
+COPY Pipfile ./
+RUN pipenv install --system --deploy --ignore-pipfile

django/config/petereport_config.py

@@ -0,0 +1,37 @@
+PETEREPORT_CONFIG = {
+	'admin_username': 'admin',
+	'admin_password': 'P3t3r3p0rt',
+	'admin_email': '[email protected]',
+}
+
+DJANGO_CONFIG = {
+	'secret_key': 'django-insecure-key-CHANGEMEPLEASE',
+	'debug': True,
+	'admin_module': True,
+	'allowed_hosts': '[\'*\']',
+	'server_host': 'http://127.0.0.1:8000',
+}
+
+PETEREPORT_TEMPLATES = {
+	'templates_root': 'preport/templates/tpl',
+	'storage_reports': 'storage_reports',
+	'html_template': 'bootstrap-4-pandoc-template/template.html',
+	'pdf_latex_template': 'petereport.latex',
+	'report_id_format': 'PEN-DOC-',
+	'report_csv_name': 'PEN-CSV',
+	'report_markdown_name': 'PEN-MD',
+	'report_html_name': 'PEN-HTML',
+	'report_pdf_name': 'PEN-PDF',
+	'initial_text': 'TBC',
+	'titlepage-color': "1E90FF",
+	'titlepage-text-color': "FFFAFA",
+	'titlepage-rule-color': "FFFAFA",
+	'titlepage-rule-height': 2
+}
+
+PETEREPORT_MARKDOWN = {
+	'author': 'Pentest company',
+	'subject': 'Pentest Report',
+	'website': 'https://github.com/1modm/petereport',
+	'martor_upload_method': 'BASE64' # BASE64 (stored in DB) or MEDIA (path not protected)
+}