From 855d4a53a3334b7832fe4858ab6d43ef006b6129 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sat, 24 Aug 2024 11:14:09 +0530 Subject: [PATCH 01/20] rename older to default template, and add new template modern --- web/templates/report/default.html | 1049 +++++++++++++++++++++++++++++ web/templates/report/modern.html | 388 +++++++++++ 2 files changed, 1437 insertions(+) create mode 100644 web/templates/report/default.html create mode 100644 web/templates/report/modern.html diff --git a/web/templates/report/default.html b/web/templates/report/default.html new file mode 100644 index 000000000..a129de3c3 --- /dev/null +++ b/web/templates/report/default.html @@ -0,0 +1,1049 @@ + + + + Report + + + + + +
+

{{report_name}} +
+ {{scan_object.domain.name}} +
+ {# generated date #} + {% now "F j, Y" %} +

+
+ {{company_name}} + {{company_address}} +
+
+ {{company_email}} + {{company_website}} +
+
+ {% if show_rengine_banner %}Generated by reNgine + https://github.com/yogeshojha/rengine + {% endif %} +
+
+ +
+

 

+

Table of contents

+ +
+ + {% if show_executive_summary %} +
+

Executive summary

+
+ {{executive_summary_description | safe }} +
+ {% endif %} + +
+

Quick Summary

+

This section contains quick summary of scan performed on {{scan_object.domain.name}}

+
+
+ + {# recon section #} + {% if show_recon %} +

Reconnaissance

+
+
+

Subdomains +
+ + {{scan_object.get_subdomain_count}} + +

+
+
+

Endpoints +
+ + {{scan_object.get_endpoint_count}} + +

+
+
+

Vulnerabilities +
+ + {{all_vulnerabilities_count}} + +

+
+
+ {% endif %} + + + {% if show_vuln %} +
+
+

Vulnerability Summary

+
+
+

Critical +
+ + {{scan_object.get_critical_vulnerability_count}} + +

+
+
+

High +
+ + {{scan_object.get_high_vulnerability_count}} + +

+
+
+

Medium +
+ + {{scan_object.get_medium_vulnerability_count}} + +

+
+
+

Low +
+ + {{scan_object.get_low_vulnerability_count}} + +

+
+
+

Info +
+ + {% if is_ignore_info_vuln %} + 0 + {% else %} + {{scan_object.get_info_vulnerability_count}} + {% endif %} + +

+
+
+

Unknown +
+ + {{scan_object.get_unknown_vulnerability_count}} + +

+
+
+
+ {% endif %} + +
+

Timeline of the Assessment

+

+ Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}} +
+ Total time taken: + {% if scan_object.scan_status == 0 %} + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} + {% elif scan_object.scan_status == 1 %} + {{ scan_object.get_elapsed_time }} + {% elif scan_object.scan_status == 2 %} + {% if scan_object.get_completed_time_in_sec < 60 %} + Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %}
+ Report Generated on: {% now "F j, Y" %} +

+
+ + {# show interesting_subdomains section only when show_recon result is there #} + {% if interesting_subdomains and show_recon %} +
+

Interesting Recon Data

+

Listed below are the {{interesting_subdomains.count}} interesting subdomains identified on {{scan_object.domain.name}}

+
+
+
+ # +
+
+ Subdomain +
+
+ Page title +
+
+ HTTP Status +
+
+ {% for subdomain in interesting_subdomains %} +
+
+ {{ forloop.counter }} +
+
+ {{subdomain.name}} +
+
+ {% if subdomain.page_title %} + {{subdomain.page_title}} + {% else %} +     + {% endif %} +
+
+ {% if subdomain.http_status %} + {{subdomain.http_status}} + {% else %} +     + {% endif %} +
+
+ {% endfor %} +
+
+ {% endif %} + + {# vulnerability_summary only when vuln_report #} + {% if show_vuln %} +
+

Summary of Vulnerabilities Identified

+ {% if all_vulnerabilities.count > 0 %} +

Listed below are the vulnerabilities identified on {{scan_object.domain.name}}

+
+
+
+ # +
+
+ Vulnerability Name +
+
+ Times Identified +
+
+ Severity +
+
+ {% for vulnerability in unique_vulnerabilities %} +
+
+ {{ forloop.counter }} +
+
+ {{vulnerability.name}} +
+
+ {{vulnerability.count}} +
+ {% if vulnerability.severity == -1 %} +
+ Unknown + {% elif vulnerability.severity == 0 %} +
+ Informational + {% elif vulnerability.severity == 1 %} +
+ Low + {% elif vulnerability.severity == 2 %} +
+ Medium + {% elif vulnerability.severity == 3 %} +
+ High + {% elif vulnerability.severity == 4 %} +
+ Critical + {% endif %} +
+
+ {% endfor %} + {% else %} +

No Vulnerabilities were Discovered.

+ {% endif %} +
+ +
+ {% endif %} + + {# show discovered assets only for show_recon report #} + {% if show_recon %} +
+

Discovered Assets

+

Subdomains

+

+ During the reconnaissance phase, {{scan_object.get_subdomain_count}} subdomains were discovered. + Out of {{scan_object.get_subdomain_count}} subdomains, {{subdomain_alive_count}} returned HTTP status 200. + {{interesting_subdomains.count}} interesting subdomains were also identified based on the interesting keywords used. +

+

{{scan_object.get_subdomain_count}} subdomains identified on {{scan_object.domain.name}}

+
+
+
+ Subdomain +
+
+ Page title +
+
+ HTTP Status +
+
+ {% for subdomain in subdomains %} +
+
+ {{subdomain.name}} +
+
+ {% if subdomain.page_title %} + {{subdomain.page_title}} + {% endif %} +
+
+ {{subdomain.http_status}} +
+
+ {% endfor %} +
+ {% if ip_addresses.count %} +

IP Addresses

+

{{ip_addresses.count}} IP Addresses were identified on {{scan_object.domain.name}}

+
+
+
+ IP +
+
+ Open Ports +
+
+ Remarks +
+
+ {% for ip in ip_addresses %} +
+
+ {{ip.address}} +
+
+ {% for port in ip.ports.all %} + {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %} + {% endfor %} +
+ {% if ip.is_cdn %} +
+ CDN IP Address + {% else %} +
+ {% endif %} +
+
+ {% endfor %} +
+ {% endif %} +
+
+ {% endif %} + + {# reconnaissance finding only when show_recon #} + {% if show_recon %} +
+

Reconnaissance Findings

+ {% for subdomain in subdomains %} + + + + + {% if subdomain.http_status == 200 %} + + {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} + + {% elif subdomain.http_status >= 400 %} + + {% elif subdomain.http_status == 0 %} + + {% else %} + + {% endif %} + + {% if subdomain.page_title %} + + + + {% endif %} + {% if subdomain.ip_addresses.all %} + + + + {% endif %} + {% if subdomain.get_vulnerabilities_without_info %} + + + + {% endif %} +
{{ forloop.counter }}.{{subdomain.name}}{{subdomain.http_status}}{{subdomain.http_status}}{{subdomain.http_status}}N/A{{subdomain.http_status}}
Page Title: {{subdomain.page_title}}
+ IP Address: +
    + {% for ip in subdomain.ip_addresses.all %} +
  • {{ip.address}} + {% if ip.ports.all %} +
      +
    • Open Ports:   + {% for port in ip.ports.all %} + {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %} + {% endfor %} +
      • +
    + {% endif %} +
    • + {% endfor %} +
+
+ Vulnerabilities + {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %} + +
+ {% endfor %} +
+ {% endif %} + + {% if all_vulnerabilities.count > 0 and show_vuln %} +
+

Vulnerabilities Discovered

+

+ This section reports the security issues found during the audit. +
+ A Total of {{scan_object.get_vulnerability_count}} were discovered in {{scan_object.domain.name}}, + {{scan_object.get_critical_vulnerability_count}} of them were Critical, + {{scan_object.get_high_vulnerability_count}} of them were High Severity, + {{scan_object.get_medium_vulnerability_count}} of them were Medium severity, + {% if is_ignore_info_vuln %}0{% else %}{{scan_object.get_info_vulnerability_count}}{% endif %} of them were Low severity, and + {{scan_object.get_info_vulnerability_count}} of them were Informational. + {{scan_object.get_unknown_vulnerability_count}} of them were Unknown Severity. +

+

Vulnerability Breakdown by Severity

+
+
+

Critical +
+ + {{scan_object.get_critical_vulnerability_count}} + +

+
+
+

High +
+ + {{scan_object.get_high_vulnerability_count}} + +

+
+
+

Medium +
+ + {{scan_object.get_medium_vulnerability_count}} + +

+
+
+

Low +
+ + {{scan_object.get_low_vulnerability_count}} + +

+
+
+

Info +
+ + {% if is_ignore_info_vuln %} + 0 + {% else %} + {{scan_object.get_info_vulnerability_count}} + {% endif %} + +

+
+
+

Unknown +
+ + {{scan_object.get_unknown_vulnerability_count}} + +

+
+
+
+ + + {# start vulnerability #} + {% if show_vuln %} +
+ {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %} + {% for vulnerabilities in grouped_vulnerabilities %} + {% for vulnerability in vulnerabilities.list %} +
+

+ {{vulnerability.name}} + {% if vulnerabilities.grouper %} +
in {{vulnerabilities.grouper}} + {% endif %} + + {% if vulnerability.severity == -1 %} + Unknown +
+ {% elif vulnerability.severity == 0 %} + INFO +
+ {% elif vulnerability.severity == 1 %} + LOW +
+ {% elif vulnerability.severity == 2 %} + MEDIUM +
+ {% elif vulnerability.severity == 3 %} + HIGH +
+ {% elif vulnerability.severity == 4 %} + CRITICAL +
+ {% endif %} +

+ + Vulnerability Source: {{vulnerability.source|upper}}
+ {% if vulnerability.cvss_metrics or vulnerability.cvss_score or vulnerability.cve_ids.all or vulnerability.cve_ids.all %} + Vulnerability Classification
+ {% if vulnerability.cvss_metrics %} + CVSS Metrics: {{vulnerability.cvss_metrics}} + {% endif %} + {% if vulnerability.cvss_score %} +
+ CVSS Score: {{vulnerability.cvss_score}} + {% endif %} + {% if vulnerability.cve_ids.all %} +
+ CVE IDs
+     {% for cve in vulnerability.cve_ids.all %} {{cve}}{% if not forloop.last %}, {% endif %} {% endfor %} + {% endif %} + {% if vulnerability.cwe_ids.all %} +
+ CWE IDs
+     {% for cwe in vulnerability.cwe_ids.all %} {{cwe}}{% if not forloop.last %}, {% endif %} {% endfor %} + {% endif %} +
+ {% endif %} + {% if vulnerability.description %} +
+ Description
+ {{vulnerability.description|linebreaks}} + {% endif %} + {% if vulnerability.impact %} +
+ Impact
+ {{vulnerability.impact|linebreaks}} + {% endif %} + {% if vulnerability.remediation %} +
+ Remediation
+ {{vulnerability.remediation|linebreaks}} + {% endif %} +
+ Vulnerable URL(s)
+ + + + {% if vulnerability.references.all %} + References
+
    + {% for ref in vulnerability.references.all %} +
  • + {{ref}} +
    • + {% endfor %} +
+ {% endif %} +
+
+
+ {% endfor %} + {% endfor %} +
+ {% endif %} + + {% endif %} +
+

END OF REPORT

+
+ + + diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html new file mode 100644 index 000000000..fb3295ad6 --- /dev/null +++ b/web/templates/report/modern.html @@ -0,0 +1,388 @@ + + + + + Penetration Testing Report + + + + + + {% comment %} cover page {% endcomment %} +
+
+
+
+
+
+

{{report_name}}

+
{{scan_object.domain.name}}
+
{% now "F j, Y" %}
+
+
+
+ {{company_name}} | {{company_address}} | {{company_email}} | {{company_website}} + {% if show_rengine_banner %} +
+ Generated by reNgine
+ https://github.com/yogeshojha/rengine +
+ {% endif %} +
+
+ + {% comment %} table of contents {% endcomment %} +
+

Table of Contents

+
+ {% if show_executive_summary %} +
+ Executive Summary + +
+ {% endif %} +
+ Quick Summary + +
+
+ Assessment Timeline + +
+ {% if show_vuln %} +
+ Vulnerability Summary + +
+ {% endif %} + {% if show_recon %} +
+ Reconnaissance Results + +
+ {% endif %} + {% if show_vuln %} +
+ Vulnerabilities Discovered + +
+ {% endif %} +
+
+ + {% if show_executive_summary %} +
+

Executive Summary

+
+ {{executive_summary_description | safe }} +
+ {% endif %} + +
+

Quick Summary

+

This section contains quick summary of scan performed on {{scan_object.domain.name}}

+
+
+ +
+
+

END OF REPORT

+
+
+
+ + + \ No newline at end of file From 323aadd81b1688e38f166184b6f3e73561320b32 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sat, 24 Aug 2024 12:53:55 +0530 Subject: [PATCH 02/20] added quick summary grid boxes --- web/templates/report/modern.html | 874 ++++++++++++++++++------------- 1 file changed, 509 insertions(+), 365 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index fb3295ad6..bda33e450 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -1,388 +1,532 @@ - - + + Penetration Testing Report - + - - - + + {% comment %} cover page {% endcomment %}
-
-
-
-
-
-

{{report_name}}

-
{{scan_object.domain.name}}
-
{% now "F j, Y" %}
-
-
-
- {{company_name}} | {{company_address}} | {{company_email}} | {{company_website}} - {% if show_rengine_banner %} -
- Generated by reNgine
- https://github.com/yogeshojha/rengine -
- {% endif %} +
+
+
+
+
+

{{report_name}}

+
{{scan_object.domain.name}}
+
{% now "F j, Y" %}
+
+
+
+ {{company_name}} | {{company_address}} | {{company_email}} | + {{company_website}} {% if show_rengine_banner %} +
+ Generated by reNgine
+ https://github.com/yogeshojha/rengine
+ {% endif %} +
{% comment %} table of contents {% endcomment %}
-

Table of Contents

-
- {% if show_executive_summary %} -
- Executive Summary - -
- {% endif %} -
- Quick Summary - -
-
- Assessment Timeline - -
- {% if show_vuln %} -
- Vulnerability Summary - -
- {% endif %} - {% if show_recon %} -
- Reconnaissance Results - -
- {% endif %} - {% if show_vuln %} -
- Vulnerabilities Discovered - -
- {% endif %} +

Table of Contents

+
+ {% if show_executive_summary %} +
+ Executive Summary + +
+ {% endif %} +
+ Quick Summary + +
+
+ Assessment Timeline + +
+ {% if show_vuln %} +
+ Vulnerability Summary +
+ {% endif %} {% if show_recon %} +
+ Reconnaissance Results + +
+ {% endif %} {% if show_vuln %} +
+ Vulnerabilities Discovered + +
+ {% endif %} +
{% if show_executive_summary %} -
-

Executive Summary

-
- {{executive_summary_description | safe }} -
+
+

Executive Summary

+
+ {{executive_summary_description | safe }} +
{% endif %} -
+

Quick Summary

-

This section contains quick summary of scan performed on {{scan_object.domain.name}}

-
+

+ This section contains quick summary of scan performed on + {{scan_object.domain.name}} +

+
+ {% if show_recon %} +
+

Reconnaissance

+
+
+

Subdomains

+
{{scan_object.get_subdomain_count}}
+
+
+

Endpoints

+
{{scan_object.get_endpoint_count}}
+
+
+

Vulnerabilities

+
{{all_vulnerabilities_count}}
+
+
+
+ {% endif %} + {% if show_vuln %} +
+

Vulnerability Summary

+
+
+

Critical

+
{{scan_object.get_critical_vulnerability_count}}
+
+
+

High

+
{{scan_object.get_high_vulnerability_count}}
+
+
+

Medium

+
{{scan_object.get_medium_vulnerability_count}}
+
+
+
+
+

Low

+
{{scan_object.get_low_vulnerability_count}}
+
+
+

Info

+
+ {% if is_ignore_info_vuln %} + 0 + {% else %} + {{scan_object.get_info_vulnerability_count}} + {% endif %} +
+
+
+

Unknown

+
{{scan_object.get_unknown_vulnerability_count}}
+
+
+
+ {% endif %}
-
-

END OF REPORT

-
-
+
+

END OF REPORT

+
+
- - - \ No newline at end of file + + From 005d215f54b802ac8850380542e15973b085313b Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sat, 24 Aug 2024 13:26:18 +0530 Subject: [PATCH 03/20] added scan timeline --- web/templates/report/modern.html | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index bda33e450..c77feab83 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -520,6 +520,25 @@

Unknown

{% endif %} + +
+

Assessment Timeline

+

+ Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}} +
+ Total time taken: + {% if scan_object.scan_status == 0 %} + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} + {% elif scan_object.scan_status == 1 %} + {{ scan_object.get_elapsed_time }} + {% elif scan_object.scan_status == 2 %} + {% if scan_object.get_completed_time_in_sec < 60 %} + Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %}
+ Report Generated on: {% now "F j, Y" %} +

+
+
From e4aa74315a4e36db8790884d62e80e5a8c574284 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sat, 24 Aug 2024 15:11:05 +0530 Subject: [PATCH 04/20] feat: Add subdomain HTTP status breakdown chart to modern report template --- web/reNgine/charts.py | 104 +++++++++++++++++++++++++++++++ web/templates/report/modern.html | 41 ++++++++++-- 2 files changed, 141 insertions(+), 4 deletions(-) create mode 100644 web/reNgine/charts.py diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py new file mode 100644 index 000000000..df215a4aa --- /dev/null +++ b/web/reNgine/charts.py @@ -0,0 +1,104 @@ +import base64 +import colorsys + +import plotly.graph_objs as go +from plotly.io import to_image +from django.db.models import Count + +from startScan.models import * + + + +""" + This file is used to generate the charts for the pdf report. +""" + +def generate_subdomain_chart_by_http_status(subdomains): + """ + Generates a donut chart using plotly for the subdomains based on the http status. + Args: + sobdomains: List of subdomains. + Returns: + Image as base64 encoded string. + """ + http_statuses = ( + subdomains + .exclude(http_status=0) + .values('http_status') + .annotate(count=Count('http_status')) + .order_by('-count') + ) + http_status_count = [{'http_status': entry['http_status'], 'count': entry['count']} for entry in http_statuses] + + labels = [f"{entry['http_status']} ({entry['count']})" for entry in http_status_count] + sizes = [entry['count'] for entry in http_status_count] + colors = [get_color_by_http_status(entry['http_status']) for entry in http_status_count] + + fig = go.Figure(data=[go.Pie( + labels=labels, + values=sizes, + marker=dict(colors=colors), + hole=0.4, + textinfo="value", + textfont=dict(size=18), + hoverinfo="none" + )]) + + fig.update_layout( + title_text="", + annotations=[dict(text='HTTP Status', x=0.5, y=0.5, font_size=14, showarrow=False)], + showlegend=True, + margin=dict(t=50, b=50, l=50, r=50), + width=450, + height=450, + ) + + img_bytes = to_image(fig, format="png") + img_base64 = base64.b64encode(img_bytes).decode('utf-8') + return img_base64 + + +def generate_color(base_color, offset): + r, g, b = int(base_color[1:3], 16), int(base_color[3:5], 16), int(base_color[5:7], 16) + factor = 1 + (offset * 0.03) + r, g, b = [min(255, int(c * factor)) for c in (r, g, b)] + return f"#{r:02x}{g:02x}{b:02x}" + + +def get_color_by_http_status(http_status): + """ + Returns the color based on the http status. + Args: + http_status: HTTP status code. + Returns: + Color code. + """ + + status = int(http_status) + + colors = { + 200: "#36a2eb", + 300: "#4bc0c0", + 400: "#ff6384", + 401: "#ff9f40", + 403: "#f27474", + 404: "#ffa1b5", + 429: "#bf7bff", + 500: "#9966ff", + 502: "#8a4fff", + 503: "#c39bd3", + } + + + if status in colors: + return colors[status] + elif 200 <= status < 300: + return generate_color(colors[200], status - 200) + elif 300 <= status < 400: + return generate_color(colors[300], status - 300) + elif 400 <= status < 500: + return generate_color(colors[400], status - 400) + elif 500 <= status < 600: + return generate_color(colors[500], status - 500) + else: + return "#c9cbcf" \ No newline at end of file diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index c77feab83..6e7f22bb7 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -190,7 +190,7 @@ {% comment %} table of content page {% endcomment %} .toc-modern { background-color: white; - padding: 20mm; + padding: 15mm; font-family: 'Inter', sans-serif; } @@ -239,17 +239,29 @@ #executive-summary-page { justify-content: space-between; background-color: white; - padding: 20mm; + padding: 15mm; font-family: 'Inter', sans-serif; } #quick-summary-page { justify-content: space-between; background-color: white; - padding: 20mm; + padding: 15mm; font-family: 'Inter', sans-serif; } + #summary-of-finding-page { + justify-content: space-between; + background-color: white; + padding: 15mm; + font-family: 'Inter', sans-serif; + } + + #summary-of-finding-page h2 { + font-size: 24pt; + color: {{primary_color}}; + } + #executive-summary-page h2 { font-size: 24pt; color: {{primary_color}}; @@ -373,6 +385,13 @@ .info .number, .info::before { color: #3498db; border-right-color: #3498db; } .unknown .number, .unknown::before { color: #95a5a6; border-right-color: #95a5a6; } .primary { color: {{primary_color}}; } + + .center-img { + display: block; + margin-left: auto; + margin-right: auto; + width: 50%; + } @@ -522,6 +541,8 @@

Unknown

{% endif %}
+
+

Assessment Timeline

Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}} @@ -538,7 +559,17 @@

Assessment Timeline

Report Generated on: {% now "F j, Y" %}

- +
+ +
+

Summary of Findings

+
+

+ This section provides a summary of the findings. +

+
+

Subdomain Breakdown by HTTP Status

+
@@ -547,5 +578,7 @@

END OF REPORT

+ + From 72489043af0251f4608f00a4f9a72cfc3135e4b0 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sat, 24 Aug 2024 20:34:16 +0530 Subject: [PATCH 05/20] add vuln chart --- web/reNgine/charts.py | 108 ++++++++++++++++++++++++++----- web/startScan/views.py | 11 +++- web/templates/report/modern.html | 11 +++- 3 files changed, 109 insertions(+), 21 deletions(-) diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py index df215a4aa..87ecd44fa 100644 --- a/web/reNgine/charts.py +++ b/web/reNgine/charts.py @@ -4,6 +4,7 @@ import plotly.graph_objs as go from plotly.io import to_image from django.db.models import Count +from reNgine.definitions import NUCLEI_SEVERITY_MAP from startScan.models import * @@ -15,11 +16,12 @@ def generate_subdomain_chart_by_http_status(subdomains): """ - Generates a donut chart using plotly for the subdomains based on the http status. - Args: - sobdomains: List of subdomains. - Returns: - Image as base64 encoded string. + Generates a donut chart using plotly for the subdomains based on the http status. + Includes label, count, and percentage inside the chart segments and in the legend. + Args: + subdomains: QuerySet of subdomains. + Returns: + Image as base64 encoded string. """ http_statuses = ( subdomains @@ -30,34 +32,106 @@ def generate_subdomain_chart_by_http_status(subdomains): ) http_status_count = [{'http_status': entry['http_status'], 'count': entry['count']} for entry in http_statuses] - labels = [f"{entry['http_status']} ({entry['count']})" for entry in http_status_count] + total = sum(entry['count'] for entry in http_status_count) + + labels = [str(entry['http_status']) for entry in http_status_count] sizes = [entry['count'] for entry in http_status_count] colors = [get_color_by_http_status(entry['http_status']) for entry in http_status_count] + text = [f"{label}
{size}
({size/total:.1%})" for label, size in zip(labels, sizes)] + fig = go.Figure(data=[go.Pie( - labels=labels, - values=sizes, - marker=dict(colors=colors), - hole=0.4, - textinfo="value", - textfont=dict(size=18), - hoverinfo="none" - )]) + labels=labels, + values=sizes, + marker=dict(colors=colors), + hole=0.4, + textinfo="text", + text=text, + textposition="inside", + textfont=dict(size=10), + hoverinfo="label+percent+value" + )]) fig.update_layout( title_text="", annotations=[dict(text='HTTP Status', x=0.5, y=0.5, font_size=14, showarrow=False)], showlegend=True, - margin=dict(t=50, b=50, l=50, r=50), - width=450, - height=450, + margin=dict(t=60, b=60, l=60, r=60), + width=700, + height=700, + ) + + img_bytes = to_image(fig, format="png") + img_base64 = base64.b64encode(img_bytes).decode('utf-8') + return img_base64 + + + +def get_color_by_severity(severity_int): + """ + Returns a color based on the severity level using a modern color scheme. + """ + color_map = { + 4: '#FF4D6A', + 3: '#FF9F43', + 2: '#FFCA3A', + 1: '#4ADE80', + 0: '#4ECDC4', + -1: '#A8A9AD', + } + return color_map.get(severity_int, '#A8A9AD') # Default to gray if severity is unknown + +def generate_vulnerability_chart_by_severity(vulnerabilities): + """ + Generates a donut chart using plotly for the vulnerabilities based on the severity. + Args: + vulnerabilities: QuerySet of Vulnerability objects. + Returns: + Image as base64 encoded string. + """ + severity_counts = ( + vulnerabilities + .values('severity') + .annotate(count=Count('severity')) + .order_by('-severity') + ) + + total = sum(entry['count'] for entry in severity_counts) + + labels = [NUCLEI_REVERSE_SEVERITY_MAP[entry['severity']].capitalize() for entry in severity_counts] + values = [entry['count'] for entry in severity_counts] + colors = [get_color_by_severity(entry['severity']) for entry in severity_counts] + + text = [f"{label}
{value}
({value/total:.1%})" for label, value in zip(labels, values)] + + fig = go.Figure(data=[go.Pie( + labels=labels, + values=values, + marker=dict(colors=colors), + hole=0.4, + textinfo="text", + text=text, + textposition="inside", + textfont=dict(size=12), + hoverinfo="label+percent+value", + )]) + + fig.update_layout( + title_text="", + annotations=[dict(text='Severity', x=0.5, y=0.5, font_size=14, showarrow=False)], + showlegend=True, + margin=dict(t=60, b=60, l=60, r=60), + width=700, + height=700, ) + img_bytes = to_image(fig, format="png") img_base64 = base64.b64encode(img_bytes).decode('utf-8') return img_base64 + def generate_color(base_color, offset): r, g, b = int(base_color[1:3], 16), int(base_color[3:5], 16), int(base_color[5:7], 16) factor = 1 + (offset * 0.03) diff --git a/web/startScan/views.py b/web/startScan/views.py index 0f5f57abb..3e88d2a03 100644 --- a/web/startScan/views.py +++ b/web/startScan/views.py @@ -1,7 +1,7 @@ import markdown from celery import group -from weasyprint import HTML +from weasyprint import HTML, CSS from datetime import datetime from django.contrib import messages from django.db.models import Count @@ -14,6 +14,7 @@ from rolepermissions.decorators import has_permission_decorator from reNgine.celery import app +from reNgine.charts import * from reNgine.common_func import * from reNgine.definitions import ABORTED_TASK, SUCCESS_TASK from reNgine.tasks import create_scan_activity, initiate_scan, run_command @@ -1074,13 +1075,17 @@ def create_report(request, id): data['primary_color'] = primary_color data['secondary_color'] = secondary_color - template = get_template('report/template.html') + data['subdomain_http_status_chart'] = generate_subdomain_chart_by_http_status(subdomains) + data['vulns_severity_chart'] = generate_vulnerability_chart_by_severity(vulns) if vulns else '' + + template = get_template('report/modern.html') html = template.render(data) pdf = HTML(string=html).write_pdf() + # pdf = HTML(string=html).write_pdf(stylesheets=[CSS(string='@page { size: A4; margin: 0; }')]) if 'download' in request.GET: response = HttpResponse(pdf, content_type='application/octet-stream') else: response = HttpResponse(pdf, content_type='application/pdf') - return response + return response \ No newline at end of file diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 6e7f22bb7..2505ce6e5 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -568,8 +568,17 @@

Summary of Findings

This section provides a summary of the findings.

-

Subdomain Breakdown by HTTP Status

+

Subdomains Breakdown by HTTP Status

+ {% if show_vuln and unique_vulnerabilities %} +

Vulnerabilities Breakdown by Severity

+ + {% endif %} + + +
+

Vulnerabilities Breakdown by Severity

+
From 9ab1d9f4ea2f781fb5963a817299051a7295ea58 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 12:28:12 +0530 Subject: [PATCH 06/20] add vuln list table --- web/reNgine/charts.py | 16 +++++ web/templates/report/modern.html | 116 +++++++++++++++++++++++++++++-- 2 files changed, 128 insertions(+), 4 deletions(-) diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py index 87ecd44fa..546f09a62 100644 --- a/web/reNgine/charts.py +++ b/web/reNgine/charts.py @@ -59,6 +59,14 @@ def generate_subdomain_chart_by_http_status(subdomains): margin=dict(t=60, b=60, l=60, r=60), width=700, height=700, + legend=dict( + font=dict(size=18), + orientation="v", + yanchor="middle", + y=0.5, + xanchor="left", + x=1.05 + ), ) img_bytes = to_image(fig, format="png") @@ -123,6 +131,14 @@ def generate_vulnerability_chart_by_severity(vulnerabilities): margin=dict(t=60, b=60, l=60, r=60), width=700, height=700, + legend=dict( + font=dict(size=18), + orientation="v", + yanchor="middle", + y=0.5, + xanchor="left", + x=1.05 + ), ) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 2505ce6e5..58c06b977 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -257,6 +257,13 @@ font-family: 'Inter', sans-serif; } + #vulnerability-breakdown-chart-page { + justify-content: space-between; + background-color: white; + padding: 15mm; + font-family: 'Inter', sans-serif; + } + #summary-of-finding-page h2 { font-size: 24pt; color: {{primary_color}}; @@ -272,6 +279,11 @@ color: {{primary_color}}; } + #vulnerability-breakdown-chart-page h2 { + font-size: 24pt; + color: {{primary_color}}; + } + @page end-of-report { background: {{primary_color}}; margin: 0; @@ -386,6 +398,63 @@ .unknown .number, .unknown::before { color: #95a5a6; border-right-color: #95a5a6; } .primary { color: {{primary_color}}; } + {% comment %} table related {% endcomment %} + .vuln-summary-table-container { + width: 100%; + margin: auto auto; + background-color: #ffffff; + border-radius: 4mm; + overflow: hidden; + } + .vuln-summary-table { + width: 100%; + border-collapse: separate; + border-spacing: 0.5mm; + background-color: #ffffff; + } + .vuln-summary-table th, .vuln-summary-table td { + padding: 2.5mm 3mm; + text-align: center; + vertical-align: middle; + } + .vuln-summary-table th { + background-color: #4a5568; + color: white; + font-weight: bold; + } + .vuln-summary-table .vulnerability-td { + text-align: left !important; + } + .vulnerability-td a { + color: inherit; + text-decoration: none; + font-weight: inherit; + } + .number-td { + width: 5mm; + text-align: center; + color: rgba(0, 0, 0, 0.5); + font-weight: normal; + } + .vulnerability-td { + width: 100mm; + text-align: left; + } + .instances-td { + width: 10mm; + text-align: center; + } + .severity-td { + width: 10mm; + text-align: center; + font-weight: bold; + } + .unknown-td { background-color: #f7f7f7; color: #777777; } + .info-td { background-color: #e3f2fd; color: #1565c0; } + .low-td { background-color: #e8f5e9; color: #2e7d32; } + .medium-td { background-color: #fff3e0; color: #ef6c00; } + .high-td { background-color: #fbe9e7; color: #d84315; } + .critical-td { background-color: #ffebee; color: #c62828; } .center-img { display: block; margin-left: auto; @@ -440,10 +509,10 @@

Table of Contents

{% if show_vuln %}
- Vulnerability Summary - +
{% endif %} {% if show_recon %}
@@ -577,8 +646,47 @@

Vulnerabilities Breakdown by Severity

-

Vulnerabilities Breakdown by Severity

- +

Summary of Vulnerabilities Identified

+

Listed below are the vulnerabilities identified on {{scan_object.domain.name}}

+
+ + + + + + + + {% for vulnerability in unique_vulnerabilities %} + + + + + + + {% endfor %} +
#Vulnerability NameInstancesSeverity
{{ forloop.counter }}{{vulnerability.name}}{{vulnerability.count}} + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + Informational + {% elif vulnerability.severity == 1 %} + Low + {% elif vulnerability.severity == 2 %} + Medium + {% elif vulnerability.severity == 3 %} + High + {% elif vulnerability.severity == 4 %} + Critical + {% endif %} +
+
+
From 3e8f4be2a9da2f5ffb173a94446b82a4ca4fa934 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 13:20:13 +0530 Subject: [PATCH 07/20] fix page margin --- web/templates/report/modern.html | 127 +++++++++++++++++-------------- 1 file changed, 70 insertions(+), 57 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 58c06b977..cb77e1181 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -10,7 +10,7 @@ - - - {% comment %} cover page {% endcomment %} -
-
-
-
-
-
-

{{report_name}}

-
{{scan_object.domain.name}}
-
{% now "F j, Y" %}
-
-
-
- {{company_name}} | {{company_address}} | {{company_email}} | - {{company_website}} {% if show_rengine_banner %} -
- Generated by reNgine
- https://github.com/yogeshojha/rengine -
- {% endif %} -
-
- - {% comment %} table of contents {% endcomment %} -
-
-

Table of Contents

-
- {% if show_executive_summary %} -
- Executive Summary - + + + + {% comment %} cover page {% endcomment %} +
+
+
+
+
+
+

{{ report_name }}

+
{{ scan_object.domain.name }}
+
{% now "F j, Y" %}
+
- {% endif %} -
- Quick Summary - +
+ {{ company_name }} | {{ company_address }} | {{ company_email }} | + {{ company_website }} + {% if show_rengine_banner %} +
+ Generated by reNgine +
+ https://github.com/yogeshojha/rengine +
+ {% endif %}
-
- Assessment Timeline - +
+ {% comment %} table of contents {% endcomment %} + + {% if show_executive_summary %} +
+

Executive Summary

+
+ {{ executive_summary_description | safe }} +
+ {% endif %} +
+

Quick Summary

+

+ This section contains quick summary of scan performed on + {{ scan_object.domain.name }} +

+
+ {% if show_recon %} +
+

Reconnaissance

+
+
+

Subdomains

+
{{ scan_object.get_subdomain_count }}
+
+
+

Endpoints

+
{{ scan_object.get_endpoint_count }}
+
+
+

Vulnerabilities

+
{{ all_vulnerabilities_count }}
+
+
+
+ {% endif %} {% if show_vuln %} -
- Vulnerability Summary - -
- {% endif %} {% if show_recon %} -
- Reconnaissance Results - +
+

Vulnerability Summary

+
+
+

Critical

+
{{ scan_object.get_critical_vulnerability_count }}
+
+
+

High

+
{{ scan_object.get_high_vulnerability_count }}
+
+
+

Medium

+
{{ scan_object.get_medium_vulnerability_count }}
+
+
+
+
+

Low

+
{{ scan_object.get_low_vulnerability_count }}
+
+
+

Info

+
+ {% if is_ignore_info_vuln %} + 0 + {% else %} + {{ scan_object.get_info_vulnerability_count }} + {% endif %} +
+
+
+

Unknown

+
{{ scan_object.get_unknown_vulnerability_count }}
+
+
+
+ {% endif %} +
+
+
+

Assessment Timeline

+

+ Scan started on: {{ scan_object.start_scan_date|date:"F j, Y h:i" }} +
+ Total time taken: + {% if scan_object.scan_status == 0 %} + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} + {% elif scan_object.scan_status == 1 %} + {{ scan_object.get_elapsed_time }} + {% elif scan_object.scan_status == 2 %} + {% if scan_object.get_completed_time_in_sec < 60 %} + Completed in < 1 minutes + {% else %} + Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} + {% endif %} + {% elif scan_object.scan_status == 3 %} + Aborted in + {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} + {% endif %} +
+ Report Generated on: {% now "F j, Y" %} +

- {% endif %} {% if show_vuln %} -
- Vulnerabilities Discovered - +
+
+

Summary of Findings

+
+

This section provides a summary of the findings.

+

Subdomains Breakdown by HTTP Status

+ + {% if show_vuln and unique_vulnerabilities %} +

Vulnerabilities Breakdown by Severity

+ {% endif %} -
-
-
- - {% if show_executive_summary %} -
-

Executive Summary

-
- {{executive_summary_description | safe }} -
- {% endif %} - -
-

Quick Summary

-

- This section contains quick summary of scan performed on - {{scan_object.domain.name}} -

-
- {% if show_recon %} -
-

Reconnaissance

-
-
-

Subdomains

-
{{scan_object.get_subdomain_count}}
-
-
-

Endpoints

-
{{scan_object.get_endpoint_count}}
-
-
-

Vulnerabilities

-
{{all_vulnerabilities_count}}
-
-
-
- {% endif %} - {% if show_vuln %} -
-

Vulnerability Summary

-
-
-

Critical

-
{{scan_object.get_critical_vulnerability_count}}
-
-
-

High

-
{{scan_object.get_high_vulnerability_count}}
-
-
-

Medium

-
{{scan_object.get_medium_vulnerability_count}}
-
-
-
-
-

Low

-
{{scan_object.get_low_vulnerability_count}}
-
-
-

Info

-
- {% if is_ignore_info_vuln %} - 0 - {% else %} - {{scan_object.get_info_vulnerability_count}} - {% endif %} -
-
-
-

Unknown

-
{{scan_object.get_unknown_vulnerability_count}}
-
-
-
- {% endif %} - -
-
-
-

Assessment Timeline

-

- Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}} -
- Total time taken: - {% if scan_object.scan_status == 0 %} - {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} - {% elif scan_object.scan_status == 1 %} - {{ scan_object.get_elapsed_time }} - {% elif scan_object.scan_status == 2 %} - {% if scan_object.get_completed_time_in_sec < 60 %} - Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in - {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %}
- Report Generated on: {% now "F j, Y" %} -

-
-
- -
-

Summary of Findings

-
+
+
+

Summary of Vulnerabilities Identified

- This section provides a summary of the findings. + Listed below are the vulnerabilities identified on {{ scan_object.domain.name }}

- -

Subdomains Breakdown by HTTP Status

- - {% if show_vuln and unique_vulnerabilities %} -

Vulnerabilities Breakdown by Severity

- - {% endif %} -
- -
-

Summary of Vulnerabilities Identified

-

Listed below are the vulnerabilities identified on {{scan_object.domain.name}}

-
- - - - - - - - {% for vulnerability in unique_vulnerabilities %} - - - - - - - {% endfor %} -
#Vulnerability NameInstancesSeverity
{{ forloop.counter }}{{vulnerability.name}}{{vulnerability.count}} - {% if vulnerability.severity == -1 %} - Unknown - {% elif vulnerability.severity == 0 %} - Informational - {% elif vulnerability.severity == 1 %} - Low - {% elif vulnerability.severity == 2 %} - Medium - {% elif vulnerability.severity == 3 %} - High - {% elif vulnerability.severity == 4 %} - Critical - {% endif %} -
-
- -
- -
-
-

END OF REPORT

-
-
-
- - - +
+ + + + + + + + {% for vulnerability in unique_vulnerabilities %} + + + + + + + {% endfor %} +
#Vulnerability NameInstancesSeverity
{{ forloop.counter }} + {{ vulnerability.name }} + {{ vulnerability.count }} + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + Informational + {% elif vulnerability.severity == 1 %} + Low + {% elif vulnerability.severity == 2 %} + Medium + {% elif vulnerability.severity == 3 %} + High + {% elif vulnerability.severity == 4 %} + Critical + {% endif %} +
+
+
+
+
+

END OF REPORT

+
+
+
+ From 8a44b11db87ad656bc6c15684b3d80bede332cb2 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 13:53:23 +0530 Subject: [PATCH 09/20] show interesting subdomain --- web/templates/report/modern.html | 124 +++++++++++++++++++++++-------- 1 file changed, 94 insertions(+), 30 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 7af7e3bc9..ed50ef394 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -469,7 +469,43 @@ margin-left: auto; margin-right: auto; width: 50%; - } + } + + {% comment %} interesting-subdomain-table {% endcomment %} + .interesting-subdomain-table-container { + width: 100%; + margin: auto auto; + background-color: #ffffff; + border-radius: 4mm; + overflow: hidden; + } + .interesting-subdomain-table { + width: 100%; + border-collapse: separate; + border-spacing: 0.5mm; + background-color: #ffffff; + } + .interesting-subdomain-table th, .interesting-subdomain-table td { + padding: 2.5mm 3mm; + text-align: center; + vertical-align: middle; + } + .interesting-subdomain-table th { + background-color: #696969; + color: white; + font-weight: bold; + } + .interesting-subdomain-table .page-title-td { + text-align: left !important; + } + .interesting-subdomain-table .subdomain-name-td { + text-align: left !important; + } + .status-td { + width: 10mm; + text-align: center; + font-weight: bold; + } @@ -650,47 +686,75 @@

Vulnerabilities Breakdown by Severity

src="data:image/png;base64,{{ vulns_severity_chart }}" /> {% endif %} -
-

Summary of Vulnerabilities Identified

+
+

Interesting Subdomains

- Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} + Listed below are the interesting subdomains identified on {{ scan_object.domain.name }}

-
- +
+
- - - + + + - {% for vulnerability in unique_vulnerabilities %} - + {% for subdomain in interesting_subdomains %} + - - - + + {% endfor %}
#Vulnerability NameInstancesSeveritySubdomainPage TitleHTTP Status
{{ forloop.counter }} - {{ vulnerability.name }} - {{ vulnerability.count }} - {% if vulnerability.severity == -1 %} - Unknown - {% elif vulnerability.severity == 0 %} - Informational - {% elif vulnerability.severity == 1 %} - Low - {% elif vulnerability.severity == 2 %} - Medium - {% elif vulnerability.severity == 3 %} - High - {% elif vulnerability.severity == 4 %} - Critical - {% endif %} + {{ subdomain.name }}{{ subdomain.ip_address }} + {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
+ {% if show_vuln %} +
+

Summary of Vulnerabilities Identified

+

+ Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} +

+
+ + + + + + + + {% for vulnerability in unique_vulnerabilities %} + + + + + + + {% endfor %} +
#Vulnerability NameInstancesSeverity
{{ forloop.counter }} + {{ vulnerability.name }} + {{ vulnerability.count }} + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + Informational + {% elif vulnerability.severity == 1 %} + Low + {% elif vulnerability.severity == 2 %} + Medium + {% elif vulnerability.severity == 3 %} + High + {% elif vulnerability.severity == 4 %} + Critical + {% endif %} +
+
+
+ {% endif %}

END OF REPORT

From d0cab4144ff5383517dde5f7dcff92e517cb1f04 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 19:33:21 +0530 Subject: [PATCH 10/20] Add summary of findings section to modern report template --- web/templates/report/modern.html | 91 ++++++++++++++++---------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index ed50ef394..644340b57 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -552,6 +552,10 @@

Table of Contents

Assessment Timeline
+
+ Summary of Findings + +
{% if show_vuln %}
Vulnerability Summary @@ -685,9 +689,7 @@

Vulnerabilities Breakdown by Severity

{% endif %} -
-
-

Interesting Subdomains

+

Interesting Subdomains

Listed below are the interesting subdomains identified on {{ scan_object.domain.name }}

@@ -700,10 +702,12 @@

Interesting Subdomains

HTTP Status {% for subdomain in interesting_subdomains %} - + {{ forloop.counter }} {{ subdomain.name }} - {{ subdomain.ip_address }} + + {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %} + {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %} @@ -713,47 +717,44 @@

Interesting Subdomains

{% if show_vuln %} -
-

Summary of Vulnerabilities Identified

-

- Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} -

-
- - - - - - +

Summary of Vulnerabilities Identified

+

+ Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} +

+
+
#Vulnerability NameInstancesSeverity
+ + + + + + + {% for vulnerability in unique_vulnerabilities %} + + + + + - {% for vulnerability in unique_vulnerabilities %} - - - - - - - {% endfor %} -
#Vulnerability NameInstancesSeverity
{{ forloop.counter }} + {{ vulnerability.name }} + {{ vulnerability.count }} + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + Informational + {% elif vulnerability.severity == 1 %} + Low + {% elif vulnerability.severity == 2 %} + Medium + {% elif vulnerability.severity == 3 %} + High + {% elif vulnerability.severity == 4 %} + Critical + {% endif %} +
{{ forloop.counter }} - {{ vulnerability.name }} - {{ vulnerability.count }} - {% if vulnerability.severity == -1 %} - Unknown - {% elif vulnerability.severity == 0 %} - Informational - {% elif vulnerability.severity == 1 %} - Low - {% elif vulnerability.severity == 2 %} - Medium - {% elif vulnerability.severity == 3 %} - High - {% elif vulnerability.severity == 4 %} - Critical - {% endif %} -
-
-
+ {% endfor %} + + {% endif %}
From e763db4c9c33afef2df37307b98215f2fceb1f09 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 19:58:26 +0530 Subject: [PATCH 11/20] Added discovered assets --- web/templates/report/modern.html | 144 +++++++++++++++++++++++-------- 1 file changed, 108 insertions(+), 36 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 644340b57..e9f877955 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -718,43 +718,115 @@

Interesting Subdomains

{% if show_vuln %}

Summary of Vulnerabilities Identified

-

- Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} -

-
- - - - - - - - {% for vulnerability in unique_vulnerabilities %} - - - - - + {% if all_vulnerabilities.count == 0 %} +

+ No vulnerabilities were identified on {{ scan_object.domain.name }} +

+ {% else %} +

+ Listed below are the vulnerabilities identified on {{ scan_object.domain.name }} +

+
+
#Vulnerability NameInstancesSeverity
{{ forloop.counter }} - {{ vulnerability.name }} - {{ vulnerability.count }} - {% if vulnerability.severity == -1 %} - Unknown - {% elif vulnerability.severity == 0 %} - Informational - {% elif vulnerability.severity == 1 %} - Low - {% elif vulnerability.severity == 2 %} - Medium - {% elif vulnerability.severity == 3 %} - High - {% elif vulnerability.severity == 4 %} - Critical - {% endif %} -
+ + + + + - {% endfor %} -
#Vulnerability NameInstancesSeverity
-
+ {% for vulnerability in unique_vulnerabilities %} + + {{ forloop.counter }} + + {{ vulnerability.name }} + + {{ vulnerability.count }} + + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + Informational + {% elif vulnerability.severity == 1 %} + Low + {% elif vulnerability.severity == 2 %} + Medium + {% elif vulnerability.severity == 3 %} + High + {% elif vulnerability.severity == 4 %} + Critical + {% endif %} + + + {% endfor %} + + + {% endif %} + {% endif %} + {% if show_recon %} +
+

Discovered Assets

+

This section provides a list of assets discovered during the reconnaissance phase.

+

Subdomains

+

During the reconnaissance phase, our subdomain enumeration process revealed:

+
    +
  1. + Total Subdomains: {{ scan_object.get_subdomain_count }} +
      +
    • This extensive list provides a comprehensive view of the target's online footprint.
      • +
    +
    2. +
  2. + Active Subdomains: {{ subdomain_alive_count }} +
      +
    • These subdomains returned an HTTP status 200 (OK), indicating live web assets.
      • +
    +
    3. +
  3. + Interesting Subdomains: {{ interesting_subdomains.count }} +
      +
    • High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation.
      • +
    +
    4. +
+

+ {{ scan_object.get_subdomain_count }} subdomains identified on {{ scan_object.domain.name }} +

+
+ + + + + + + {% comment %} if show vuln is there we may also show total vulnerbaility count {% endcomment %} + {% if show_vuln %} + + {% endif %} + + {% for subdomain in subdomains %} + + + + + + {% if show_vuln %} + + {% endif %} + + {% endfor %} +
#SubdomainPage TitleHTTP StatusVulnerabilities Count
{{ forloop.counter }}{{ subdomain.name }} + {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %} + + {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %} + + {% if subdomain.get_total_vulnerability_count %} + {{ subdomain.get_total_vulnerability_count }} + {% else %} + 0 + {% endif %} +
+
+
{% endif %}
From 3f3da99c184f52df9152997d444362dea16baff4 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 20:17:32 +0530 Subject: [PATCH 12/20] show ip assets --- web/templates/report/modern.html | 96 ++++++++++++++++++++++---------- 1 file changed, 67 insertions(+), 29 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index e9f877955..209c19964 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -272,22 +272,7 @@ font-family: 'Inter', sans-serif; } - #summary-of-finding-page h2 { - font-size: 24pt; - color: {{primary_color}}; - } - - #executive-summary-page h2 { - font-size: 24pt; - color: {{primary_color}}; - } - - #quick-summary-page h2 { - font-size: 24pt; - color: {{primary_color}}; - } - - #vulnerability-breakdown-chart-page h2 { + .page-title { font-size: 24pt; color: {{primary_color}}; } @@ -470,6 +455,13 @@ margin-right: auto; width: 50%; } + {% comment %} stripped table {% endcomment %} + .table-stripped tr:nth-child(odd) { + background-color: #f9f9f9; + } + .table-stripped tr:nth-child(even) { + background-color: #f2f2f2; + } {% comment %} interesting-subdomain-table {% endcomment %} .interesting-subdomain-table-container { @@ -505,6 +497,10 @@ width: 10mm; text-align: center; font-weight: bold; + } + .normal-td { + width: 10mm; + text-align: center; } @@ -784,7 +780,9 @@

Subdomains

  • Interesting Subdomains: {{ interesting_subdomains.count }}
      -
    • High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation.
      • +
    • + High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation. +
    • @@ -799,9 +797,7 @@

    Page Title HTTP Status {% comment %} if show vuln is there we may also show total vulnerbaility count {% endcomment %} - {% if show_vuln %} - Vulnerabilities Count - {% endif %} + {% if show_vuln %}Vulnerabilities Count{% endif %} {% for subdomain in subdomains %} @@ -826,13 +822,55 @@

    {% endfor %}

    + {% if ip_addresses.count > 0 %} +

    IP Assets

    +

    In addition to subdomains, various IP assets associated with the target infrastructure were also identified:

    +
      +
    1. + Total IP Addresses: {{ ip_addresses.count }} +
        +
      • + This represents the range of unique IP addresses associated with the discovered subdomains and other network assets. +
        • +
      +
      2. +
    +
    + + + + + + + + + {% for ip in ip_addresses %} + + + + + + + {% endfor %} +
    #IPOpen PortsGeo LocationRemarks
    {{ forloop.counter }}{{ ip.address }} + {% for port in ip.ports.all %} + {{ port.number }}/{{ port.service_name }} + {% if not forloop.last %},{% endif %} + {% endfor %} + + {% if ip.geo_iso %}{{ ip.geo_iso }}{% endif %} + + {% if ip.is_cdn %}CDN{% endif %} +
    +
    + {% endif %} +
    + {% endif %} +
    +
    +

    END OF REPORT

    +
    +
    - {% endif %} -
    -
    -

    END OF REPORT

    -
    -
    -
    - - + + From 3046c2e436bfc687ec60758b1dadf504e6908feb Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 25 Aug 2024 20:52:48 +0530 Subject: [PATCH 13/20] Added Recon result cards --- web/templates/report/modern.html | 145 ++++++++++++++++++++++++++----- 1 file changed, 121 insertions(+), 24 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 209c19964..602434415 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -502,6 +502,42 @@ width: 10mm; text-align: center; } + /* recon finding card table */ + .subdomain-card { + width: 100%; + margin-bottom: 3mm; + border: 1px solid #ddd; + border-radius: 4mm; + overflow: hidden; + box-shadow: 0 1mm 2mm rgba(0, 0, 0, 0.1); + } + .subdomain-card-header { + background-color: #f0f0f0; + padding: 2mm; + border-bottom: 1px solid #ddd; + display: flex; + justify-content: space-between; + align-items: center; + } + .subdomain-card-name { + font-weight: bold; + color: #2c3e50; + font-size: 11pt; + } + .subdomain-card-http-status { + padding: 1mm 2mm; + border-radius: 1mm; + font-size: 13pt; + } + .subdomain-card-content { + padding: 3mm; + } + .subdomain-card-page-title { + font-style: italic !important; + color: #7f8c8d; + margin-bottom: 1mm; + font-size: 10pt; + } @@ -686,31 +722,37 @@

    Vulnerabilities Breakdown by Severity

    src="data:image/png;base64,{{ vulns_severity_chart }}" /> {% endif %}

    Interesting Subdomains

    -

    - Listed below are the interesting subdomains identified on {{ scan_object.domain.name }} -

    -
    - - - - - - - - {% for subdomain in interesting_subdomains %} - - - - - + {% if interesting_subdomains %} +

    + Listed below are the interesting subdomains identified on {{ scan_object.domain.name }} +

    +
    +
    #SubdomainPage TitleHTTP Status
    {{ forloop.counter }}{{ subdomain.name }} - {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %} - - {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %} -
    + + + + + - {% endfor %} -
    #SubdomainPage TitleHTTP Status
    -
    + {% for subdomain in interesting_subdomains %} + + {{ forloop.counter }} + {{ subdomain.name }} + + {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %} + + + {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %} + + + {% endfor %} + + + {% else %} +

    + No interesting subdomains were identified on {{ scan_object.domain.name }} +

    + {% endif %}
    {% if show_vuln %}

    Summary of Vulnerabilities Identified

    @@ -866,6 +908,61 @@

    IP Assets

    {% endif %} {% endif %} + {% if show_recon %} +
    +

    Reconnaissance Findings

    +

    + This section contains list of all the subdomains identified during the reconnaissance phase. +

    + {% for subdomain in subdomains %} +
    +
    + {{ subdomain.name }} + {% if subdomain.http_status %} + {{ subdomain.http_status }} + {% endif %} +
    +
    + {% if subdomain.page_title %} +
    {{ subdomain.page_title }}
    + {% endif %} + {% if subdomain.ip_addresses.all %} +
    +

    IP Addresses:

    +
      + {% for ip in subdomain.ip_addresses.all %} +
    • + {{ip.address}} + {% if ip.ports.all %} +
        + {% for port in ip.ports.all %} +
      • {{ port.number }}/{{ port.service_name }}
        • + {% endfor %} +
      + {% endif %} +
      • + {% endfor %} +
    +
    + {% endif %} + {% if subdomain.get_vulnerabilities_without_info %} +
    +

    Vulnerabilities:

    + {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %} + +
    + {% endif %} +
    +
    + {% endfor %} +
    + {% endif %}

    END OF REPORT

    From d9ed236537b3c972423554217fd8fe11ec20c808 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 28 Aug 2024 08:39:23 +0530 Subject: [PATCH 14/20] add vuln summary section with badges --- web/templates/report/modern.html | 298 ++++++++++++++++++++++++++----- 1 file changed, 250 insertions(+), 48 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 602434415..10c54d42c 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -449,6 +449,16 @@ .medium-td { background-color: #fff3e0; color: #ef6c00; } .high-td { background-color: #fbe9e7; color: #d84315; } .critical-td { background-color: #ffebee; color: #c62828; } + + .unknown-severity-badge { background-color: rgba(200, 200, 200, 0.2); } + .info-severity-badge { background-color: rgba(144, 202, 249, 0.2); } + .low-severity-badge { background-color: rgba(165, 214, 167, 0.2); } + .medium-severity-badge { background-color: rgba(255, 204, 128, 0.2); } + .high-severity-badge { background-color: rgba(239, 154, 154, 0.2); } + .critical-severity-badge { background-color: rgba(239, 154, 154, 0.2); } + + + .center-img { display: block; margin-left: auto; @@ -538,6 +548,96 @@ margin-bottom: 1mm; font-size: 10pt; } + {% comment %} vuln finding related css {% endcomment %} + .vuln-card { + background-color: #ffffff; + margin-bottom: 7mm; + border-radius: 4mm; + box-shadow: 0 2mm 4mm rgba(0,0,0,0.1); + overflow: hidden; + } + .vuln-card-header { + padding: 1mm 4mm; + position: relative; + display: flex; + align-items: center; + justify-content: space-between; + } + .card-header h4 { + font-size: 14pt; + margin: 0; + font-weight: 500; + } + .vuln-severity { + font-size: 11pt; + font-weight: bold; + padding: 1mm 3mm; + border-radius: 2mm; + } + .vuln-badge { + display: inline-block; + padding: 1mm 3mm; + border-radius: 2mm; + font-size: 9pt; + font-weight: bold; + text-transform: uppercase; + margin-right: 3mm; + margin-top: 1mm; + } + .badge-source { + background-color: #2ecc71; + color: white; + } + .badge-cvss { + background-color: #e74c3c; + color: white; + } + .badge-cve { + background-color: #3498db; + color: white; + } + + .badge-cwe { + background-color: #9b59b6; + color: white; + } + .vuln-card-body { + padding: 5mm 2mm; + } + .vuln-section { + margin-bottom: 4mm; + padding-bottom: 4mm; + border-bottom: 1pt solid #e0e0e0; + } + .vuln-section:last-child { + border-bottom: none; + } + .section-title { + font-weight: bold; + color: #2c3e50; + font-size: 11pt; + margin-bottom: 2mm; + text-transform: uppercase; + } + .vuln-cvss-details { + background-color: #f8f9fa; + padding: 4mm; + border-radius: 2mm; + font-family: monospace; + font-size: 9pt; + } + .vulnerable-url-li { + background-color: #fff3cd; + padding: 2mm 4mm; + margin-bottom: 2mm; + border-radius: 2mm; + font-family: monospace; + font-size: 9pt; + } + .references-li a { + color: #3498db; + text-decoration: none; + } @@ -908,61 +1008,163 @@

    IP Assets

    {% endif %}
    {% endif %} - {% if show_recon %} + {% if show_recon %}
    -

    Reconnaissance Findings

    -

    - This section contains list of all the subdomains identified during the reconnaissance phase. -

    - {% for subdomain in subdomains %} -
    -
    - {{ subdomain.name }} - {% if subdomain.http_status %} - {{ subdomain.http_status }} - {% endif %} -
    -
    - {% if subdomain.page_title %} -
    {{ subdomain.page_title }}
    - {% endif %} - {% if subdomain.ip_addresses.all %} -
    -

    IP Addresses:

    -
      - {% for ip in subdomain.ip_addresses.all %} -
    • - {{ip.address}} - {% if ip.ports.all %} +

      Reconnaissance Findings

      +

      This section contains list of all the subdomains identified during the reconnaissance phase.

      + {% for subdomain in subdomains %} +
      +
      + {{ subdomain.name }} + {% if subdomain.http_status %} + {{ subdomain.http_status }} + {% endif %} +
      +
      + {% if subdomain.page_title %}
      {{ subdomain.page_title }}
      {% endif %} + {% if subdomain.ip_addresses.all %} +
      +

      IP Addresses:

        - {% for port in ip.ports.all %} -
      • {{ port.number }}/{{ port.service_name }}
        • + {% for ip in subdomain.ip_addresses.all %} +
      • + {{ ip.address }} + {% if ip.ports.all %} +
          + {% for port in ip.ports.all %}
        • {{ port.number }}/{{ port.service_name }}
          • {% endfor %} +
        + {% endif %} +
        • {% endfor %}
      - {% endif %} -
      • - {% endfor %} -
    -
    - {% endif %} - {% if subdomain.get_vulnerabilities_without_info %} -
    -

    Vulnerabilities:

    - {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %} - +
    + {% endif %} + {% if show_vuln %} + {% if subdomain.get_vulnerabilities_without_info %} +
    +

    Vulnerabilities:

    + {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %} + +
    + {% endif %} + {% endif %}
    - {% endif %}
    - - {% endfor %} + {% endfor %}
    - {% endif %} + {% endif %} + {% if show_vuln %} +
    +

    Vulnerabilities Discovered

    +

    + This section details the security vulnerabilities identified during our penetration testing engagement. Each finding is documented with its description, potential impact, and recommended remediation steps. +
    + Vulnerabilities are categorized by severity (Critical, High, Medium, Low, Info) to prioritize remediation efforts. This assessment is based on the potential impact to confidentiality, integrity, and availability of the systems and data. +
    + The information presented here is crucial for understanding your current security posture and should guide your remediation strategy to enhance overall security.

    +
    + {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %} + {% for vulnerabilities in grouped_vulnerabilities %} + {% for vulnerability in vulnerabilities.list %} +
    +
    +

    + {{ vulnerability.name }} + {% if vulnerabilities.grouper %} +
    + in {{ vulnerabilities.grouper }} + {% endif %} +

    +
    + {% if vulnerability.severity == -1 %} + Unknown + {% elif vulnerability.severity == 0 %} + INFO + {% elif vulnerability.severity == 1 %} + LOW + {% elif vulnerability.severity == 2 %} + MEDIUM + {% elif vulnerability.severity == 3 %} + HIGH + {% elif vulnerability.severity == 4 %} + CRITICAL + {% endif %} +
    +
    +
    +
    + {{vulnerability.source|upper}} + {% if vulnerability.cvss_score %} + CVSS: {{vulnerability.cvss_score}} + {% endif %} + {% if vulnerability.cve_ids.all %} + {% for cve in vulnerability.cve_ids.all %}{{cve}}{% endfor %} + {% endif %} + {% if vulnerability.cwe_ids.all %} + {% for cwe in vulnerability.cwe_ids.all %}{{cwe}}{% endfor %} + {% endif %} +
    +
    +

    CVSS

    +
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    +
    +
    +

    Description

    +

    + A SQL injection vulnerability was discovered in the login form, allowing potential attackers to manipulate database queries. This vulnerability arises from improper input validation and could potentially affect multiple areas of the application where user input interacts with database operations. +

    +
    +
    +

    Impact

    +

    + This vulnerability could lead to unauthorized access, data theft, or manipulation of the database. An attacker could potentially: +

    +
      +
    • Bypass authentication mechanisms
      • +
    • Read, modify, or delete sensitive data
      • +
    • Execute administration operations on the database
      • +
    • Issue commands to the operating system
      • +
    +
    +
    +

    Remediation

    +

    To address this vulnerability, implement the following measures:

    +
      +
    • Use prepared statements or parameterized queries to prevent SQL injection attacks
      • +
    • Implement proper input validation and sanitization for all user inputs
      • +
    • Apply the principle of least privilege to database accounts used by the application
      • +
    • Regularly update and patch the database management system
      • +
    +
    +
    +

    Vulnerable URLs

    +
    https://example.com/login.php
    +
    https://example.com/user.php?id=1
    +
    +
    +

    References

    + +
    +
    +
    + {% endfor %} + {% endfor %} +
    + {% endif %}

    END OF REPORT

    From fd30b2745a17c9c41bee598dda816037350a92b2 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 28 Aug 2024 08:55:11 +0530 Subject: [PATCH 15/20] finish all the href links inside page --- web/templates/report/modern.html | 78 +++++++++++++++----------------- 1 file changed, 36 insertions(+), 42 deletions(-) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index 10c54d42c..a471ccdb7 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -582,7 +582,7 @@ font-weight: bold; text-transform: uppercase; margin-right: 3mm; - margin-top: 1mm; + margin-bottom: 2mm; } .badge-source { background-color: #2ecc71; @@ -638,6 +638,10 @@ color: #3498db; text-decoration: none; } + .no-style-a{ + color: #3498db; + text-decoration: none; + } @@ -688,16 +692,10 @@

    Table of Contents

    Summary of Findings
    - {% if show_vuln %} -
    - Vulnerability Summary - -
    - {% endif %} {% if show_recon %}
    - Reconnaissance Results - + Reconnaissance Findings +
    {% endif %} {% if show_vuln %} @@ -944,7 +942,7 @@

    {% for subdomain in subdomains %} {{ forloop.counter }} - {{ subdomain.name }} + {{ subdomain.name }} {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %} @@ -1013,7 +1011,7 @@

    IP Assets

    Reconnaissance Findings

    This section contains list of all the subdomains identified during the reconnaissance phase.

    {% for subdomain in subdomains %} -
    +
    {{ subdomain.name }} {% if subdomain.http_status %} @@ -1073,7 +1071,7 @@

    Vulnerabilities Discovered

    {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %} {% for vulnerabilities in grouped_vulnerabilities %} {% for vulnerability in vulnerabilities.list %} -
    +

    {{ vulnerability.name }} @@ -1102,63 +1100,59 @@

    {{vulnerability.source|upper}} {% if vulnerability.cvss_score %} - CVSS: {{vulnerability.cvss_score}} + CVSS: {{vulnerability.cvss_score|upper}} {% endif %} {% if vulnerability.cve_ids.all %} - {% for cve in vulnerability.cve_ids.all %}{{cve}}{% endfor %} + {% for cve in vulnerability.cve_ids.all %}{{cve|upper}}{% endfor %} {% endif %} {% if vulnerability.cwe_ids.all %} - {% for cwe in vulnerability.cwe_ids.all %}{{cwe}}{% endfor %} + {% for cwe in vulnerability.cwe_ids.all %}{{cwe|upper}}{% endfor %} {% endif %}
    + {% if vulnerability.cvss_metrics %}

    CVSS

    -
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    +
    {{vulnerability.cvss_metrics}}
    + {% endif %} + {% if vulnerability.description %}

    Description

    - A SQL injection vulnerability was discovered in the login form, allowing potential attackers to manipulate database queries. This vulnerability arises from improper input validation and could potentially affect multiple areas of the application where user input interacts with database operations. -

    -
    -
    -

    Impact

    -

    - This vulnerability could lead to unauthorized access, data theft, or manipulation of the database. An attacker could potentially: + {{vulnerability.description|linebreaks}}

    -
      -
    • Bypass authentication mechanisms
      • -
    • Read, modify, or delete sensitive data
      • -
    • Execute administration operations on the database
      • -
    • Issue commands to the operating system
      • -
    + {% endif %} + {% if vulnerability.impact %} +
    +

    Impact

    +

    + {{vulnerability.impact|linebreaks}} +

    +
    + {% endif %} + {% if vulnerability.remediation %}

    Remediation

    -

    To address this vulnerability, implement the following measures:

    -
      -
    • Use prepared statements or parameterized queries to prevent SQL injection attacks
      • -
    • Implement proper input validation and sanitization for all user inputs
      • -
    • Apply the principle of least privilege to database accounts used by the application
      • -
    • Regularly update and patch the database management system
      • -
    +

    {{vulnerability.remediation|linebreaks}}

    + {% endif %}

    Vulnerable URLs

    -
    https://example.com/login.php
    -
    https://example.com/user.php?id=1
    +
    {{vulnerability.http_url}}
    + {% if vulnerability.references.all %}

    References

    + {% endif %}

    {% endfor %} From 30f84f77be3cb4ba380d7f981d35b80902c11769 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 28 Aug 2024 09:05:07 +0530 Subject: [PATCH 16/20] Update dependencies for charts and sort interesting subdomains by HTTP status code util function --- web/reNgine/utilities.py | 13 + web/requirements.txt | 2 + web/startScan/views.py | 26 +- web/templates/report/modern.html | 2 +- web/templates/report/template.html | 1050 ---------------------------- 5 files changed, 41 insertions(+), 1052 deletions(-) delete mode 100644 web/templates/report/template.html diff --git a/web/reNgine/utilities.py b/web/reNgine/utilities.py index a3101625f..58a4503b0 100644 --- a/web/reNgine/utilities.py +++ b/web/reNgine/utilities.py @@ -159,3 +159,16 @@ def is_out_of_scope(self, subdomain): if subdomain in self.plain_patterns: return True return any(pattern.search(subdomain) for pattern in self.regex_patterns) + + +def sorting_key(subdomain): + # sort subdomains based on their http status code with priority 200 < 300 < 400 < rest + status = subdomain['http_status'] + if 200 <= status <= 299: + return 1 + elif 300 <= status <= 399: + return 2 + elif 400 <= status <= 499: + return 3 + else: + return 4 \ No newline at end of file diff --git a/web/requirements.txt b/web/requirements.txt index 9b53e163f..6fff50162 100644 --- a/web/requirements.txt +++ b/web/requirements.txt @@ -40,3 +40,5 @@ weasyprint==53.3 wafw00f==2.2.0 xmltodict==0.13.0 django-environ==0.11.2 +plotly==5.23.0 +kaleido \ No newline at end of file diff --git a/web/startScan/views.py b/web/startScan/views.py index 3e88d2a03..4e163060b 100644 --- a/web/startScan/views.py +++ b/web/startScan/views.py @@ -4,7 +4,7 @@ from weasyprint import HTML, CSS from datetime import datetime from django.contrib import messages -from django.db.models import Count +from django.db.models import Count, Case, When, IntegerField from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import get_object_or_404, render from django.template.loader import get_template @@ -13,6 +13,7 @@ from django_celery_beat.models import (ClockedSchedule, IntervalSchedule, PeriodicTask) from rolepermissions.decorators import has_permission_decorator + from reNgine.celery import app from reNgine.charts import * from reNgine.common_func import * @@ -1017,6 +1018,29 @@ def create_report(request, id): .count() ) interesting_subdomains = get_interesting_subdomains(scan_history=id) + interesting_subdomains = interesting_subdomains.annotate( + sort_order=Case( + When(http_status__gte=200, http_status__lt=300, then=1), + When(http_status__gte=300, http_status__lt=400, then=2), + When(http_status__gte=400, http_status__lt=500, then=3), + default=4, + output_field=IntegerField(), + ) + ).order_by('sort_order', 'http_status') + + subdomains = subdomains.annotate( + sort_order=Case( + When(http_status__gte=200, http_status__lt=300, then=1), + When(http_status__gte=300, http_status__lt=400, then=2), + When(http_status__gte=400, http_status__lt=500, then=3), + default=4, + output_field=IntegerField(), + ) + ).order_by('sort_order', 'http_status') + + + + ip_addresses = ( IpAddress.objects .filter(ip_addresses__in=subdomains) diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html index a471ccdb7..eb13345ed 100644 --- a/web/templates/report/modern.html +++ b/web/templates/report/modern.html @@ -2,7 +2,7 @@ - Penetration Testing Report + Report - - - -
    -

    {{report_name}} -
    - {{scan_object.domain.name}} -
    - {# generated date #} - {% now "F j, Y" %} -

    -
    - {{company_name}} - {{company_address}} -
    -
    - {{company_email}} - {{company_website}} -
    -
    - {% if show_rengine_banner %}Generated by reNgine - https://github.com/yogeshojha/rengine - {% endif %} -
    -
    - -
    -

     

    -

    Table of contents

    -
      - {% if show_executive_summary %} -
      • - {% endif %} - -
      • -
      • - - {% if interesting_subdomains and show_recon %} -
      • - {% endif %} - - {% if all_vulnerabilities.count > 0 and show_vuln %} -
      • - {% endif %} - - {% if show_recon %} -
      • - {% endif %} - - {% if all_vulnerabilities.count > 0 and show_vuln %} -
      • - {% endif %} -
    -
    - - {% if show_executive_summary %} -
    -

    Executive summary

    -
    - {{executive_summary_description | safe }} -
    - {% endif %} - -
    -

    Quick Summary

    -

    This section contains quick summary of scan performed on {{scan_object.domain.name}}

    -
    -
    - - {# recon section #} - {% if show_recon %} -

    Reconnaissance

    -
    -
    -

    Subdomains -
    - - {{scan_object.get_subdomain_count}} - -

    -
    -
    -

    Endpoints -
    - - {{scan_object.get_endpoint_count}} - -

    -
    -
    -

    Vulnerabilities -
    - - {{all_vulnerabilities_count}} - -

    -
    -
    - {% endif %} - - - {% if show_vuln %} -
    -
    -

    Vulnerability Summary

    -
    -
    -

    Critical -
    - - {{scan_object.get_critical_vulnerability_count}} - -

    -
    -
    -

    High -
    - - {{scan_object.get_high_vulnerability_count}} - -

    -
    -
    -

    Medium -
    - - {{scan_object.get_medium_vulnerability_count}} - -

    -
    -
    -

    Low -
    - - {{scan_object.get_low_vulnerability_count}} - -

    -
    -
    -

    Info -
    - - {% if is_ignore_info_vuln %} - 0 - {% else %} - {{scan_object.get_info_vulnerability_count}} - {% endif %} - -

    -
    -
    -

    Unknown -
    - - {{scan_object.get_unknown_vulnerability_count}} - -

    -
    -
    -
    - {% endif %} - -
    -

    Timeline of the Assessment

    -

    - Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}} -
    - Total time taken: - {% if scan_object.scan_status == 0 %} - {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} - {% elif scan_object.scan_status == 1 %} - {{ scan_object.get_elapsed_time }} - {% elif scan_object.scan_status == 2 %} - {% if scan_object.get_completed_time_in_sec < 60 %} - Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in - {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %}
    - Report Generated on: {% now "F j, Y" %} -

    -
    - - {# show interesting_subdomains section only when show_recon result is there #} - {% if interesting_subdomains and show_recon %} -
    -

    Interesting Recon Data

    -

    Listed below are the {{interesting_subdomains.count}} interesting subdomains identified on {{scan_object.domain.name}}

    -
    -
    -
    - # -
    -
    - Subdomain -
    -
    - Page title -
    -
    - HTTP Status -
    -
    - {% for subdomain in interesting_subdomains %} -
    -
    - {{ forloop.counter }} -
    -
    - {{subdomain.name}} -
    -
    - {% if subdomain.page_title %} - {{subdomain.page_title}} - {% else %} -     - {% endif %} -
    -
    - {% if subdomain.http_status %} - {{subdomain.http_status}} - {% else %} -     - {% endif %} -
    -
    - {% endfor %} -
    -
    - {% endif %} - - {# vulnerability_summary only when vuln_report #} - {% if show_vuln %} -
    -

    Summary of Vulnerabilities Identified

    - {% if all_vulnerabilities.count > 0 %} -

    Listed below are the vulnerabilities identified on {{scan_object.domain.name}}

    -
    -
    -
    - # -
    -
    - Vulnerability Name -
    -
    - Times Identified -
    -
    - Severity -
    -
    - {% for vulnerability in unique_vulnerabilities %} -
    -
    - {{ forloop.counter }} -
    -
    - {{vulnerability.name}} -
    -
    - {{vulnerability.count}} -
    - {% if vulnerability.severity == -1 %} -
    - Unknown - {% elif vulnerability.severity == 0 %} -
    - Informational - {% elif vulnerability.severity == 1 %} -
    - Low - {% elif vulnerability.severity == 2 %} -
    - Medium - {% elif vulnerability.severity == 3 %} -
    - High - {% elif vulnerability.severity == 4 %} -
    - Critical - {% endif %} -
    -
    - {% endfor %} - {% else %} -

    No Vulnerabilities were Discovered.

    - {% endif %} -
    - -
    - {% endif %} - - {# show discovered assets only for show_recon report #} - {% if show_recon %} -
    -

    Discovered Assets

    -

    Subdomains

    -

    - During the reconnaissance phase, {{scan_object.get_subdomain_count}} subdomains were discovered. - Out of {{scan_object.get_subdomain_count}} subdomains, {{subdomain_alive_count}} returned HTTP status 200. - {{interesting_subdomains.count}} interesting subdomains were also identified based on the interesting keywords used. -

    -

    {{scan_object.get_subdomain_count}} subdomains identified on {{scan_object.domain.name}}

    -
    -
    -
    - Subdomain -
    -
    - Page title -
    -
    - HTTP Status -
    -
    - {% for subdomain in subdomains %} -
    -
    - {{subdomain.name}} -
    -
    - {% if subdomain.page_title %} - {{subdomain.page_title}} - {% endif %} -
    -
    - {{subdomain.http_status}} -
    -
    - {% endfor %} -
    - {% if ip_addresses.count %} -

    IP Addresses

    -

    {{ip_addresses.count}} IP Addresses were identified on {{scan_object.domain.name}}

    -
    -
    -
    - IP -
    -
    - Open Ports -
    -
    - Remarks -
    -
    - {% for ip in ip_addresses %} -
    -
    - {{ip.address}} -
    -
    - {% for port in ip.ports.all %} - {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %} - {% endfor %} -
    - {% if ip.is_cdn %} -
    - CDN IP Address - {% else %} -
    - {% endif %} -
    -
    - {% endfor %} -
    - {% endif %} -
    -
    - {% endif %} - - {# reconnaissance finding only when show_recon #} - {% if show_recon %} -
    -

    Reconnaissance Findings

    - {% for subdomain in subdomains %} - - - - - {% if subdomain.http_status == 200 %} - - {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} - - {% elif subdomain.http_status >= 400 %} - - {% elif subdomain.http_status == 0 %} - - {% else %} - - {% endif %} - - {% if subdomain.page_title %} - - - - {% endif %} - {% if subdomain.ip_addresses.all %} - - - - {% endif %} - {% if subdomain.get_vulnerabilities_without_info %} - - - - {% endif %} -
    {{ forloop.counter }}.{{subdomain.name}}{{subdomain.http_status}}{{subdomain.http_status}}{{subdomain.http_status}}N/A{{subdomain.http_status}}
    Page Title: {{subdomain.page_title}}
    - IP Address: -
      - {% for ip in subdomain.ip_addresses.all %} -
    • {{ip.address}} - {% if ip.ports.all %} -
        -
      • Open Ports:   - {% for port in ip.ports.all %} - {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %} - {% endfor %} -
        • -
      - {% endif %} -
      • - {% endfor %} -
    -
    - Vulnerabilities - {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %} - -
    - {% endfor %} -
    - {% endif %} - - {% if all_vulnerabilities.count > 0 and show_vuln %} -
    -

    Vulnerabilities Discovered

    -

    - This section reports the security issues found during the audit. -
    - A Total of {{scan_object.get_vulnerability_count}} were discovered in {{scan_object.domain.name}}, - {{scan_object.get_critical_vulnerability_count}} of them were Critical, - {{scan_object.get_high_vulnerability_count}} of them were High Severity, - {{scan_object.get_medium_vulnerability_count}} of them were Medium severity, - {% if is_ignore_info_vuln %}0{% else %}{{scan_object.get_info_vulnerability_count}}{% endif %} of them were Low severity, and - {{scan_object.get_info_vulnerability_count}} of them were Informational. - {{scan_object.get_unknown_vulnerability_count}} of them were Unknown Severity. -

    -

    Vulnerability Breakdown by Severity

    -
    -
    -

    Critical -
    - - {{scan_object.get_critical_vulnerability_count}} - -

    -
    -
    -

    High -
    - - {{scan_object.get_high_vulnerability_count}} - -

    -
    -
    -

    Medium -
    - - {{scan_object.get_medium_vulnerability_count}} - -

    -
    -
    -

    Low -
    - - {{scan_object.get_low_vulnerability_count}} - -

    -
    -
    -

    Info -
    - - {% if is_ignore_info_vuln %} - 0 - {% else %} - {{scan_object.get_info_vulnerability_count}} - {% endif %} - -

    -
    -
    -

    Unknown -
    - - {{scan_object.get_unknown_vulnerability_count}} - -

    -
    -
    -
    - - - {# start vulnerability #} - {% if show_vuln %} -
    - {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %} - {% for vulnerabilities in grouped_vulnerabilities %} - {% for vulnerability in vulnerabilities.list %} -
    -

    - {{vulnerability.name}} - {% if vulnerabilities.grouper %} -
    in {{vulnerabilities.grouper}} - {% endif %} -     - {% if vulnerability.severity == -1 %} - Unknown -
    - {% elif vulnerability.severity == 0 %} - INFO -
    - {% elif vulnerability.severity == 1 %} - LOW -
    - {% elif vulnerability.severity == 2 %} - MEDIUM -
    - {% elif vulnerability.severity == 3 %} - HIGH -
    - {% elif vulnerability.severity == 4 %} - CRITICAL -
    - {% endif %} -

    - - Vulnerability Source: {{vulnerability.source|upper}}
    - {% if vulnerability.cvss_metrics or vulnerability.cvss_score or vulnerability.cve_ids.all or vulnerability.cve_ids.all %} - Vulnerability Classification
    - {% if vulnerability.cvss_metrics %} - CVSS Metrics: {{vulnerability.cvss_metrics}} - {% endif %} - {% if vulnerability.cvss_score %} -
    - CVSS Score: {{vulnerability.cvss_score}} - {% endif %} - {% if vulnerability.cve_ids.all %} -
    - CVE IDs
    -     {% for cve in vulnerability.cve_ids.all %} {{cve}}{% if not forloop.last %}, {% endif %} {% endfor %} - {% endif %} - {% if vulnerability.cwe_ids.all %} -
    - CWE IDs
    -     {% for cwe in vulnerability.cwe_ids.all %} {{cwe}}{% if not forloop.last %}, {% endif %} {% endfor %} - {% endif %} -
    - {% endif %} - {% if vulnerability.description %} -
    - Description
    - {{vulnerability.description|linebreaks}} - {% endif %} - {% if vulnerability.impact %} -
    - Impact
    - {{vulnerability.impact|linebreaks}} - {% endif %} - {% if vulnerability.remediation %} -
    - Remediation
    - {{vulnerability.remediation|linebreaks}} - {% endif %} -
    - Vulnerable URL(s)
    - - - - {% if vulnerability.references.all %} - References
    -
      - {% for ref in vulnerability.references.all %} -
    • - {{ref}} -
      • - {% endfor %} -
    - {% endif %} -
    -
    -
    - {% endfor %} - {% endfor %} -
    - {% endif %} - - {% endif %} -
    -

    END OF REPORT

    -
    - - - From 0a634e72b70eba3fbbb372910aad4fa8646095d7 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 28 Aug 2024 19:34:36 +0530 Subject: [PATCH 17/20] remove unused svg files --- web/templates/report/heading.svg | 26 ----------------------- web/templates/report/style.svg | 29 -------------------------- web/templates/report/table-content.svg | 21 ------------------- 3 files changed, 76 deletions(-) delete mode 100644 web/templates/report/heading.svg delete mode 100644 web/templates/report/style.svg delete mode 100644 web/templates/report/table-content.svg diff --git a/web/templates/report/heading.svg b/web/templates/report/heading.svg deleted file mode 100644 index 7e6bbb79a..000000000 --- a/web/templates/report/heading.svg +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - diff --git a/web/templates/report/style.svg b/web/templates/report/style.svg deleted file mode 100644 index 3930090fe..000000000 --- a/web/templates/report/style.svg +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/web/templates/report/table-content.svg b/web/templates/report/table-content.svg deleted file mode 100644 index 9961a203b..000000000 --- a/web/templates/report/table-content.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - From e3e6409d700c28fd328234d796ebc6cc93b4fbfd Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 28 Aug 2024 20:37:30 +0530 Subject: [PATCH 18/20] change modal for downloading report --- .../templates/startScan/history.html | 183 +++++++++++------- 1 file changed, 109 insertions(+), 74 deletions(-) diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html index d15529372..7ed670269 100644 --- a/web/startScan/templates/startScan/history.html +++ b/web/startScan/templates/startScan/history.html @@ -197,7 +197,7 @@

    Filters

    {% endif %} {% if scan.scan_status != -1%} - +  Scan Report {% endif %}
    @@ -213,30 +213,87 @@

    Filters

    -