wanderer/pentest-report-tmpl
1
0
Fork 0
Code Issues Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
t14 2024-10-17 17:11:53 +02:00
commit 854cd11c66
Signed by: wanderer
SSH Key Fingerprint: SHA256:szgNfbjbimyesAS1xfRZ0DY3hcNv9xC9ocRCJjD4Wgg
21 changed files with 701 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
.direnv
.latexmkout
result
*.pdf

121
LICENSE Normal file
View File

@ -0,0 +1,121 @@
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATEAN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automaticallyconfer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an originalwork of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to aWork,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughoutthe
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims andcauses
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subjectto
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for anyreason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii)for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use ofthe
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.

11
README.md Normal file
View File

@ -0,0 +1,11 @@
# pentest-report-tmpl
to be used as an easy starting point for pentest reports.
effortlessly setup latex environment defined as a `nix` flake, continuously
build && preview.
heavily inspired by [nerdy pepper's one](https://git.peppe.rs/templates/report).
### License
CC0

1
en-tmpl/.envrc Normal file
View File

@ -0,0 +1 @@
use flake

2
en-tmpl/.latexmkrc Normal file
View File

@ -0,0 +1,2 @@
# https://mg.readthedocs.io/latexmk.html#configuration-files
$pdf_previewer = 'zathura';

19
en-tmpl/Makefile Normal file
View File

@ -0,0 +1,19 @@
DOCNAME=report
CMD="pdflatex -synctex=1 -file-line-error -interaction=nonstopmode"
.PHONY: $(DOCNAME).pdf all clean
all: $(DOCNAME).pdf
$(DOCNAME).pdf: $(DOCNAME).tex
latexmk -pdf -pdflatex=$(CMD) -use-make $(DOCNAME).tex
watch: $(DOCNAME).tex
latexmk -pvc -pdf -pdflatex=$(CMD) -use-make $(DOCNAME).tex
clean:
latexmk -CA
install:
cp $(DOCNAME).pdf ${out}/

11
en-tmpl/README.md Normal file
View File

@ -0,0 +1,11 @@
# pentest-report-tmpl - EN
build the report and start a watcher:
```
nix run .#watch
```
view the PDF located in `.latexmkout/<docname.pdf>`:
```
zathura .latexmkout/report.pdf
```

26
en-tmpl/flake.lock Normal file
View File

@ -0,0 +1,26 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1652555693,
"narHash": "sha256-E2NQyDVOH1eC/GOwf/ZuuhLUwexJJoIZUToFe5PgTHg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2fc228efaf48520896eed71a8109aa6492c72939",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

102
en-tmpl/flake.nix Normal file
View File

@ -0,0 +1,102 @@
{
description = "Pentest template - EN";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
};
outputs =
{ self
, nixpkgs
, ...
}:
let
supportedSystems = [ "x86_64-linux" "x86_64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
documentName = "report";
pname = documentName;
version = "0.0.1";
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlay ];
}
);
in
rec {
formatter = forAllSystems (
system:
nixpkgsFor.${system}.alejandra
);
overlay = final: prev: {
watcher = with final;
pkgs.writeShellScriptBin "watch" ''
out=".latexmkout"
mkdir "$out"
latexmk \
-pvc \
-outdir="$out" \
-pdf \
-pdflatex="pdflatex -synctex=1 -file-line-error -interaction=nonstopmode" \
-use-make "${documentName}.tex"
rm -r "$out"
'';
buildLatex = with final;
pkgs.stdenv.mkDerivation {
inherit pname version;
src = lib.cleanSource ./.;
nativeBuildInputs = with pkgs; [
(texlive.combine {
inherit
(texlive)
scheme-full # needed for authblk
# scheme-medium
multirow
hyperref
fancyhdr
etoolbox
topiclongtable
;
})
gnumake
];
buildPhase = ''
latexmk \
-pdf \
-pdflatex="pdflatex -file-line-error -interaction=nonstopmode" \
-use-make ${documentName}.tex
'';
installPhase = ''
install -Dm444 -t $out ${documentName}.pdf
'';
};
};
packages = forAllSystems (system: {
inherit (nixpkgsFor.${system}) watcher buildLatex;
});
defaultPackage =
forAllSystems (system: self.packages."${system}".buildLatex);
apps = forAllSystems (system: rec {
watch = {
type = "app";
program = "${self.packages."${system}".watcher}/bin/watch";
};
buildLatex = {
type = "app";
program = "${self.packages."${system}".buildLatex}";
};
# default = buildLatex;
default = watch;
});
};
}

7
en-tmpl/meta.sty Normal file
View File

@ -0,0 +1,7 @@
\newcommand{\doctitle}{Pentest report}
\newcommand{\authorname}{Your name}
\newcommand{\company}{Your company}
\newcommand{\taskName}{Your task (scope)}
\newcommand{\subject}{}
\newcommand{\year}{2024}

84
en-tmpl/report.tex Normal file
View File

@ -0,0 +1,84 @@
% vim: tw=0 wrap
\documentclass[12pt,a4paper]{article}
\usepackage{geometry}
\geometry{
a4paper,
top=18mm,
bottom=19mm,
}
\usepackage{lmodern}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[fleqn]{amsmath}
\usepackage{amssymb}
\usepackage{amsfonts}
% \usepackage{fontspec}
% \usefonttheme[onlymath]{serif}
\usepackage{multirow}
\usepackage{graphicx}
\usepackage{textcomp}
\usepackage{hyperref}
\usepackage{etoolbox}
\usepackage{longtable}
\usepackage{meta}
\usepackage[UKenglish]{babel}% http://ctan.org/pkg/babel
\usepackage[UKenglish]{isodate}% http://ctan.org/pkg/isodate
\usepackage[affil-it]{authblk}
\date{\today}
\title{\doctitle{}\\\taskName{}\\\subject{}}
\author[1]{\authorname{}}
\begin{document}
\affil{\company{}}
\maketitle
\pagebreak
\tableofcontents
\pagebreak
\section*{Task}
\newpage
\section{Scope and exceptions}
\newpage
\section{Metodology a classification}
Findings are classified as follows:
\begin{enumerate}
\item \textbf{vulnerability:} a flaw in availability or trust that denies
access to assets for authorized people or processes, allows for privileged
access to assets to unauthorized people or processes, allows unauthorized
people or processes to hide assets or themselves within the scope
\item \textbf{weakness:} a flaw in authentication, process assurance,
resiliency, continuity, that allows unauthorized people or processes to
circumvent security, but is not a vulnerability.
\item \textbf{concern:} a flaw in non-deniability, confidentiality, privacy,
integrity, notifications, that allows unauthorized people or processes to
circumvent security, but is not a weakness exposure: an unjustifiable
action, flaw, or error that provides direct or indirect visibility of
targets or assets within the chosen scope.
\item \textbf{anomaly:} any unidentifiable or unknown element which has not
been controlled and cannot be accounted for in normal operations.
\end{enumerate}
\newpage
\section{Executive summary}
\newpage
\section{Findings}
\subsection{Finding xy}
\subsubsection{Description}
\subsubsection{Clasification}
\subsubsection{Recommendations}
\subsection{Finding z}
\subsubsection{Description}
\subsubsection{Clasification}
\subsubsection{Recommendations}
\end{document}

26
flake.lock Normal file
View File

@ -0,0 +1,26 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1652555693,
"narHash": "sha256-E2NQyDVOH1eC/GOwf/ZuuhLUwexJJoIZUToFe5PgTHg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2fc228efaf48520896eed71a8109aa6492c72939",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

44
flake.nix Normal file
View File

@ -0,0 +1,44 @@
{
description = "Pentest templates";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
};
outputs =
{ self
, nixpkgs
, ...
}:
let
supportedSystems = [ "x86_64-linux" "x86_64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
version = "0.0.1";
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlay ];
}
);
in
rec {
templates = {
report-en = {
path = ./en-tmpl;
description = "A LaTeX pentest report";
};
report-sk = {
path = ./sk-tmpl;
description = "A LaTeX pentest report (in Slovak)";
};
};
formatter = forAllSystems (
system:
nixpkgsFor.${system}.alejandra
);
};
}

1
sk-tmpl/.envrc Normal file
View File

@ -0,0 +1 @@
use flake

2
sk-tmpl/.latexmkrc Normal file
View File

@ -0,0 +1,2 @@
# https://mg.readthedocs.io/latexmk.html#configuration-files
$pdf_previewer = 'zathura';

19
sk-tmpl/Makefile Normal file
View File

@ -0,0 +1,19 @@
DOCNAME=report
CMD="pdflatex -synctex=1 -file-line-error -interaction=nonstopmode"
.PHONY: $(DOCNAME).pdf all clean
all: $(DOCNAME).pdf
$(DOCNAME).pdf: $(DOCNAME).tex
latexmk -pdf -pdflatex=$(CMD) -use-make $(DOCNAME).tex
watch: $(DOCNAME).tex
latexmk -pvc -pdf -pdflatex=$(CMD) -use-make $(DOCNAME).tex
clean:
latexmk -CA
install:
cp $(DOCNAME).pdf ${out}/

11
sk-tmpl/README.md Normal file
View File

@ -0,0 +1,11 @@
# pentest-report-tmpl - SK
build the report and start a watcher:
```
nix run .#watch
```
view the PDF located in `.latexmkout/<docname.pdf>`:
```
zathura .latexmkout/report.pdf
```

26
sk-tmpl/flake.lock Normal file
View File

@ -0,0 +1,26 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1652555693,
"narHash": "sha256-E2NQyDVOH1eC/GOwf/ZuuhLUwexJJoIZUToFe5PgTHg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2fc228efaf48520896eed71a8109aa6492c72939",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

102
sk-tmpl/flake.nix Normal file
View File

@ -0,0 +1,102 @@
{
description = "Pentest template - SK";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
};
outputs =
{ self
, nixpkgs
, ...
}:
let
supportedSystems = [ "x86_64-linux" "x86_64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
documentName = "report";
pname = documentName;
version = "0.0.1";
nixpkgsFor = forAllSystems (
system:
import nixpkgs {
inherit system;
overlays = [ self.overlay ];
}
);
in
rec {
formatter = forAllSystems (
system:
nixpkgsFor.${system}.alejandra
);
overlay = final: prev: {
watcher = with final;
pkgs.writeShellScriptBin "watch" ''
out=".latexmkout"
mkdir "$out"
latexmk \
-pvc \
-outdir="$out" \
-pdf \
-pdflatex="pdflatex -synctex=1 -file-line-error -interaction=nonstopmode" \
-use-make "${documentName}.tex"
rm -r "$out"
'';
buildLatex = with final;
pkgs.stdenv.mkDerivation {
inherit pname version;
src = lib.cleanSource ./.;
nativeBuildInputs = with pkgs; [
(texlive.combine {
inherit
(texlive)
scheme-full # needed for authblk
# scheme-medium
multirow
hyperref
fancyhdr
etoolbox
topiclongtable
;
})
gnumake
];
buildPhase = ''
latexmk \
-pdf \
-pdflatex="pdflatex -file-line-error -interaction=nonstopmode" \
-use-make ${documentName}.tex
'';
installPhase = ''
install -Dm444 -t $out ${documentName}.pdf
'';
};
};
packages = forAllSystems (system: {
inherit (nixpkgsFor.${system}) watcher buildLatex;
});
defaultPackage =
forAllSystems (system: self.packages."${system}".buildLatex);
apps = forAllSystems (system: rec {
watch = {
type = "app";
program = "${self.packages."${system}".watcher}/bin/watch";
};
buildLatex = {
type = "app";
program = "${self.packages."${system}".buildLatex}";
};
# default = buildLatex;
default = watch;
});
};
}

7
sk-tmpl/meta.sty Normal file
View File

@ -0,0 +1,7 @@
\newcommand{\doctitle}{Pentest report}
\newcommand{\authorname}{Tvoje meno}
\newcommand{\company}{Tvoja firma}
\newcommand{\taskName}{Tvoje zadanie (scope)}
\newcommand{\subject}{}
\newcommand{\year}{2024}

75
sk-tmpl/report.tex Normal file
View File

@ -0,0 +1,75 @@
% vim: tw=0 wrap
\documentclass[12pt,a4paper]{article}
\usepackage{geometry}
\geometry{
a4paper,
top=18mm,
bottom=19mm,
}
\usepackage{lmodern}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[fleqn]{amsmath}
\usepackage{amssymb}
\usepackage{amsfonts}
% \usepackage{fontspec}
% \usefonttheme[onlymath]{serif}
\usepackage{multirow}
\usepackage{graphicx}
\usepackage{textcomp}
\usepackage{hyperref}
\usepackage{etoolbox}
\usepackage{longtable}
\usepackage{meta}
\usepackage[slovak]{babel}% http://ctan.org/pkg/babel
\usepackage[slovak]{isodate}% http://ctan.org/pkg/isodate
\usepackage[affil-it]{authblk}
\date{\today}
\title{\doctitle{}\\\taskName{}\\\subject{}}
\author[1]{\authorname{}}
\begin{document}
\affil{\company{}}
\maketitle
\pagebreak
\tableofcontents
\pagebreak
\section{Scope a výnimky}
\newpage
\section{Metodika a stupne klasifikácie}
Findings are classified as follows:
\begin{enumerate}
\item vulnerability: a flaw in availability or trust that
denies access to assets for authorized people or processes,
allows for privileged access to assets to unauthorized people or processes,
allows unauthorized people or processes to hide assets or themselves within the scope
\item weakness: a flaw in authentication, process assurance, resiliency, continuity, that allows unauthorized people or processes to circumvent security, but is not a vulnerability.
\item concern: a flaw in non-deniability, confidentiality, privacy, integrity, notifications, that allows unauthorized people or processes to circumvent security, but is not a weakness
exposure: an unjustifiable action, flaw, or error that provides direct or indirect visibility of targets or assets within the chosen scope.
\item anomaly: any unidentifiable or unknown element which has not been controlled and cannot be accounted for in normal operations.
\end{enumerate}
\newpage
\section{Manažérske zhrnutie}
\newpage
\section{Zistenia}
\subsection{Zistenie xy}
\subsubsection{Popis}
\subsubsection{Klasifikácia}
\subsubsection{Odporúčania}
\subsection{Zistenie z}
\subsubsection{Popis}
\subsubsection{Klasifikácia}
\subsubsection{Odporúčania}
\end{document}